Re: Very Dangerous post

Discussion in 'Computer Security' started by ~BD~, Jan 22, 2010.

  1. ~BD~

    ~BD~ Guest

    This was posted to the group (homeusers) using news.btinternet.com but
    it doesn't show up on msnews.microsoft.com

    Why might that be?


    Path:
    border1.nntp.ams.giganews.com!border2.nntp.ams.giganews.com!feeder1.cambriumusenet.nl!feed.tweaknews.nl!209.197.12.242.MISMATCH!nx01.iad01.newshosting.com!newshosting.com!69.16.185.16.MISMATCH!npeer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!border1.nntp.dca.giganews.com!nntp.giganews.com!local2.nntp.dca.giganews.com!nntp.bt.com!news.bt.com.POSTED!not-for-mail
    NNTP-Posting-Date: Fri, 22 Jan 2010 08:16:10 -0600
    Date: Fri, 22 Jan 2010 14:16:10 +0000
    From: ~BD~ <""BoaterDave\"@@hotmail.co.uk">
    User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
    rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1
    MIME-Version: 1.0
    Newsgroups: microsoft.public.security.homeusers
    Subject: Re: Very Dangerous post
    References: <>
    <Or$>
    <>
    <>
    <O9#>
    <>
    <#r8M$>
    <>
    <>
    <Ozdmk$>
    In-Reply-To: <Ozdmk$>
    Content-Type: text/plain; charset=ISO-8859-1; format=flowed
    Content-Transfer-Encoding: 7bit
    Message-ID: <>
    Lines: 118
    X-Usenet-Provider: http://www.giganews.com
    X-AuthenticatedUsername: NoAuthUser
    X-Trace:
    sv3-OpEItIWfwlsx0Z9wEPLbbKyTXqp4qOH9A+cSX1vfqMmJnco7ZT0zgpFX3BRECRBi8gmsHS85LajiZMd!AqVG4YvseFC1WGzMfGF2mCtWXNKQmrEqSUCfQ1/LpOqgB+UcrJvfif6/nKMhPrIwPEwvEEm+FzAv
    X-Complaints-To:
    X-DMCA-Complaints-To:
    X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
    X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your
    complaint properly
    X-Postfilter: 1.3.40
    Bytes: 5068
    X-Original-Bytes: 5014



    BT offers. literally, hundreds of 'microsoft.public' newsgroups.

    Which newsgroups do you think Microsoft may have removed? (and removed
    from where?)

    These groups are available which mention Windows 7:-

    it.comp.os.win.windows7

    microsoft.public.it.windows7

    alt.windows7.general

    --
    Dave (Sometimes man stumbles over the truth ...... Sir Winston Churchill)
     
    ~BD~, Jan 22, 2010
    #1
    1. Advertising

  2. ~BD~

    Mike Easter Guest

    Posted to a.c.s only
    ~BD~ wrote:
    > This was posted to the group (homeusers) using news.btinternet.com but
    > it doesn't show up on msnews.microsoft.com
    >
    > Why might that be?


    Path below edited by spacing bangs for wrapping.

    > Path: border1.nntp.ams.giganews.com! border2.nntp.ams.giganews.com! feeder1.cambriumusenet.nl! feed.tweaknews.nl! 209.197.12.242.MISMATCH! nx01.iad01.newshosting.com! newshosting.com! 69.16.185.16.MISMATCH! npeer02.iad.highwinds-media.com! news.highwinds-media.com! feed-me.highwinds-media.com! border1.nntp.dca.giganews.com! nntp.giganews.com! local2.nntp.dca.giganews.com! nntp.bt.com! news.bt.com.POSTED! not-for-mail


    > Message-ID: <>


    Every newsserver has its own style of feeds and administration which
    includes such as cleanfeed and NoCeUm methods for filtering or
    autodeleting or cancelling.

    The message in question appeared on NIN news.individual.net. If you
    acquire enough news server accounts, you can do an assessment of how
    many got the message and how many didn't.

    Your path shows that you posted the message via the bt news server and
    it propagated to bt's outsourced giganews and then via a big newshosting
    outfit with highwinds and then to tweaknews and cambriumusenet.nl and
    back to you via the giganews server.

    My path (bangs spaced)...

    Path: uni-berlin.de!fu-berlin.de! news.glorb.com!
    npeer02.iad.highwinds-media.com! news.highwinds-media.com!
    feed-me.highwinds-media.com! Xl.tags.giganews.com!
    border1.nntp.dca.giganews.com! nntp.giganews.com!
    local2.nntp.dca.giganews.com! nntp.bt.com! news.bt.com.POSTED! not-for-mail
    NNTP-Post

    .... shows your insertion propagating to giga and highwinds (as yours
    did) and thence to glorb and NIN.

    Howard Knight's tool doesn't show the complete path, just your insertion.

    Google's archive, which MID search tool is largely deprecated, works on
    this MID to show:

    Path: g2news1.google.com! news1.google.com! Xl.tags.giganews.com!
    border1.nntp.dca.giganews.com! nntp.giganews.com!
    local2.nntp.dca.giganews.com! nntp.bt.com!news.bt.com.POSTED! not-for-mail

    ....your insertion bt > giga > google.

    None of those propagations involve anything about the msnews newsserver.

    If your question is actually about how and why the msnews newsserver is
    admin'ed in the way it is, you would have to take that up with someone
    who knows. Apparently the previous admins don't do that now.


    --
    Mike Easter
     
    Mike Easter, Jan 23, 2010
    #2
    1. Advertising

  3. From: "Mike Easter" <>

    | Posted to a.c.s only
    | ~BD~ wrote:
    >> This was posted to the group (homeusers) using news.btinternet.com but
    >> it doesn't show up on msnews.microsoft.com


    >> Why might that be?


    | Path below edited by spacing bangs for wrapping.

    >> Path: border1.nntp.ams.giganews.com! border2.nntp.ams.giganews.com!
    >> feeder1.cambriumusenet.nl! feed.tweaknews.nl! 209.197.12.242.MISMATCH!
    >> nx01.iad01.newshosting.com! newshosting.com! 69.16.185.16.MISMATCH!
    >> npeer02.iad.highwinds-media.com! news.highwinds-media.com!
    >> feed-me.highwinds-media.com! border1.nntp.dca.giganews.com! nntp.giganews.com!
    >> local2.nntp.dca.giganews.com! nntp.bt.com! news.bt.com.POSTED! not-for-mail


    >> Message-ID: <>


    | Every newsserver has its own style of feeds and administration which
    | includes such as cleanfeed and NoCeUm methods for filtering or
    | autodeleting or cancelling.

    | The message in question appeared on NIN news.individual.net. If you
    | acquire enough news server accounts, you can do an assessment of how
    | many got the message and how many didn't.

    | Your path shows that you posted the message via the bt news server and
    | it propagated to bt's outsourced giganews and then via a big newshosting
    | outfit with highwinds and then to tweaknews and cambriumusenet.nl and
    | back to you via the giganews server.

    | My path (bangs spaced)...

    | Path: uni-berlin.de!fu-berlin.de! news.glorb.com!
    | npeer02.iad.highwinds-media.com! news.highwinds-media.com!
    | feed-me.highwinds-media.com! Xl.tags.giganews.com!
    | border1.nntp.dca.giganews.com! nntp.giganews.com!
    | local2.nntp.dca.giganews.com! nntp.bt.com! news.bt.com.POSTED! not-for-mail
    | NNTP-Post

    | ... shows your insertion propagating to giga and highwinds (as yours
    | did) and thence to glorb and NIN.

    | Howard Knight's tool doesn't show the complete path, just your insertion.

    | Google's archive, which MID search tool is largely deprecated, works on
    | this MID to show:

    | Path: g2news1.google.com! news1.google.com! Xl.tags.giganews.com!
    | border1.nntp.dca.giganews.com! nntp.giganews.com!
    | local2.nntp.dca.giganews.com! nntp.bt.com!news.bt.com.POSTED! not-for-mail

    | ...your insertion bt > giga > google.

    | None of those propagations involve anything about the msnews newsserver.

    | If your question is actually about how and why the msnews newsserver is
    | admin'ed in the way it is, you would have to take that up with someone
    | who knows. Apparently the previous admins don't do that now.


    The answer is relatively simple. Filters on the MS New Server do NOT like the alt.*
    hierarchy.
    Thus the news group... alt.windows7.general
    Was most likely the trigger that casued the post to be blocked from being posted.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Jan 23, 2010
    #3
  4. ~BD~

    Mike Easter Guest

    David H. Lipman wrote:
    > "Mike Easter"


    > | If your question is actually about how and why the msnews newsserver is
    > | admin'ed in the way it is, you would have to take that up with someone
    > | who knows. Apparently the previous admins don't do that now.
    >
    >
    > The answer is relatively simple. Filters on the MS New Server do NOT like the alt.*
    > hierarchy.
    > Thus the news group... alt.windows7.general
    > Was most likely the trigger that casued the post to be blocked from being posted.


    Such a filter would be really weird and inappropriate and tending toward
    reckless behavior.

    Are you suggesting that you think that the msnews filter would filter
    your post and this one of mine?


    --
    Mike Easter
     
    Mike Easter, Jan 23, 2010
    #4
  5. From: "Mike Easter" <>

    | David H. Lipman wrote:
    >> "Mike Easter"


    >> | If your question is actually about how and why the msnews newsserver is
    >> | admin'ed in the way it is, you would have to take that up with someone
    >> | who knows. Apparently the previous admins don't do that now.



    >> The answer is relatively simple. Filters on the MS New Server do NOT like the alt.*
    >> hierarchy.
    >> Thus the news group... alt.windows7.general
    >> Was most likely the trigger that casued the post to be blocked from being posted.


    | Such a filter would be really weird and inappropriate and tending toward
    | reckless behavior.

    | Are you suggesting that you think that the msnews filter would filter
    | your post and this one of mine?


    Well if it was x-posted from Usenet at large to the MS News Server, yes.

    For example a post made from usenet at large via...
    alt.comp.virus,alt.comp.anti-virus,microsoft.public.security.virus

    Would NOT be found on the MS News Server in the microsoft.public.security.virus group.

    Likewise I have posted to the MS News Server and have suggested the use of alt.comp.virus
    & alt.comp.anti-virus and the posts get blocked.
    However if I obfuscate it as; alt. comp.virus & alt. comp.anti-virus the post will go
    through and not be blocked.

    I don't know all the 'rules' applied but there is indeed much rules based filtering on the
    Microsoft News server.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Jan 23, 2010
    #5
  6. ~BD~

    Mike Easter Guest

    David H. Lipman wrote:
    > "Mike Easter"
    > | David H. Lipman wrote:


    >>> Filters on the MS New Server do NOT like the alt.*
    >>> hierarchy.
    >>> Thus the news group... alt.windows7.general
    >>> Was most likely the trigger that casued the post to be blocked from being posted.

    >
    > | Such a filter would be really weird and inappropriate and tending toward
    > | reckless behavior.
    >
    > | Are you suggesting that you think that the msnews filter would filter
    > | your post and this one of mine?
    >
    >
    > Well if it was x-posted from Usenet at large to the MS News Server, yes.


    Let's be clear that we are talking about such a string occurring in the
    body, not crossposted with alt groups in the Newsgroups line.

    > For example a post made from usenet at large via...
    > alt.comp.virus,alt.comp.anti-virus,microsoft.public.security.virus
    >
    > Would NOT be found on the MS News Server in the microsoft.public.security.virus group.


    Those lines are saying crossposted; not about the body only.

    > Likewise I have posted to the MS News Server and have suggested the use of alt.comp.virus
    > & alt.comp.anti-virus and the posts get blocked.


    Those lines appear to be saying in the body only.

    > However if I obfuscate it as; alt. comp.virus & alt. comp.anti-virus the post will go
    > through and not be blocked.


    Obfuscated body string works.

    > I don't know all the 'rules' applied but there is indeed much rules based filtering on the
    > Microsoft News server.


    My limited observation shows it to appear to have been a poorly admin/ed
    newsserver in the past - notwithstanding whether or not some of your
    friends may have been involved with its admin.

    Trying to automoderate a news server which is feeding and being fed by
    news servers worldwide is a whacky idea.

    The perils of trying to have a news server integrated with a web system
    are also well established and practically impossible to solve smoothly.


    --
    Mike Easter
     
    Mike Easter, Jan 23, 2010
    #6
  7. From: "Mike Easter" <>

    | David H. Lipman wrote:
    >> "Mike Easter"
    >> | David H. Lipman wrote:


    >>>> Filters on the MS New Server do NOT like the alt.*
    >>>> hierarchy.
    >>>> Thus the news group... alt.windows7.general
    >>>> Was most likely the trigger that casued the post to be blocked from being posted.


    >> | Such a filter would be really weird and inappropriate and tending toward
    >> | reckless behavior.


    >> | Are you suggesting that you think that the msnews filter would filter
    >> | your post and this one of mine?



    >> Well if it was x-posted from Usenet at large to the MS News Server, yes.


    | Let's be clear that we are talking about such a string occurring in the
    | body, not crossposted with alt groups in the Newsgroups line.

    >> For example a post made from usenet at large via...
    >> alt.comp.virus,alt.comp.anti-virus,microsoft.public.security.virus


    >> Would NOT be found on the MS News Server in the microsoft.public.security.virus
    >> group.


    | Those lines are saying crossposted; not about the body only.

    >> Likewise I have posted to the MS News Server and have suggested the use of
    >> alt.comp.virus
    >> & alt.comp.anti-virus and the posts get blocked.


    | Those lines appear to be saying in the body only.

    >> However if I obfuscate it as; alt. comp.virus & alt. comp.anti-virus the post will
    >> go
    >> through and not be blocked.


    | Obfuscated body string works.

    >> I don't know all the 'rules' applied but there is indeed much rules based filtering on
    >> the
    >> Microsoft News server.


    | My limited observation shows it to appear to have been a poorly admin/ed
    | newsserver in the past - notwithstanding whether or not some of your
    | friends may have been involved with its admin.

    | Trying to automoderate a news server which is feeding and being fed by
    | news servers worldwide is a whacky idea.

    | The perils of trying to have a news server integrated with a web system
    | are also well established and practically impossible to solve smoothly.


    Go back to the thread that started this all.

    You will see that I posted comments concerning two MS News Server admins, D. Hite and J.
    Eddy and I posted it through the Microsoft News Server and via GigaNews.

    You won't find those articles on the MS News server but they exist on Usenet at large. I
    don't know what strings hit their filters. Maybe the past news server admin names ? Too
    much 'insider' information ? I don't know. However it does prove my point.


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Jan 23, 2010
    #7
  8. ~BD~

    Jim Watt Guest

    On Sat, 23 Jan 2010 08:55:27 -0800, Mike Easter <>
    wrote:


    >Are you suggesting that you think that the msnews filter would filter
    >your post and this one of mine?


    Its a tactic to reduce spam to filter out messages posted to
    a number of groups. Personally I normally only ever post to
    one at a time and trim the headers accordingly.

    Its considered bad practice to post to more than four.

    But newsgroups, despite their advantages are in decline
    which is a pity as they offer a wider audience than forums.

    Google really screwed it up by introducing 'google groups'
    rather than just keeping a newsgroup archive.

    --
    Jim Watt
    http://www.gibnet.com
     
    Jim Watt, Jan 23, 2010
    #8
  9. From: "Jim Watt" <_way>

    | On Sat, 23 Jan 2010 08:55:27 -0800, Mike Easter <>
    | wrote:


    >>Are you suggesting that you think that the msnews filter would filter
    >>your post and this one of mine?


    | Its a tactic to reduce spam to filter out messages posted to
    | a number of groups. Personally I normally only ever post to
    | one at a time and trim the headers accordingly.

    | Its considered bad practice to post to more than four.

    | But newsgroups, despite their advantages are in decline
    | which is a pity as they offer a wider audience than forums.

    | Google really screwed it up by introducing 'google groups'
    | rather than just keeping a newsgroup archive.

    I agree with that statement.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
     
    David H. Lipman, Jan 24, 2010
    #9
  10. In alt.computer.security, ~BD~ stupidly cross-posted:

    > Methinks Peter Foldes was crying wolf once too often!


    Methinks BoaterDave has run out of his anti-paranoia medicine.

    Again.

    --
    -bts
    -Four wheels carry the body; two wheels move the soul
     
    Beauregard T. Shagnasty, Jan 24, 2010
    #10
  11. ~BD~

    Mike Easter Guest

    Jim Watt wrote:
    > Mike Easter
    >
    >> Are you suggesting that you think that the msnews filter would filter
    >> your post and this one of mine?

    >
    > Its a tactic to reduce spam to filter out messages posted to
    > a number of groups.


    The statement of mine that you are citing was specifically about
    filtering out a message because its *body* contained the string
    alt.windows7.general, not anything about crossposting to more than one
    group.

    That difference, body string vs Newsgroups content was emphasized and
    distinguished at some length in a subsequent exchange between DHL and I
    just after the message you cite.

    Neither DHL's nor my message were crossposted to any other groups.

    > --
    > Jim Watt
    > http://www.gibnet.com


    Your sig delimiter is missing its required trailing space. It should be
    dash dash space.


    --
    Mike Easter
     
    Mike Easter, Jan 24, 2010
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Simon Telrenner
    Replies:
    2
    Views:
    482
    Ted Mittelstaedt
    Oct 16, 2003
  2. =?Windows-1252?Q?Frisbee=AE?=

    Re: PC use is dangerous

    =?Windows-1252?Q?Frisbee=AE?=, Jul 22, 2004, in forum: MCSE
    Replies:
    0
    Views:
    444
    =?Windows-1252?Q?Frisbee=AE?=
    Jul 22, 2004
  3. Thomas Reed

    Quick Book file access very very very slow

    Thomas Reed, Apr 9, 2004, in forum: Computer Support
    Replies:
    7
    Views:
    799
    Palindrome
    Apr 9, 2004
  4. Radium

    DIRT Trojan is very dangerous

    Radium, Apr 20, 2007, in forum: Computer Support
    Replies:
    11
    Views:
    785
    WhzzKdd
    Apr 20, 2007
  5. Beauregard T. Shagnasty

    Re: Very Dangerous post

    Beauregard T. Shagnasty, Jan 24, 2010, in forum: Computer Support
    Replies:
    0
    Views:
    391
    Beauregard T. Shagnasty
    Jan 24, 2010
Loading...

Share This Page