328 lines
13 KiB
HTML
328 lines
13 KiB
HTML
<!--startcut ==========================================================-->
|
||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
|
||
<html> <head>
|
||
<title> The Back Page LG #80</title>
|
||
</head>
|
||
|
||
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#0000AF"
|
||
ALINK="#FF0000">
|
||
|
||
<CENTER>
|
||
<A HREF="http://www.linuxgazette.com/">
|
||
<H1><IMG ALT="LINUX GAZETTE" SRC="../gx/lglogo.png"
|
||
WIDTH="600" HEIGHT="124" border="0"></H1></A>
|
||
|
||
<!-- *** BEGIN navbar *** -->
|
||
<!-- *** END navbar *** -->
|
||
<P>
|
||
</CENTER>
|
||
|
||
<!--endcut ============================================================-->
|
||
|
||
<H4 ALIGN="center">
|
||
"Linux Gazette...<I>making Linux just a little more fun!</I>"
|
||
</H4>
|
||
|
||
<P> <hr> <P>
|
||
|
||
<H1><font color="maroon">The Back Page</font></H1>
|
||
|
||
<ul>
|
||
<li><a HREF="#wacko">Wacko Topic of the Month</a>
|
||
<li><a HREF="#spam">World of Spam</a>
|
||
</ul>
|
||
|
||
|
||
<a name="wacko"></a>
|
||
<P> <hr> <P>
|
||
<!--====================================================================-->
|
||
|
||
<center><H3><font color="maroon">Wacko Topic of the Month</font></H3></center>
|
||
|
||
<P> <HR> <P>
|
||
<!--======================================================================-->
|
||
<P>
|
||
<H3 ALIGN="center"><FONT COLOR="green">SpamAssassin</FONT></H3>
|
||
|
||
<p align="right"><FONT COLOR="#000000"><strong>
|
||
</strong></FONT></p>
|
||
|
||
<P> I installed <A HREF="http://www.spamassassin.org/">SpamAssassin</A> (SA)
|
||
and instantly developed a new pastime. Even funnier than reading spam is
|
||
reading what SA has to say about it. SA is a filter daemon (or standalone
|
||
program) that reads an e-mail message and analyzes it for spam, adding a
|
||
couple headers to give its verdict. If it thinks the message is spam, it also
|
||
puts a "***SPAM***" prefix in the Subject: and adds some structured comments to
|
||
the body saying what's suspicious about the message. Those comments in the
|
||
body are where the funny parts are. SA is so amusing that I've given up my
|
||
two other recent pastimes: collecting Klez worms and Nigeria scams. I just
|
||
/dev/null the Klez worms now.
|
||
|
||
<PRE>
|
||
SPAM: -------------------- Start SpamAssassin results ----------------------
|
||
SPAM: This mail is probably spam. The original message has been altered
|
||
SPAM: so you can recognise or block similar unwanted mail in future.
|
||
SPAM: See http://spamassassin.org/tag/ for more details.
|
||
SPAM:
|
||
SPAM: Content analysis details: (16.2 hits, 5 required)
|
||
SPAM: Hit! (2.2 points) BODY: As seen on national TV!
|
||
SPAM: Hit! (1.5 points) BODY: Asks you to click below
|
||
SPAM: Hit! (0.2 points) BODY: No such thing as a free lunch (1)
|
||
SPAM: Hit! (-0.1 points) BODY: Claims you can be removed from the list
|
||
SPAM: Hit! (2.1 points) BODY: Talks about opting in
|
||
SPAM: Hit! (3.0 points) URI: Uses a dotted-decimal IP address in URL
|
||
SPAM: Hit! (0.1 points) URI: Uses non-standard port number for HTTP
|
||
SPAM: Hit! (3.5 points) URI: URL of page called "remove"
|
||
SPAM: Hit! (-0.8 points) BODY: JavaScript code which can easily be executed
|
||
SPAM: Hit! (-0.5 points) BODY: HTML mail with non-white background
|
||
SPAM: Hit! (1.8 points) BODY: Tells you to click on a URL
|
||
SPAM: Hit! (3.2 points) HTML-only mail, with no text version
|
||
SPAM:
|
||
SPAM: -------------------- End of SpamAssassin results ---------------------
|
||
</PRE>
|
||
|
||
<HR NOSHADE WIDTH="80%"> <!--*********************** -->
|
||
|
||
<PRE>
|
||
SPAM: Hit! (0.6 points) Invalid Date: header (wierd month)
|
||
SPAM: Hit! (0.5 points) BODY: A WHOLE LINE OF YELLING DETECTED
|
||
SPAM: Hit! (3.0 points) URI: Uses a dotted-decimal IP address in URL
|
||
SPAM: Hit! (-0.8 points) BODY: Image tag with an ID code to identify you
|
||
SPAM: Hit! (-0.4 points) BODY: Contains a line >=199 characters long
|
||
SPAM: Hit! (1.8 points) BODY: Tells you to click on a URL
|
||
SPAM: Hit! (3.2 points) HTML-only mail, with no text version
|
||
SPAM: Hit! (2.0 points) Received via a relay in relays.osirusoft.com
|
||
SPAM: [RBL check: found 148.167.27.64.relays.osirusoft.com., type: 127.0.0.4]
|
||
SPAM: Hit! (3.0 points) DNSBL: sender is Confirmed Spam Source
|
||
</PRE>
|
||
|
||
<HR NOSHADE WIDTH="80%"> <!--*********************** -->
|
||
|
||
<PRE>
|
||
SPAM: Hit! (1.0 point) From: ends in numbers
|
||
SPAM: Hit! (0.5 points) Subject has an exclamation mark
|
||
SPAM: Hit! (0.4 points) Subject has lots of exclamation marks
|
||
SPAM: Hit! (-0.5 points) BODY: Contains 'Dear Somebody'
|
||
SPAM: Hit! (2.7 points) BODY: Nigerian scam key phrase ($NN,NNN,NNN.NN)
|
||
SPAM: Hit! (2.4 points) BODY: Nigerian scam key phrase
|
||
SPAM: Hit! (4.3 points) BODY: Nigerian Bank or Petroleum scam, cf http://www.snopes2.com/inboxer/scams/nigeria.htm
|
||
SPAM: Hit! (2.2 points) BODY: Risk free. Suuurreeee....
|
||
SPAM: Hit! (-0.4 points) BODY: Contains a line >=199 characters long
|
||
</PRE>
|
||
|
||
<HR NOSHADE WIDTH="80%"> <!--*********************** -->
|
||
|
||
<PRE>
|
||
SPAM: Hit! (4.3 points) Reply-To: is empty
|
||
SPAM: Hit! (2.4 points) 'Message-Id' was added by a relay (2)
|
||
SPAM: Hit! (2.2 points) From: has a malformed address
|
||
SPAM: Hit! (1.5 points) Message-Id is not valid, according to RFC-2822
|
||
SPAM: Hit! (1.3 points) Message-Id has no @ sign
|
||
SPAM: Hit! (0.5 points) Possibly-forged 'Received:' header found
|
||
SPAM: Hit! (2.1 points) BODY: FONT Size +2 and up or 3 and up
|
||
SPAM: Hit! (3.2 points) HTML-only mail, with no text version
|
||
</PRE>
|
||
|
||
<HR NOSHADE WIDTH="80%"> <!--*********************** -->
|
||
|
||
<PRE>
|
||
SPAM: Hit! (1.0 point) From: ends in numbers
|
||
SPAM: Hit! (0.5 points) Subject has an exclamation mark
|
||
SPAM: Hit! (0.4 points) Subject has lots of exclamation marks
|
||
SPAM: Hit! (0.9 points) URI: Filename is just a '\#'; probably a JS trick
|
||
SPAM: Hit! (-0.8 points) BODY: JavaScript code which can easily be executed
|
||
SPAM: Hit! (0.0 points) BODY: Includes a URL link to send an email
|
||
SPAM: Hit! (3.2 points) HTML-only mail, with no text version
|
||
SPAM: Hit! (1.9 points) Subject is all capitals
|
||
</PRE>
|
||
|
||
<HR NOSHADE WIDTH="80%"> <!--*********************** -->
|
||
|
||
<PRE>
|
||
SPAM: Content analysis details: (6.2 hits, 5 required)
|
||
SPAM: Hit! (1.1 points) BODY: Contains a large block of hexadecimal code
|
||
SPAM: Hit! (-0.6 points) BODY: Frame wanted to load outside URL
|
||
SPAM: Hit! (1.8 points) No MX records for the From: domain
|
||
SPAM: Hit! (1.9 points) Subject is all capitals
|
||
SPAM: Hit! (2.0 points) Subject contains a unique ID number
|
||
</PRE>
|
||
|
||
<HR NOSHADE WIDTH="80%"> <!--*********************** -->
|
||
|
||
<PRE>
|
||
SPAM: Content analysis details: (10.1 hits, 5 required)
|
||
SPAM: Hit! (1.2 points) Valid-looking To "undisclosed-recipients"
|
||
SPAM: Hit! (0.5 points) Subject has an exclamation mark
|
||
SPAM: Hit! (0.4 points) Subject has lots of exclamation marks
|
||
SPAM: Hit! (0.2 points) BODY: Contains at least 3 dollar signs in a row
|
||
SPAM: Hit! (0.2 points) BODY: No such thing as a free lunch (1)
|
||
SPAM: Hit! (2.3 points) BODY: List removal information
|
||
SPAM: Hit! (1.9 points) BODY: List removal information
|
||
SPAM: Hit! (1.0 point) BODY: No such thing as a free lunch (3)
|
||
SPAM: Hit! (0.5 points) Forged hotmail.com 'Received:' header found
|
||
SPAM: Hit! (1.9 points) Subject is all capitals
|
||
</PRE>
|
||
|
||
<HR NOSHADE WIDTH="80%"> <!--*********************** -->
|
||
|
||
<PRE>
|
||
SPAM: Content analysis details: (12.6 hits, 5 required)
|
||
SPAM: Hit! (2.0 points) From: contains numbers mixed in with letters
|
||
SPAM: Hit! (1.0 point) From: ends in numbers
|
||
SPAM: Hit! (0.6 points) From: does not include a real name
|
||
SPAM: Hit! (2.7 points) BODY: Claims you can be removed from the list
|
||
SPAM: Hit! (1.9 points) BODY: List removal information
|
||
SPAM: Hit! (0.1 points) BODY: List removal information
|
||
SPAM: Hit! (1.3 points) URI: Includes a link to a likely spammer email address
|
||
SPAM: Hit! (-0.4 points) BODY: Contains a line >=199 characters long
|
||
SPAM: Hit! (0.5 points) Forged hotmail.com 'Received:' header found
|
||
SPAM: Hit! (1.0 point) Received via a relay in orbs.dorkslayers.com
|
||
SPAM: [RBL check: found 17.98.187.210.orbs.dorkslayers.com.]
|
||
SPAM: Hit! (1.9 points) Subject is all capitals
|
||
</PRE>
|
||
|
||
|
||
|
||
|
||
|
||
<a name="spam"></a>
|
||
<P> <hr> <P>
|
||
<!--====================================================================-->
|
||
|
||
<center><H3><font color="maroon">World of Spam</font></H3></center>
|
||
|
||
<P> <HR> <P>
|
||
<!--======================================================================-->
|
||
<P>
|
||
|
||
Well well well well well, I <EM>do</EM> declare. What's the most interesting
|
||
piece of spam this month? Tsk, tsk. (For background info about this company,
|
||
see the News Bytes column in LG #71-76.)
|
||
|
||
<PRE>
|
||
From: "ElcomSoft, Inc" <elcomsoft@filedistributor.com>
|
||
To: Webmaster <gazette@ssc.com.SMTP.gazette@ssc.com>
|
||
Date: Thu, 16 May 2002 20:24:52 +0800
|
||
Subject: Request Review for Advanced PDF Password Recovery Pro 2.0
|
||
|
||
Dear Webmaster
|
||
|
||
Our company, ElcomSoft Co. Ltd., would like to announce the release of Advanced
|
||
PDF Password Recovery Pro 2.0 for Windows 95/98/ME/NT/2000/XP. We hope you will
|
||
consider reviewing Advanced PDF Password Recovery Pro (APDFPR) for Linux Gazette.
|
||
Should you need a full version for<6F>review, please contact me at info@elcomsoft.com.
|
||
Please find the press release of Advanced PDF Password Recovery Pro below for
|
||
your information.
|
||
|
||
Warmest Regards,
|
||
|
||
Dmitry Harchenko
|
||
Marketing Manager
|
||
ElcomSoft Co. Ltd.
|
||
|
||
--------------------------------------------------------------------------------
|
||
|
||
FOR IMMEDIATE RELEASE - May 17, 2002
|
||
|
||
ElcomSoft Releases Advanced PDF Password Recovery Pro 2.0 for Windows 9x/ME/NT/2000/XP
|
||
Gain Control of PDF Files
|
||
|
||
Moscow, Russia - ElcomSoft Co. Ltd. has released Advanced PDF Password Recovery
|
||
(Professional) 2.0 for Windows ME/98/95/NT4/2000/XP. This program makes it easy
|
||
to remove both password encryption and usage restrictions from Adobe Acrobat
|
||
PDF files. APDFPR now comes with multiprocessor support, guaranteed recovery
|
||
and state-of-the-art optimization for modern processors.
|
||
|
||
With the increasing popularity of PDF formatted file, comes increasing number
|
||
of problems which occur when authors forget the passwords to their source documents.
|
||
ElcomSoft has revised version 2.0 of its Advanced PDF Password Recovery (Professional)
|
||
software to allow the seemingly impossible recovery of password for these documents.
|
||
This software package handles both owner and user passwords used to protect PDF
|
||
documents. The latest addition to ElcomSoft's family of password recovery software
|
||
allows business managers to recover lost and destroyed passwords. It also helps
|
||
in dealing with employees who, intentionally or unintentionally, are unable to
|
||
edit and print password-protected PDF files.<2E>
|
||
|
||
Finally, APDFPR is also a state-of-the-art computer forensics tool that could
|
||
be used by law enforcement, military and intelligence agencies to open secure
|
||
documents. PDF documents protected with access restrictions password can be decrypted
|
||
instantly, allowing full access to the document. For documents with "user" passwords
|
||
(that could not be opened without that password), the program blazes through
|
||
brute-force password attempts at a rate of a few hundred thousand passwords per
|
||
seconds! The code has been effectively optimized for most CPUs such as Celeron,
|
||
Pentium II, Pentium III, Duron and Athlon. More sophisticated methods are available,
|
||
such as applying all words from a dictionary. ElcomSoft's website has dictionaries
|
||
for more than 20 different languages, from English to African.
|
||
|
||
Even if the above methods fail because the password is too long and complex,
|
||
the program runs a special key search attack which gives a 100% success rate
|
||
on files with 40-bit encryption (used in all Adobe Acrobat 4 and most Acrobat
|
||
5 files). This may take some time to run, but is well worth the time if your
|
||
document is very important. If you have a dual processor system, APDFPR takes
|
||
advantage of it to double the performance of this software. On modern systems
|
||
with Athlon MP CPUs, the document can be recovered in maximum 4 days, regardless
|
||
of the password length and complexity!
|
||
|
||
|
||
System Requirements
|
||
Win 95/98/Me/NT/2000/XP, 600K free on Hard Disk.
|
||
|
||
Price
|
||
Standard Edition costs $30, Professional Edition costs $60; free trial version
|
||
is available.<2E>
|
||
|
||
About the Company
|
||
Established in 1990, ElcomSoft Co.Ltd. provides state-of-the-art computer forensics
|
||
tool development, computer forensics training and computer evidence consulting;
|
||
not only to individuals, but also to law enforcement, military and intelligence
|
||
agencies worldwide since 1997. ElcomSoft tools are also used by most of Fortune
|
||
500 corporations, many branches of the military departments all over the world,
|
||
foreign governments and all major accounting firms.
|
||
|
||
ElcomSoft Co.Ltd. and its officers are members of the Association of Shareware
|
||
Professionals (ASP), the Russian Cryptology Association, and the Microsoft Business
|
||
Connection program.
|
||
|
||
|
||
More Information
|
||
Please visit the program's homepage at
|
||
<A HREF="http://pdf.elcomsoft.com">http://pdf.elcomsoft.com</A>.
|
||
</PRE>
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<HR> <!-- ************************************************************** -->
|
||
|
||
<P> Happy Linuxing!
|
||
|
||
<P> Mike ("Iron") Orr<br>
|
||
Editor, <A HREF="http://www.linuxgazette.com/"><i>Linux Gazette</i></A>, <A
|
||
HREF="mailto:gazette@ssc.com">gazette@ssc.com</a>
|
||
<BR CLEAR="all">
|
||
|
||
<!-- *** END Not Linux *** -->
|
||
|
||
<!-- *** BEGIN copyright *** -->
|
||
<P> <hr> <P>
|
||
<H5 ALIGN=center>
|
||
Copyright © 2002, the Editors of <I>Linux Gazette</I>.<BR>
|
||
Copying license <A HREF="../copying.html">http://www.linuxgazette.com/copying.html</A><BR>
|
||
Published in Issue 80 of <i>Linux Gazette</i>, July 2002</H5>
|
||
<!-- *** END copyright *** -->
|
||
|
||
<!-- startcut ============================================================-->
|
||
<CENTER>
|
||
<!-- *** BEGIN navbar *** -->
|
||
<!-- *** END navbar *** -->
|
||
</CENTER>
|
||
<!-- endcut ============================================================-->
|
||
|
||
</BODY></HTML>
|