You Are Not Safe........

[ironmaster]

George, I'm not explaining myself well, apparently. I am getting email to [email protected]. In the body of the message is the greeting "DEAR **** ******. My real name! So however this is happening, our screen name and real identity are known to the sender. Elitemail can not be secure if this is happening.
I'm forwarding a copy to you.

 

[Wrongun]

George.......forget that johnboy stuff.....that isn't the problem, has nothing to do with anything for christ sakes.
We are getting Elitemail email that addresses us by our real name. Like "Dear **** ****** and then a blank message box. I have never used anything but my screen name at elite except when BUYING something from you. This could only come from your database of people that pay for things like platinum and use credit cards, checks, etc.
You've been hacked, or worse!

I agree Bro and George this is the question that really needs answering

Wrongun!

 

[George Spellwin]

Ok, thanks, I understand what is going on now. I appreciate WizDumb and you sending me the messages.

The server that sends out the weekly newsletter had a problem. It is supposed to send a message from [email protected] and the message is supposed to say:

Dear George (for example)

Here is an article on ALA ...

I think there are two problems with what is being sent. It should look like it is coming from [email protected] -- because it is coming from us. And it should obviously have the message in the email. It looks like you are not getting the message part.

No wonder you were confused and upset -- I know I would be too. I will have our tech person get right on it so that your Elite Fitness News looks like it should.

Does this make sense?

 

[Canuck4]

Heres one I just got. Subject is honey.
Sender is [email protected]

Return-Path: <[email protected]>
X-Sieve: cmu-sieve 2.0
Return-Path: <[email protected]>
Received: from smtp3.hushmail.com (smtp3.hushmail.com [64.40.111.33])
by plimap1.hushmail.com (Postfix) with ESMTP id 38FBC79090
for <[email protected]>; Fri, 27 Sep 2002 03:06:00 -0700 (PDT)
Received: from out017.verizon.net (out017pub.verizon.net [206.46.170.94])
by smtp3.hushmail.com (Postfix) with ESMTP id 8F1935AA2
for <[email protected]>; Fri, 27 Sep 2002 03:12:25 -0700 (PDT)
Received: from Pbnfefny ([216.222.78.159]) by out017.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with SMTP
id <20020927101157.VUVP6394.out017.verizon.net@Pbnfefny>
for <[email protected]>; Fri, 27 Sep 2002 05:11:57 -0500
From: sd23bb <[email protected]>
To: [email protected]
Subject: Honey
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Wl8VP60a1wt34HaD1TrDY849T33zp60
Message-Id: <20020927101157.VUVP6394.out017.verizon.net@Pbnfefny>
Date: Fri, 27 Sep 2002 05:12:25 -0500

<HTML><HEAD></HEAD><BODY>
<iframe src=cid:HT8no9h3EtW height=0 width=0>
</iframe>
<FONT></FONT></BODY></HTML>

 

[Canuck4]

And one more with an attached virus.
Subject: A new website.
Sender [email protected]

<HTML><HEAD></HEAD><BODY>
<iframe src=cid:SfA7A14PFiTwbEr0 height=0 width=0>
</iframe>
<FONT>Hello,This is a very new website<br>
I hope you would like it.</FONT></BODY></HTML>


Return-Path: <[email protected]>
X-Sieve: cmu-sieve 2.0
Return-Path: <[email protected]>
Received: from smtp3.hushmail.com (smtp3.hushmail.com [64.40.111.33])
by plimap1.hushmail.com (Postfix) with ESMTP id 8913311D37
for <[email protected]>; Fri, 27 Sep 2002 00:39:23 -0700 (PDT)
Received: from out018.verizon.net (out018pub.verizon.net [206.46.170.96])
by smtp3.hushmail.com (Postfix) with ESMTP id B217C5B4C
for <[email protected]>; Fri, 27 Sep 2002 00:45:48 -0700 (PDT)
Received: from Vlcvqeg ([67.82.37.102]) by out018.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with SMTP
id <20020927074546.VKAO16391.out018.verizon.net@Vlcvqeg>
for <[email protected]>; Fri, 27 Sep 2002 02:45:46 -0500
From: albumreviews <[email protected]>
To: [email protected]
Subject: A new website
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=BqZPtFUY00xo
Message-Id: <20020927074546.VKAO16391.out018.verizon.net@Vlcvqeg>
Date: Fri, 27 Sep 2002 02:45:47 -0500

<HTML><HEAD></HEAD><BODY>
<iframe src=cid:SfA7A14PFiTwbEr0 height=0 width=0>
</iframe>
<FONT>Hello,This is a very new website<br>
I hope you would like it.</FONT></BODY></HTML>

 

[Zyglamail]

I had an email returned undeliverable yesterday that was supposedly sent from my account to an insecure account (which I don't do). How this was sent is a mystery to me???

I dont have any info on ironmasters claims, but it sure makes you wonder.

As far as you guys getting returned mail, this has been covered here weekly for months now. There is a virus going around called the "klez" and when it infects a system it sends itself out to any mail addy it can find on the system that is infected. The difference between the klez and most that do this is the klez spoofs the return addy (ie "From" field) in the mail making the receiveing system think its comming from someplace it is not. Often times the addy used as the "from" address is a random addy pulled of the infected system.

Now to give a better example since so many people seem to not understand, lets say I have john doe and jane doe in my address book and I get infected with the klez. The klez will take control of my mail client and send itself out to everyone in your address book so it sends itself to jane doe, however it replaces the "from" address that would normally be me with the address of john doe. Now if for some reason the mail could not be delivered to jane doe, the mail server would bounce the mail or send an error to john doe because the "from" field was spoofed to make it look like it came from him, even though it really came from me.

These are not problems with elite mail or any mail host at all, they are simply routing mail as the mail header states. The real culprit is the klez virus.

I for one highly recommend every head over to symantecs web site and run the online virus checker. Here is a link.

http://security1.norton.com/ssc/home.asp?j=1&langid=us&venid=sym&plfid=20&pkj=UOEEOQCCXFXEDECTVRH

Select the "scan for virus" link in center of the page.

 

[C-Steele]

WTF... I am getting those emails on a daily basis.... [email protected] - the body of the message is always the same.. "hello REAL NAME"

i'd like to pound the fucks sending these.

steele

Ya, I had one yesterday. Two actually they had my real name in the message portion and the addy was something @syntax error. Kinda freaked me for a minute....but I am here for entertainment purposes anyway so in the famous words of a true poet..."What me worry?"

 

[Zyglamail]

Another question, and comment.

This site is run on about eight servers. The encrypted mail servers are not run by us (hushmail.com runs them) and are not even in the USA.

Is everyone getting strange messages from [email protected]? This would indicate that our WEB server is trying to send a message out, but is doing something wrong or encountering a problem. If you will post the messages, we can get on it and try to fix the issue, but our sending you mail would not indicate that there is a security issue with the elitefitness.com email accounts.

Please accept my apologies for my delay in responding.

Yes, I have gotten a few of them with my real name, but not to my elitemail account, they are going to a different mail addy I use.

 

[Delinquent]

Heres one I just got. Subject is honey.
Sender is [email protected]

Return-Path: <[email protected]>
X-Sieve: cmu-sieve 2.0
Return-Path: <[email protected]>
Received: from smtp3.hushmail.com (smtp3.hushmail.com [64.40.111.33])
by plimap1.hushmail.com (Postfix) with ESMTP id 38FBC79090
for <[email protected]>; Fri, 27 Sep 2002 03:06:00 -0700 (PDT)
Received: from out017.verizon.net (out017pub.verizon.net [206.46.170.94])
by smtp3.hushmail.com (Postfix) with ESMTP id 8F1935AA2
for <[email protected]>; Fri, 27 Sep 2002 03:12:25 -0700 (PDT)
Received: from Pbnfefny ([216.222.78.159]) by out017.verizon.net
(InterMail vM.5.01.05.09 201-253-122-126-109-20020611) with SMTP
id <20020927101157.VUVP6394.out017.verizon.net@Pbnfefny>
for <[email protected]>; Fri, 27 Sep 2002 05:11:57 -0500
From: sd23bb <[email protected]>
To: [email protected]
Subject: Honey
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary=Wl8VP60a1wt34HaD1TrDY849T33zp60
Message-Id: <20020927101157.VUVP6394.out017.verizon.net@Pbnfefny>
Date: Fri, 27 Sep 2002 05:12:25 -0500

<HTML><HEAD></HEAD><BODY>
<iframe src=cid:HT8no9h3EtW height=0 width=0>
</iframe>
<FONT></FONT></BODY></HTML>

These are definitely from someone else. Did this one address you by your real name? This looks like a cyber-rights addy so I wouldn't imagine it did.

 

[George Spellwin]

George, the reason that I lost my hushmail account is because my mail was being read all the time and it was known that the employee's had access to read the email. Aparently they are reading our email as well because I have received new emails that were opened and read and I know I damn sure didn't read them. I did refresh the page and it was still the same. This is the EXACT same thing that was happening with hushmail. I read on the internet that hushmail is one of the least secure services because email is read and easily read and if something is found they take it to authorities.

Johnboy,

I appreciate your concern, but I think your fears may be misplaced.

There is a known bug where on occasion unread mail does not properly get displayed in bold font -- This should be fixed soon.

I know the people at Hush and trust them implicitly. Hush is based in Ireland and the Caribbean and have no interest in US authorities.

They have I believe a million users, so it would be impossible for them to read your email if they were able to.

They publish the source code for their email service -- and they encourage any programmer in the world to try to crack it.

Phil Zimmermann is the Chief Cryptography Officer for Hush Communications. Zimmerman is the grandfather of cryptography. He created Pretty Good Privacy (PGP), the first encrypted email program. For three years, he was the subject of a criminal investigation on the grounds that publishing PGP as freeware violated the US export restrictions on cryptographic technology. Thanks in part to the free marketing he obtained, PGP quickly became the most widely used email encryption method in the world. Zimmermann stated, "For the past decade PGP has been the gold standard for email encryption but we've always had trouble expanding beyond the power users because of ease of use problems. The OpenPGP standard will be well served by Hush's fresh approach to ease of use and its roaming capability. Further, Hush has a consistent track record of publishing its source code."

Lastly, think about it for a minute. The last thing either hush or I would want is to know what is in your email accounts. If we did, we could be subpoenaed. When Elite was subpoenaed in the Perrin DNP ordeal, I was pleased that I could say with 100% honesty that I have no idea what is in DNPguru's email account, or Perrin's email account.