Sunday, January 28, 2001

Could someone die from spam/relay rape? Consider the following two spam emails, one sent apparently from a Birmingham (bhm), Alabama BellSouth.net dial-up via a mail server at a hospital in Easton, PA and the other (picked off news.admin.net-abuse.email) sent from a Jacksonville dial-up of Coastalnet.com via the same mail server to British Columbia. You'll notice that the first one spent 84 hours in the hospital mail server, from 4:30 P.M. Wednesday until 4:30 A.M. Sunday. Now it is possible that someone was sending important medical data through that mail server. Some lab instruments these days even use email--I once received porno spam via what I was told was a microscope at a Belgian university. (the university hadn't known that the microscope was running sendmail and therefore hadn't bothered to take its usual precautions against spammers) An 84-hour delay in important hospital email could, in theory, kill a patient. By the way, I have noticed that these spams apparently for a pyramid scheme (International Global Prosperity?) come from all over the country and use the same open mail server for mail sent in a certain week or so. Assuming that third party relaying of bulk email without explicit permission of the server owner is a crime, there appears to be an interstate criminal conspiracy. [Sanner@flashmail.com via risks-digest Volume 21, Issue 23] 0:00 # G!

Satellite strike blows away DirectTV pirates On 21 Jan 2001, DirecTV remotely disabled about 100,000 smart-card enabled set-top boxes that controlled illegal reception of their satellite TV. (Buried in the programming code was a message that read "GAME OVER" -- for those who perused the code.) About 9.5 million legitimate subscribers pay something like $50/month for the hardware and $22/month for the programming. DirectTV estimates this will save them over $100 million/year. The pirated operations involved the iterative installation of bogus software that enabled access despite each successive vendor change to the programming code. DirectTV believes that the counteraction disabled all of those bogus smartcards containing illegal software. DirectTV is part of Hughes Electronics. [Source: P.J. Huffstutter and Jon Healey, *LA Times*; PGN-ed (How long will it be until the next-iteration hack occurs?)] ["Peter G. Neumann" via risks-digest Volume 21, Issue 23] 0:00 # G!