siblingrivalry
December 10th, 2004, 06:23 PM
Hi all:
I'm no IT guru or network admin but I am well enough acquainted with security to suspect something screwy is going on.
To set the stage, I just deposed my oldest brother (a wannabe IT guru) from the role of power of attorney for my 83 yr old mom's affairs. Near as I can figure, he's taken or stolen ~$100K from her assets in the past 4 years. Now I hold the POA, and trying to piece together a forensic accounting of what he'd done (no job, but a new Harley in August, a Walther PPK in April, it just goes on and on).
Wednesday, my brother and I were emailing by replying and appending to an existing email thread, in 3 way harangue with a 3rd brother, when suddenly the message went from ordinary HTML-looking text to the message
"This body part will be downloaded on demand" which I assumed meant that he'd just attached some malicious code to and Mozilla left it on the server for me to decide to open it or not... to which I responded to him and my other brother by asking to send it again, in plain text only, looked like there was a virus or some other problem with the message. 3 new attempts, same "This body part will be downloaded on demand" message. (Maybe this is that some kind of ironical insider IT humor I'm not getting or what???) Anyway, I wrote each back individually suggesting that they shoud each respond to me to other (different) email addresses to continue the thread. Other mail arrived to the IMAP server just fine, even though coincidentally (I hope) it just so happened that my employer's self-generated SSL certificate had elapsed that very morning. I tested with a variety of emails, and was ready to pass it off as a networking glitch due to this but for what followed later.
On the PC I use most often for mail, I use Mozilla Mail (v1.5), and am as MS-free as I can be on the old IBM ThinkPad laptop PC; I removed Outlook, don't use Office, still on patched Win98, behind two firewalls, one is a just-patched Win2000 server, I am also behind a Linksys router. Other machine on the LAN is a G4 Mac running OSX Panther (latest security patches). While my boss uses PuTTy/Pine and plain text only, from where I live my only option for connecting to the net is a satellite ISP, and I can't stomach the latency delay of typing at a dumb terminal over Starband link to remotely access my employer's Linux email server (as my PhD boss does... he's been using it since the 70's apparently). So I instead access our IMAP mail server using 128bit key SSL encryption/ tunnelling to get in. I never open any attachments that are screwy, and have had few problems til now, even though I don't have Norton AV or anything else running on the PC.
Talked to both brothers via the phone and calmer emails today, so I might have simply shrugged it all off, but today I had to .pdf some documents to the attorney. Easier to do on the Mac, which sent via my hotmail account no problemo (stil cautious too that the security might have been compromised on my IMAP machine). Later when trying to connect to Hotmail from the G4 Panther machine, I got the following Mozilla v1.6 message:
"Could not verify this certificate because the issuer is unknown."
I've saved the details including the fingerprint strings.
Should I be concerned about a man-in-the-middle attack? I did connect with it on this and other machines today, am I safe connecting with hotmail to change the p/w from another URL address?
If it turns out that I have good reason to be concerned, what agencies deal with this (seem to recall that this is a Secret Service issue? I'm in CA and my brothers are in PA.)
My attorney suggested looking for help on this forum, sorry about the looong post...
I'm no IT guru or network admin but I am well enough acquainted with security to suspect something screwy is going on.
To set the stage, I just deposed my oldest brother (a wannabe IT guru) from the role of power of attorney for my 83 yr old mom's affairs. Near as I can figure, he's taken or stolen ~$100K from her assets in the past 4 years. Now I hold the POA, and trying to piece together a forensic accounting of what he'd done (no job, but a new Harley in August, a Walther PPK in April, it just goes on and on).
Wednesday, my brother and I were emailing by replying and appending to an existing email thread, in 3 way harangue with a 3rd brother, when suddenly the message went from ordinary HTML-looking text to the message
"This body part will be downloaded on demand" which I assumed meant that he'd just attached some malicious code to and Mozilla left it on the server for me to decide to open it or not... to which I responded to him and my other brother by asking to send it again, in plain text only, looked like there was a virus or some other problem with the message. 3 new attempts, same "This body part will be downloaded on demand" message. (Maybe this is that some kind of ironical insider IT humor I'm not getting or what???) Anyway, I wrote each back individually suggesting that they shoud each respond to me to other (different) email addresses to continue the thread. Other mail arrived to the IMAP server just fine, even though coincidentally (I hope) it just so happened that my employer's self-generated SSL certificate had elapsed that very morning. I tested with a variety of emails, and was ready to pass it off as a networking glitch due to this but for what followed later.
On the PC I use most often for mail, I use Mozilla Mail (v1.5), and am as MS-free as I can be on the old IBM ThinkPad laptop PC; I removed Outlook, don't use Office, still on patched Win98, behind two firewalls, one is a just-patched Win2000 server, I am also behind a Linksys router. Other machine on the LAN is a G4 Mac running OSX Panther (latest security patches). While my boss uses PuTTy/Pine and plain text only, from where I live my only option for connecting to the net is a satellite ISP, and I can't stomach the latency delay of typing at a dumb terminal over Starband link to remotely access my employer's Linux email server (as my PhD boss does... he's been using it since the 70's apparently). So I instead access our IMAP mail server using 128bit key SSL encryption/ tunnelling to get in. I never open any attachments that are screwy, and have had few problems til now, even though I don't have Norton AV or anything else running on the PC.
Talked to both brothers via the phone and calmer emails today, so I might have simply shrugged it all off, but today I had to .pdf some documents to the attorney. Easier to do on the Mac, which sent via my hotmail account no problemo (stil cautious too that the security might have been compromised on my IMAP machine). Later when trying to connect to Hotmail from the G4 Panther machine, I got the following Mozilla v1.6 message:
"Could not verify this certificate because the issuer is unknown."
I've saved the details including the fingerprint strings.
Should I be concerned about a man-in-the-middle attack? I did connect with it on this and other machines today, am I safe connecting with hotmail to change the p/w from another URL address?
If it turns out that I have good reason to be concerned, what agencies deal with this (seem to recall that this is a Secret Service issue? I'm in CA and my brothers are in PA.)
My attorney suggested looking for help on this forum, sorry about the looong post...