Old 01-12-2010, 01:28 AM   #26
trainmaster_1
Senior Member
 
Join Date: Mar 2006
Location: Toronto
Posts: 264
Default

__________________
Michael

CN Conductor

Click here to view my pictures on RP.net
trainmaster_1 is offline   Reply With Quote
Old 01-12-2010, 01:43 AM   #27
travsirocz
Senior Member
 
travsirocz's Avatar
 
Join Date: Nov 2007
Location: Eau Claire, WI
Posts: 2,459
Send a message via AIM to travsirocz
Default

You guys are just trying to make me jelous!
travsirocz is offline   Reply With Quote
Old 01-12-2010, 01:57 AM   #28
trainmaster_1
Senior Member
 
Join Date: Mar 2006
Location: Toronto
Posts: 264
Default

Quote:
Originally Posted by travsirocz View Post
You guys are just trying to make me jelous!
Don't you already have a girlfriend ?
__________________
Michael

CN Conductor

Click here to view my pictures on RP.net
trainmaster_1 is offline   Reply With Quote
Old 01-12-2010, 02:46 AM   #29
LSRC Railfan
Senior Member
 
LSRC Railfan's Avatar
 
Join Date: Aug 2007
Posts: 274
Default

I got one too.
LSRC Railfan is offline   Reply With Quote
Old 01-12-2010, 03:17 AM   #30
Northern Limits
Senior Member
 
Northern Limits's Avatar
 
Join Date: Aug 2006
Location: B.C. Canada
Posts: 611
Default

I got one too, so she does have some Common[wealth] sense Sorry- royalist joke.
Not being in the market I thought I would leave her for some of the younger contributors.
__________________
Cheers, Jim.


Click Here to view my photos at RailPictures.Net!
Northern Limits is offline   Reply With Quote
Old 01-12-2010, 03:25 AM   #31
Chris Kilroy
Administrator
 
Chris Kilroy's Avatar
 
Join Date: Dec 2002
Location: Henderson, NV USA
Posts: 918
Send a message via ICQ to Chris Kilroy
Default

I think the picture is pretty much painted that just about everybody got it (although strangely, I didn't).

I can't find any info on The Google about a VB e-mail exploit, Nick, at least not for this particular version or those after it, but please do let me know if you've found something I missed.

I did find a programming error in the main RP site that could have possibly exposed e-mail addresses to a phisher if they knew where to look. This bug would have been in place since the site was first coded, so it's surprising that it took this long to show its face. I've removed the bug, and hopefully this has corrected the vulnerability.

Apologies (I've been doing that a lot lately, so it would seem ) for the unwanted inconvenience.
__________________
Chris Kilroy
Editor, RailPictures.Net
- View My Photos at RailPictures.Net!
- View My Photos at JetPhotos.Net!
Chris Kilroy is offline   Reply With Quote
Old 01-12-2010, 03:31 AM   #32
JRMDC
Senior Member
 
JRMDC's Avatar
 
Join Date: Nov 2006
Posts: 11,202
Default

Quote:
Originally Posted by Carl Becker View Post
Unrelated, but my Google search yielded this as one of the results:

http://freepages.history.rootsweb.an...istory.net.txt

What is this all about?
Looks like a copy of the HTML for a page on coalhistory.net, probably the home page is my guess.
__________________
My RP pix are here.
My Flickr pix are here.

My commentaries on rail pictures are in my blog.

RP Photo Albums:
Cabooses
Engine Details
Farm and Train
Plumes!
Railroad Details
Signal Details
Switchstand Shots
JRMDC is offline   Reply With Quote
Old 01-12-2010, 03:32 AM   #33
AntD.
Senior Member
 
AntD.'s Avatar
 
Join Date: Jan 2008
Location: Greenville, SC
Posts: 372
Talking

The Hoe just emailed me... I suppose the whole "Remeber the distance or colour does not matter but love matters alot in life" really does apply to me in a sense . My guess is that this is Jully from Amtrak finally giving me a chance after calling her so much for updates!
AntD. is offline   Reply With Quote
Old 01-12-2010, 03:37 AM   #34
transit383
Senior Member
 
transit383's Avatar
 
Join Date: Feb 2007
Location: New Jersey
Posts: 150
Default

I got one too. 3:34PM.
__________________
My Photos
transit383 is offline   Reply With Quote
Old 01-12-2010, 03:39 AM   #35
Chase55671
RailPictures.Net Crew
 
Chase55671's Avatar
 
Join Date: Jun 2008
Location: Nitro, WV
Posts: 2,194
Send a message via AIM to Chase55671 Send a message via MSN to Chase55671
Default

Quote:
Originally Posted by AntD. View Post
The Hoe just emailed me... I suppose the whole "Remeber the distance or colour does not matter but love matters alot in life" really does apply to me in a sense . My guess is that this is Jully from Amtrak finally giving me a chance after calling her so much for updates!





Chase
__________________
Chase Gunnoe
Railpictures.Net Crew
Rail-Videos.Net Crew
Click here to view my photos at Railpictures.Net
SLR Night Photography Tutorial | Railpictures.Net Beginners Guide
Chase55671 is offline   Reply With Quote
Old 01-12-2010, 03:47 AM   #36
Christopher Muller
Senior Member
 
Christopher Muller's Avatar
 
Join Date: Mar 2005
Posts: 787
Default

Quote:
Originally Posted by Chris Kilroy View Post
I think the picture is pretty much painted that just about everybody got it (although strangely, I didn't).
Did you check the outbox?

Just kidding, I also got the message, but had to look for it as it went straight to the spam folder.
Christopher Muller is offline   Reply With Quote
Old 01-12-2010, 04:17 AM   #37
Chris Kilroy
Administrator
 
Chris Kilroy's Avatar
 
Join Date: Dec 2002
Location: Henderson, NV USA
Posts: 918
Send a message via ICQ to Chris Kilroy
Default

It would be helpful if someone who got the e-mail could either forward it to me (chris.kilroy [ta] railpictures.net) or post the headers here so I could see where the e-mail actually originated.
__________________
Chris Kilroy
Editor, RailPictures.Net
- View My Photos at RailPictures.Net!
- View My Photos at JetPhotos.Net!
Chris Kilroy is offline   Reply With Quote
Old 01-12-2010, 04:22 AM   #38
ottergoose
American Gunzel
 
ottergoose's Avatar
 
Join Date: Dec 2005
Location: Eagan, MN
Posts: 1,626
Send a message via AIM to ottergoose Send a message via Yahoo to ottergoose
Default

Quote:
Originally Posted by Chris Kilroy View Post
I can't find any info on The Google about a VB e-mail exploit, Nick, at least not for this particular version or those after it, but please do let me know if you've found something I missed.

I did find a programming error in the main RP site that could have possibly exposed e-mail addresses to a phisher if they knew where to look. This bug would have been in place since the site was first coded, so it's surprising that it took this long to show its face. I've removed the bug, and hopefully this has corrected the vulnerability.
If you Google ("Jully arnauld" "profile today"), a few miscellaneous websites pop up with copies of the same message, but with different websites listed (squidu.com, arrse.co.uk, etc.), all of which seem to have a forum that looks like vBulletin.

That said, it's also possible that the addresses were obtained via some sort of SQL injection - my buddy Dan Kwarciany reported getting a copy of the email, and, as far as he knows, he doesn't have an account on the forums... I did a member search for his name (dkwarc1751, Dan, Kwarciany, etc.) and wasn't able to find an account for him here on the forums, so, maybe it wasn't from the forum software.

If you can confirm that Dan doesn't have an account on the forums, then we know it's a problem with the RP.net code, rather than vBulletin. If he does, then we can't be sure either way.
__________________
Nick Benson | Pictures | Website | Flickr | Profile | JetPhotos | Twitter
ottergoose is offline   Reply With Quote
Old 01-12-2010, 04:24 AM   #39
ottergoose
American Gunzel
 
ottergoose's Avatar
 
Join Date: Dec 2005
Location: Eagan, MN
Posts: 1,626
Send a message via AIM to ottergoose Send a message via Yahoo to ottergoose
Default

Quote:
Originally Posted by Chris Kilroy View Post
It would be helpful if someone who got the e-mail could either forward it to me (chris.kilroy [ta] railpictures.net) or post the headers here so I could see where the e-mail actually originated.
PHP Code:
Delivered-Toottergoose@gmail.com
Received
by 10.223.126.82 with SMTP id b18cs342728fas;
        
Mon11 Jan 2010 12:36:14 -0800 (PST)
Receivedby 10.100.35.6 with SMTP id i6mr6280757ani.178.1263242170433;
        
Mon11 Jan 2010 12:36:10 -0800 (PST)
Return-
Path: <jullyarnauld@yahoo.com>
Receivedfrom web59302.mail.re1.yahoo.com (web59302.mail.re1.yahoo.com [66.196.101.43])
        
by mx.google.com with SMTP id 3si146863929yxe.43.2010.01.11.12.36.08;
        
Mon11 Jan 2010 12:36:09 -0800 (PST)
Received-SPFpass (google.comdomain of jullyarnauld@yahoo.com designates 66.196.101.43 as permitted senderclient-ip=66.196.101.43;
Authentication-Resultsmx.google.comspf=pass (google.comdomain of jullyarnauld@yahoo.com designates 66.196.101.43 as permitted sendersmtp.mail=jullyarnauld@yahoo.comdkim=pass (test modeheader.i=@yahoo.com
Received
: (qmail 96369 invoked by uid 60001); 11 Jan 2010 20:36:08 -0000
DKIM
-Signaturev=1a=rsa-sha256c=relaxed/relaxedd=yahoo.coms=s1024t=1263242168bh=A0OuUypcykEKyQXBI2TNi1CQ5l4spj7yKFtKzGTtN94=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Typeb=SO6uJYhvbbOPrVqbDwVmb+qeMvCpietxoaYRZFMN5fjKjDFQuqc75Y1+N7J9+RmZCzDuDP0cUN7CKq32USq8rZWns4Hj7G3o8rrE4dF1Yz1wqK8oNaCSvx/YBGxnO3szVnmBHH/IaaDyUIgi5+e+Y4SGOHCQPKqYKvCEAKWXUP0=
DomainKey-Signature:a=rsa-sha1q=dnsc=nofws;
  
s=s1024d=yahoo.com;
  
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:MIME-Version:Content-Type;
  
b=JhULtB3LQNk+ld0qUc4AoKcB6O267pRlHsgxWFmLP/Q97J5+JLhbA8zR1eAo/jGnSCWaWOjx6thDjsgj/dPVxpuyW4t81vfSv2KXRHLBJ/AS0XRitcW/1ibymJbtmrh5oXj87xL5GvWqiNPZvtw1RIwp9zvfW5Af9agZxiyGZ3s=;
Message-ID: <623120.95017.qm@web59302.mail.re1.yahoo.com>
X-YMail-OSGtwmyvFQVM1nbQiPyN5S.4QqbtIoC9pFL5hOt_qJGLk3zpsMNjS2NoLaFy05OaRIeffPR4_.Wuri4wO8OCA4qry9HF.x.zKY0zUNKiBFlbSHuEOdLRcuN6TEEsIicyx3wO5r4t2uhsrXDcLWFoN1BX5uNbpbU6lIY_6jnGERJvD.XCHcz0xw8j3ILAS1qWDrMpngjEhWVJ3Kv40le0SJ9G4fvgjLwk6ZWrzY1sjJJW8w5wABIRVKrvUw3_h8GMA6YhLtWQVJTYFtYXX1AQUcEq2jPTmJKwFeOvLlL3aAsh21yU92jdMLLFd6TCJGZUCC1ExHBRpnYiqC_k9NS8RbdVEHCF6S9m0SM5lp5zjMTc_ByL2g5pt1oek9JCnAlK1m5FlJHh8VQqxXi90Rs50S5eXiwraE5EkWG__6vDog8zpk0zQjd1J9h5xQpRmtlJcet_pL7vfxJNicZuB5fxgb28mO.t_KFK1Wt4bmc5fwvqZY8V.rqjdtjai9KW9ojSzDke04SWu6MaSzLoJVx0ZvGoDzqCKzDICoLnohBQC8r_AUvJ7cj0Lxy1G4VmU0wDacSjvfzjveb6ImBXPIefeQK7KsZMJjdzOwb0LlKX_zRXEfxHK7hvvOo3lWOB1W9IjelsrzzYr3buwLGKuEfBJLxFD0NbPsm1Ztc8klqRJkUfQC55sFZIBwxrc2KN9nKDeVJw226EQ--
Receivedfrom [196.207.194.120by web59302.mail.re1.yahoo.com via HTTPMon11 Jan 2010 12:36:08 PST
X
-MailerYahooMailClassic/9.0.20 YahooMailWebService/0.8.100.260964
Date
Mon11 Jan 2010 12:36:08 -0800 (PST)
FromJully Arnauld <jullyarnauld@yahoo.com>
Subjecthi
To
undisclosed recipients: ;
MIME-Version1.0
Content
-Typemultipart/alternativeboundary="0-2117887435-1263242168=:95017"

--0-2117887435-1263242168=:95017
Content
-Typetext/plaincharset=iso-8859-1
Content
-Transfer-Encodingquoted-printable

HI
=0A=0A=0A=0A=0A=0A=0A=0A=0A=0AMy name is Jully arnauld ,i saw your profile =
today in (
=
0A=0A=0A=0A=0A=0A=0A=0A=0A=0Awww.railpictures.net) and i=A0 became intrest=
ed in you,i will also like=0Ato know you=A0 more,and i want you to send an =
email to my email address=0Aso i can give you my picture for you to know wh=
om i am.
=
0A=0A=0A=0A=0A=0A=0A=0A=0A=0AHere is my email address (jullyarnauld@yahoo.=
com)
=
0A=0A=0A=0A=0A=0A=0A=0A=0A=0AI believe we can move from here!
=
0A=0A=0A=0A=0A=0A=0A=0A=0A=0AI am waiting for your mail to my email addres=
s above..
=
0A=0A=0A=0A=0A=0A=0A=0A=0A=0A(Remeber the distance or colour does not matt=
er but love matters alot in lifeyours
=0A=0A=0A=0A=0A=0A=0A=0A=0A=0Ain love Jully =0A=0A=0A      
--0-2117887435-1263242168=:95017
Content
-Typetext/htmlcharset=iso-8859-1
Content
-Transfer-Encodingquoted-printable

<table cellspacing=3D"0" cellpadding=3D"0" border=3D"0" ><tr><td valign=3D"=
top" 
style=3D"font: inherit;">HI=0A=0A=0A=0A=0A=0A=0A=0A=0A=0AMy name i=
s Jully arnauld ,i saw your profile today in (=0A=0A=0A=0A=0A=0A=0A=0A=
=
0A=0Awww.railpictures.net) and i&nbspbecame intrested in you,i will also=
 
like=0Ato know you&nbspmore,and i want you to send an email to my email =
address=0Aso i can give you my picture for you to know whom i am.=0A=0A=
=
0A=0A=0A=0A=0A=0A=0A=0AHere is my email address (jullyarnauld@yahoo.com)<b=
r>=0A=0A=0A=0A=0A=0A=0A=0A=0A=0AI believe we can move from here!=0A=0A=
=
0A=0A=0A=0A=0A=0A=0A=0AI am waiting for your mail to my email address abov=
e..=0A=0A=0A=0A=0A=0A=0A=0A=0A=0A(Remeber the distance or colour does n=
ot matter but love matters alot in lifeyours=0A=0A=0A=0A=0A=0A=0A=0A=
=
0A=0Ain love Jully </td></tr></table>=0A=0A      
--0-2117887435-1263242168=:95017-- 
__________________
Nick Benson | Pictures | Website | Flickr | Profile | JetPhotos | Twitter
ottergoose is offline   Reply With Quote
Old 01-12-2010, 04:31 AM   #40
NSFan14
Senior Member
 
Join Date: Dec 2005
Location: New Haven, KY
Posts: 723
Default

Dang, I told Jully if she was gonna be with me she had to quit emailing these RP'rs...I got a email also from her today.
__________________
-Alex Moss
NSFan14 is offline   Reply With Quote
Old 01-12-2010, 04:36 AM   #41
ottergoose
American Gunzel
 
ottergoose's Avatar
 
Join Date: Dec 2005
Location: Eagan, MN
Posts: 1,626
Send a message via AIM to ottergoose Send a message via Yahoo to ottergoose
Default

I just realized that my forum account and website account each have a different email address associated with them (although both get forwarded to the same Gmail account). I just sent a pair of test emails from my Yahoo mail account (same as Jully) and was able to confirm that the email was sent to the address associated with my RP.net account, and not my forum account.

In other words, it's definitely a vulnerability from the RP.net code base, not vBulletin.

Bummer.
__________________
Nick Benson | Pictures | Website | Flickr | Profile | JetPhotos | Twitter
ottergoose is offline   Reply With Quote
Old 01-12-2010, 04:37 AM   #42
Chris Kilroy
Administrator
 
Chris Kilroy's Avatar
 
Join Date: Dec 2002
Location: Henderson, NV USA
Posts: 918
Send a message via ICQ to Chris Kilroy
Default

Thanks, Nick, and also to the others who e-mailed me the headers for review.

I did see an instance of sendmail going crazy earlier today (which happens from time to time), so I wanted to make sure this wasn't connected. The headers seem to confirm that the e-mail came directly from Yahoo.

The vulnerability I found earlier was in the RP member contact script, where the form was invisibly echoing the intended recipient's e-mail address as a hidden form field. This was done by my "programming helper" back in 2002 when the site was first coded, and I never picked up on it. I would have probably never noticed it had not this event happened.

If someone were to have picked up on that vulnerability (which it appears they might've), it would be very easy to automate some sort of script to collect e-mail addresses simply by changing the userid in the URL, then use them later to e-mail from a Yahoo account.

I've e-mailed Yahoo's abuse department with the e-mail headers in the hopes that they can do something about this particular user, but of course, I won't be holding my breath to even hear back from them on it.

I hope this is simply a one time thing that's been resolved. Unfortunately, honesty compels me to admit that once an e-mail address has been compromised, there's no sure bet that spam won't continue to be delivered, since the spammer and all of their friends already have the e-mail address. I hope that doesn't turn out to be the case here.

Again, many apologies from our side for this unfortunate issue. I, and the rest of the team, are doing our level best to keep things like this from happening again in the future.
__________________
Chris Kilroy
Editor, RailPictures.Net
- View My Photos at RailPictures.Net!
- View My Photos at JetPhotos.Net!
Chris Kilroy is offline   Reply With Quote
Old 01-12-2010, 08:11 AM   #43
Bryan Jones
Senior Member
 
Bryan Jones's Avatar
 
Join Date: Dec 2002
Location: Brooks,KY
Posts: 131
Default

count me in as a recipient, found the message in my spam box just a short time ago.
Bryan Jones is offline   Reply With Quote
Old 01-12-2010, 09:21 AM   #44
Trendyh
Member
 
Trendyh's Avatar
 
Join Date: Apr 2006
Posts: 51
Send a message via Yahoo to Trendyh Send a message via Skype™ to Trendyh
Default

All the way to Australia, boy she gets around, I wonder if she knows Tiger!
Trendyh is offline   Reply With Quote
Old 01-12-2010, 12:39 PM   #45
MichaelJ
The Photo Journalist
 
MichaelJ's Avatar
 
Join Date: Jan 2006
Location: Sydney, NSW
Posts: 630
Default

I got some from her as well ...

She'll have to move quicker than Santa if she wants to satisfy us all!!!
__________________
My portfolio at RailPictures.Net!
My portfolio at Flickr!

The views expressed in this reply are personal and do not represent the views or policy of my employer.
MichaelJ is offline   Reply With Quote
Old 01-12-2010, 12:42 PM   #46
MichaelJ
The Photo Journalist
 
MichaelJ's Avatar
 
Join Date: Jan 2006
Location: Sydney, NSW
Posts: 630
Default

Quote:
Originally Posted by Chris Kilroy View Post
I've e-mailed Yahoo's abuse department with the e-mail headers in the hopes that they can do something about this particular user, but of course, I won't be holding my breath to even hear back from them on it.
I have contacted Yahoo! Abuse previously and they were very quick to respond and extremely apologetic.
__________________
My portfolio at RailPictures.Net!
My portfolio at Flickr!

The views expressed in this reply are personal and do not represent the views or policy of my employer.
MichaelJ is offline   Reply With Quote
Old 01-12-2010, 12:49 PM   #47
willig
Senior Member
 
willig's Avatar
 
Join Date: Oct 2007
Location: Manchester, UK
Posts: 473
Default

Hey you blokes! I hope you haven't spoiled things for me. I'm supposed to meet her tonight under the clock at 8:00pm.
willig is offline   Reply With Quote
Old 01-12-2010, 01:16 PM   #48
MichaelJ
The Photo Journalist
 
MichaelJ's Avatar
 
Join Date: Jan 2006
Location: Sydney, NSW
Posts: 630
Default

Sorry mate! Guess you'll just have to find another one. Isn't there a huge sum of money waiting for us in Africa somwehere too?
__________________
My portfolio at RailPictures.Net!
My portfolio at Flickr!

The views expressed in this reply are personal and do not represent the views or policy of my employer.
MichaelJ is offline   Reply With Quote
Old 01-12-2010, 01:52 PM   #49
ns4eva
Member
 
Join Date: Mar 2009
Posts: 35
Default

I feel so left out . I guess she's just not that into me. lol

Chris, I'm in the same boat as you. No e-mail.
__________________
Triple D
ns4eva is offline   Reply With Quote
Old 01-12-2010, 04:18 PM   #50
John Ryan
Senior Member
 
John Ryan's Avatar
 
Join Date: Jan 2005
Location: Ann Arbor, Michigan
Posts: 497
Send a message via AIM to John Ryan
Default

Me too, I just got one this morning.
John Ryan is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump


All times are GMT. The time now is 06:59 PM.


Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.