Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re: Status of Recent User Information Leak

by Zen (Deacon)
on Jul 31, 2009 at 01:38 UTC ( #784786=note: print w/ replies, xml ) Need Help??


in reply to Status of Recent User Information Leak

I want to know why everyone who has had their passwords and email addresses taken are not being emailed, and only those who are facebook club or published did.


Comment on Re: Status of Recent User Information Leak
Re^2: Status of Recent User Information Leak (mass e-mail)
by tye (Cardinal) on Jul 31, 2009 at 04:27 UTC

    Do you have effective bulk e-mailing services to offer? We are still having problems just getting the first batch of 700-odd e-mails actually successfully sent due to anti-spam measures that are nearly ubiquitous.

    Trying to figure out how to send 58,000 e-mails to people who, for the most part, haven't visited here in years is not my highest priority. There is plenty of other work to do in response to this incident, and most of it isn't happening as fast as I would like.

    If you feel strongly that this needs to be done, than please demonstrate your sincerity by composing a proposed e-mail body and finding an effective bulk e-mail delivery method that the vast majority of PerlMonks users would not mind having their e-mail address provided to. If you or somebody else provides those two items, then I will try to find a resource to select and extract the pertinent e-mail addresses.

    I personally believe that this incident is already very widely publicized and the number of people who would be reached by a mass e-mailing who are not already aware of the problem and who also left interesting personal information here that is still pertinent, would be vanishingly small. Never the less, I would like to e-mail everybody just in case there are some people in that category. So I would appreciate the help. But I will be spending the time that I already don't have on tasks related to this incident that I consider more important.

    Thank you.

    - tye        

      Tye,

      Does anyone here use Qmail on a linux server? If so, all it would take is to copy the 58,000 email addresses into a text file, one address per line, place it on the Qmail server as a mail list, and then bounce a generic email off the list. Everyone would receive the same message (not personalized) but it would be very efficient and only to them (like bcc:).

      I have my own box here at home, and I suppose if folks trusted me, I could send them out from here.

      Qmail allows mail lists for its user accounts (as I suppose other mail programs do as well). In Qmail, it is nearly as simple as this: adduser perlmonks, copy text file into perlmonks home directory as "newslist", then write an email to "perlmonks-newslist@qmailserver.domain.org" and watch the mail go out. (No guarantees that I'm not missing a step or two, but it's about that simple if qmail is already installed and running.)

      Features of Qmail, including the mail list (for which there is no size limit), can be found here: http://cr.yp.to/qmail.html. According to the statistics there, it might take under two hours to send the email out to all 58,000 addresses.

      Blessings,

      ~Polyglot~

      UPDATE: On second thought, I am remembering that I am not in a good position to send out bulk emails like this. Someone else would have to do it from a more trusted IP address. You see, I am in Taiwan, and many ISPs seem to block entire IP address ranges for Taiwan, as apparently much spam and mischief originates here. In other words, much of what I would send from here might not be delivered, or it would land in the "spam" box. But the Qmail solution would still be viable if used from a trusted source. ~ Polyglot ~

        Unless you limit the number of connections to each recipient host, you risk taking an email server hosting a large number of monks to its knees.

        Qmail is a very good internal system. I have stopped recommending it for external mail servers a long time ago. The internet infrastructure is just not resilient enough against a server like this that could present a very effective denial of service attack.

        This is from someone who was involved with qmail use and advocacy very early on. One of my first public perl scripts is in fact still being distributed (search for Brian T. Wightman on one of the qmail pages), although I no longer recommend its use - the SMTP world has changed :).

        --MidLifeXis

        The tomes, scrolls etc are dusty because they reside in a dusty old house, not because they're unused. --hangon in this post

      I personally believe that this incident is already very widely publicized....
      This is precisely why I asked about the legal ramifications in 784719. Specifically, are there any applicable state or federal laws that require notification? Establish what you have to do (or what your lawyers advise you to do) first before worrying about what you would like to do.

      Update: And if possible, after things have settled down let us know what the response was. This is a great opportunity to learn more about the legal side of security breaches like this, especially for open source foundations, organizations, etc.

      Elda Taluta; Sarks Sark; Ark Arks

      http://www.expeditesimplicity.com/features.php

      $60 or use any of a number of linux freeware tools to send mail in phased batches, or from the pair server itself (notify them first).

      Body:

      Your Perlmonks account has been compromised! Your password, email address, and any information stored about you on our site was unencrypted and thus visible to the attackers. We have more information at the following link: http://www.perlmonks.org/?parent=784806

      We encourage you to change your password and visit our site for more information as it becomes available. This will be the last notification on the topic.

      ----------------------------------

      How's that? I may have done the link wrong. Updated link.

        Well, thank you for "trying". The first two non-internal links from google for expeditedsimplicity.com were 1) showing close ties to an unapologetic spammer and 2) panning the quality of their service.

        And you couldn't even be bothered to construct a working URL (so you obviously couldn't be bothered to even test the URL for the text you slapped together).

        And read other parts of this thread. Just sending out batches of e-mail would mostly just make the IPs doing the sending get tagged as spammers and result in lots of the e-mails not being delivered.

        I didn't respond at first because your level of effort here was clearly so low that I seriously doubted that your suggested service would be of any better quality than the rest of your "work". So I was hoping somebody might look into that service or have heard of it and save me the time.

        Luckily, the service was so obviously bad that you've only managed to waste a small amount of my time investigating the mass e-mailing service that you couldn't be bothered to spend a small amount of your time investigating. Sounds like a great idea to submit all our members' e-mail addresses to a service closely associated with spammers.

        Spending more time looking for such a service myself, the most promising I was able to find was http://constantcontact.com which notes "10,001-25,000 $150" and "25,000+ Call for pricing". I'll try to find more time later for looking further.

        - tye        

      How's that mailing going?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://784786]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others cooling their heels in the Monastery: (8)
As of 2014-07-22 22:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (130 votes), past polls