Analysing many spam emails can be long and painful, because you must navigate through many pages and send many confirmations. How much is the time you waste:
* finding the links, clicking,
* waiting for a new window or tab to open and to load the URL,
* then moving through these pages to read the report,
* eventually confirm and wait for the reports to be sent?
In my humil opinion, too much!

So SpamCop Denouncer speeds up the find-click-load-send part of that procedure. The analysis cannot be skipped: at least you must check you are not denouncing your self or improbable organisations.
It works like that:

1a) Use -f option to download messages from a POP3 account (using fetchmail), and save them to input file.
1b) Use -r <path> to read form a different input file, without fetching anything.

2 ) Get all spamcop reporting URLS from the input file.

3 ) Download all spamcop analysis pages and parse them. No interaction required.

4 ) For each spam-id, present a dialog screen where you can see and select which recipients your report will have. That process is very quick as all information is already locally available. If you are not sure of what you are doing, you can see the full analysis, which was saved to a temporary file in (3) so you have not to download it again. Then, you might pick off some recipients, then Cancel the report or accept it.

5 ) That done, all accepted reports will be sent in one shoot to the selected recipients. No interaction needed.

http://daniele.modena1.it/code/spamcop-denouncer

This Python scri_pt needs fetchmail, grep and dialog. Was tested on Debian unstable.

WARNING: One-day-hacking-scri_pt here! Use at your own risk!!!

SpamCop Denouncer v0.2 released!

* Many bugs fixed.
* Ability to parse spam pasted to standard input
* Ability to parse a mailbox and send each spam in it
* Security feature to alert if sensible spamvertised websites are found (eg, your own!)
* Process your spamcop queue (that brings no big time saving...)
* Added a "recently sent" database of spam IDs and hashes, so the risk of sending double reports is minimized
* Added a simple statistical engine, recording quality (mean age) and cost (seconds of human interaction).

Eg here are my statistics:

(note: coldrain is user-defined additional recipient, that's why is on the top)

Have fun reporting more and better, and recording your improvements!

I am receiving a lot of spam without any message body, resulting in SpamCop returning:
"No body provided, check format of submission"
I think bodyless spam is simply a nonsense, maybe used to test spam networks or to simply annoy zealous denouncers.
So today I added a check on the body of the messages: if it is empty, SCD will add a custom string such as:
'This spam email did not have a body. This string was added for reporting purposes'

The spam will then be happily reported.

Added some "screenshots" (console-shots!) here:
http://daniele.modena1.it/code/spamcop-denouncer/screenshots

Just a quick note -- there is something strange going on with that website. Every time I enter it, the blue light on my builtin webcam flashes. Not sure if its actually taking a picture, but will get back to you if it is. The idea that a website could turn on the camera is downright scary.

I'm running Linux, so if you are a Windows user, there may be other surprises.

...Ken

It's all ok: i included the WengoVisio flash object in the page:
http://www.wengovisio.com/index.php
Visitors can send video and audio messages to me using that applet, if they want.
So your webcam is flashing because Flash is scanning for a connected device - nothing dangerous!

All in th eyes of the beholder .... me, I'd be thinking along the lines of a security issue being exploited.

You can contact Adobe to denounce that if a user enable their Flash product to use webacms, then it will illicitly query the operative system to know if there is one connected.
http://www.adobe.com/support/flashplayer/

I think youtube is seriously infected with that fault

Untill Adobe fixes the fault, you should disconnect your webcam and microphone or uninstall their drivers.

Or, you can forbid Flash to access anyway to your microphone and webcam (also only to check if it exists) when not explicitly allowed.

So much easier to simply not let that kind of crap exist on your system to begin with.

But again, it's the described unannounced system scanning/tampering that's the real issue.

You're right, I (you) should uninstall Internet.

Also your browser "unannouncedly" scans/tamper your system to know the OS, the screen resolution, the lang, your precedent navigation (referrer) etc and, in default configurations, sends all those precious data to untrusted remote servers.

That's the way Falsh works. If you do not trust Flash, you can disable it unless requested (as I have done on my computer with flashblock).

I trust the WengoVisio applet and do not consider it carp also because it is part of the OpenWengo suite, an opensource Skype alternative, with the freedom to change service provider: http://www.openwengo.org/
The wengovisio object itself isn't open-source afaik, but I trust the source that produced it.

I'm sorry but you cannot dismantle the trust a person gives to someone/thing unless you provide good reasons.

A program for webcamming that scans for a connected device when allowed by your environment is not such a reason, to me.

Whatever.

That's quite a stretch from what I'm talking about, but for the uninitiated, all the above stuff is 'how' the great www actually works.

The continuous security issues and exploits is where my suggestion of "do not allow it" comes from.

Fine, you trust this running on "your" system. This part of the discussion is the use of it to reach out and touch other systems from a web-site you are advertising for something else entirely.

Again, you toss out a URL that is supposed to offer some kind of tool to be used for SpamCop.net Reporting. Why should there be an expectation that visiting that web-site to check out your offered tool results in a system-hardware scan initiated by that visit? Your alleged reason was for follow-on contact. assumedly support issues. That does not justify to me why this scan-thing would show up on the basic/front page .. it seems that this tool wouldn't be 'needed' unless someone chose to select that means of making contact ... so in my mind, it wouldn't need to be activated until that user actually attempted to make contact with you.

Now, with all that said, I see no sign of the scanning action happening on two systems here, see nothing in the code on the referebced URL that should activate any type of scan (ignoring the javasript link, not going to spend the time researching those, yet another tanhent on the secuity issue subject) .. so not sure what was being 'viewed' at this point that would have brought up the initial coment on this.

Ok, I will move it to a dedicated "contacts" page.
I personally dislike Flash, but I see is the only technology that actually makes possible these things.
Thinking of another superficial visitor that happen on my blog and begin to scream that I'm looking in his webcam simply don't compare to the (remote) utility of that applet. I considered it more an opportunity to advocate a better voip network than dominant skype or msn, than an actual mean of contact me...


Expect to find OT things in a personal website! I collect here all my stuff, and since I have diverse interests, the result is a permanently OT website.

What does it happen, afterall, when you visit a website with some sort of urchin.js incorporated? -> your visit is unexpectedly reported to an unrelate remote server, without your consense - privacy threat! (I disallow every such scri_pt each time i find a new one...!)

Or which embeds random ads? -> You will display content that is not related to the apparent purpose the page was written for.


This is the embedded flash object that activate the webcam:
http://button.wdeal.com/wvisio_v1-1/common...wf?wtf=29491355
With firefox, press ctrl+I while viewing the page: you see it in media tab.
You would not see it in the code of the page as it is loaded by this scri_pt:
http://button.wdeal.com/wvisio_v1-1/full_wengo_widget.js
So if you have restricted flash or java scri_pt env, the applet will not startup.

Just the last point:

Flash is running on your system, not on my system. Your system will not be touched if you configure it not to be.
It's not my fault if you configured your system to run every crap it find on the internet.

I think I will leave the applet and add a link such as:

Maybe with a sauron eye beyond.
The link will point to a page explaining why you should uninstall or turn off automatic Flash execution from your system.
It's a proprietary technology, so security updates are slow, torbid and you will never ultimately know what it is doing with your system while you browse

You seem to be of the mistaken thought that everyone is running flash. I am not... Wazoo generally uses a text only browser... many other regulars here are just as securely configured. In fact, I also no not have a camera.

Also, it is the applet that is accessing the camera that people are complaining about here and that is running on your site. You can do whatever you want with your system. We reserve the right to disable your link on this site and/or display a warning with it.

Also, many sites use flash (I see the request all the time), I have yet to hear about one accessing the camera system.

I myself do disable flash in my browser.
Really, I never see a flash animation unless I explicitly ask it.
I do not run it.
That's why I consider all that question a little bit paranoic. None here has flash installed, all are using text browsers... so where is the point!??

It is Macromedia Flash that is accessing the camera because the applet is asking the if there is one.
Flash.
Not the applet.
The applet is running in a Flash sandbox, on your computer, not "in my site".

And it behave that way because someone configured Flash to do so.
Not the applet.
Flash.


1. The applet runs in a Flash sandbox. It asks flash if there is a camera outside of the sandbox. That is applet programmer's fault, to ask for something....
2. Then Flash, if configured so, asks the O.S. if there is a camera connected. That's user fault, let Flash knows secret things they do not want to be known.
3. Finally the O.S. probes the hardware to see if there is a webcam, and that sometimes causes the camera light to flash because it turns on. That is perfectly normal if you have installed camera drivers.

Flash is checking for a camera to answer the applet, no more than a browser answers a remote server when it asks the language, the os, or if a particular plugin is installed or not, if java scri_pt is enabled or not.
The remote system asks.
Your system reply what you configured it to say.
Don't like?
Change configuration.

Any remote system have all the rights to ask if you has a sound system, which display device are you using, if you have java/java scri_pt/wtf enabled, which language do you speak, where are you from and which page linked you here, BUT IT CANNOT, N-E-V-E-R, ask if you have a CAMERA.

That is a big, big, bigger, biggest security issue.

I think it's way more dangerous to say that you are navigating with Windows98', if you are really doing so, for example



http://www.google.com/support/youtube/bin/...mp;answer=57409
There are many other, eg some social networks that allows video chat between participants without the need to install anything.

I CAN SEE YOU, anyway

I did not say ALL. There are many people who come here because they do not know what they are doing. We try to protect EVERYONE here.

The applet, from your site, is what is triggering Flash to access the camera. Without the applet that is coming from your site, the camera would not be accessed. Those other sites you have mentioned (commecial chat/youtube) would be expected to access a webcam as part of their operation. A personal site would not usually carry those expectations.

As I said, many other sites utilize flash and do not access the camera.

How should I explain that Flash is not accessing anything!?
In default configuration, Flash needs an active user confirmation to access the camera.

What is happening here is that Flash asks "Is there ANY webcam connected?" The drivers installed in your OS then check if the camera is still here, turning it on for a fraction of a second, and reply to Flash: yes/no.
This is not "accessing" it, because Flash isn't receiving any data from it.

It's the same difference between a cat and an ls command. The first accesses the file, the second only lists its properties. Infact it is available also for non-readable files!!!

This is EXACTLY what happens when your browser sends data about your environment to a remote server. Think of it. It asks the operative system version to your OS.

If quering for OS version lighted a blue light somewhere, you would be here screaming "We reserve the right to disable your link on this site and/or display a warning with it."!???

Flash did not access your camera, unless a fault big as a mountain resides in it (again, in Flash, not in the applet) code.
But, as I trust the applet source, I know that the authors would not exploit such a fault even if it existed.

I completely understand how flash works, you can stop explaining it. Once again, however, it is the applet on YOUR site that is triggering the action in question (flashing the webcam). Not every flash site triggers that action (flashing the webcam) or this would not have become such an issue.

As Wazoo already said (in other ways), YOU may trust the applet, but by placing it on your public site, YOU are forcing others to trust it as well.

The suggestion to place it on pages that only require the functionality, with appropriate verbiage indicating what that page was for, would have ended this discussion a while ago, as a responsible way to respond. Your reply makes you just seem to be arrogant about it.

I am done with this discussion.

Note to other moderators: I vote to modify the links on this thread that cause this to happen and/or add a warning what will happen if the link is followed. I will leave it up to the other moderators to choose this action however.

Your visiting any page triggers many, many other actions, that many users do not expect. But they don't light up a led, so they don't care.
Many of them, when knows which kind of info are distributing to entities they do not trust, disrupt this flow of information. Welcome to the knowledge that Flash CAN list your webcam properties. Now that you (and your webcam) have been illuminated, go, announce the verb, and make the folks disable Flash. Today was my embedded applet. Tomorrow could be the entire web. We will all die burned in hell.
But do not decide what I can and I cannot embed in my personal webpages, unless you provide a reasonable suspect that it's malicious or buggy (an exploitable form, malware, etc)

It's how the great www works. A network of trust. Welcome, again.
When you visit a website, your presence is notified to many third party entities whom the owner of the page trusts, but you may not, infringing your privacy, for example. If you do not trust those third parties, such as google urchin.js machinery etc, you should disable them.
I disabled Flash long ago. No one is forcing me to do anything, as my page is not forcing anyone. It asks. It's not my fault if you are configured to reply "yes, i have a webcam", and you don't like it.

Maybe I will do. But only to protect myself from uncareful paranoids. It's stupid, but uncareful paranoia is worst than silliness.

And this is not arrogant... To decide what someone can have or cannot have on his personal page, and cry out loud with moderators to ban him.

Anyway, i don't think paranoic people would never use my utility, because it's not written by ttottt themself-the-only-techie-they-trust.
As my topic seems to attract only this kind of person, I think keeping it is time totally wasted. No big drama: i built the scri_pt to aid myself, only hoped to find here advice and critiques (about the scri_pt!).
Moderate as you feel. Personally I would remove the entire topic so I can fresh start with the next "release", and maybe paranoid people will forget me.

I think this is a case where people should simply agree to disagree and move on. This topic isn't about a Flash action triggered by a website...it's about the "Denouncer," yes?

I think that providing the link to the Adobe "Global Privacy Settings panel" was sufficient in dealing with the issue of concern, and most everything else seems matters of personal preference and opinions.

DT

No, IMHO, it is not arrogant. It does have a bit of 'nanny' in it, but mostly what posters here want is to 'educate', not demonstrate, the pitfalls of being too trusting on the web. It was not asked to ban your post or to delete, just to break the link so that the non-technical would not go there. And that is no reason for you to be attributing any character except the one you are claiming, that it is simply within my control to do what I want with what I control. It has nothing to do with whether or not your use of Flash is malicious or benignly demonstrating what Flash can do. It says nothing about your website other than this is one website link I do not want on my website just as a server admin can block email from an IP address for a number of reasons including that s/he doesn't want anything with a 56 in it.

This is OT (or maybe not considering your reasons for posting apparently). Yes, it is a network of trust and etiquette is the way it works. No one forces anyone to go to any particular website - although those that contain deceptive practices are not being polite since the internet is built on trust. Therefore, anyone can block links to such sites from a website under hir control (a form of the 'cut direct' advocated by Miss Manners for those who do not follow etiquette rules offline). And, those who do control access the internet through technical means can enforce non-deception by making non-deception a part of the contract to access.

Still, using the internet requires more expertise from the average user than was anticipated. Between the marketing department wanting to get more business and not caring that the end user may not know how to use the product wisely (guns don't kill; people do) and the technical department working to 'protect' the hapless user, those who would be able to make good consumer decisions about where to go on the internet don't realize they have a choice.

As a matter of fact, I will not use a link provided here until one of the techies has done so and I wouldn't now go to your website because I don't know how to evaluate any things that you might have there to 'surprise' me. I like the freedom of the internet and wish that there were a better way of being able to 'hire' someone to keep my computer and browser in technical shape so that I would not experience any 'surprises' or would be able to avoid any sites that would 'technically' corrupt my technology. Fortunately, no one can physically force me to visit any sites or open any email that I don't want to.

Miss Betsy

Miss Betsy, I prey you not to visit my website.

It's about dangerous things such as downloading a program written in a dangerous and immature interpeted language (Python, isn't it already SCARING?), an run it after having modified it to fit your configuration (AAAAHHHRG! Configuration! Do not mention it!).

As the FIRST post said: "WARNING: One-day-hacking-scri_pt here!"
Now the days growed, but it's still all about hacking.
I prefer non-professional programs to be presented in personal websites, and announced as what they are, instead of amatorial things presented in highly professional manner.

If you cannot resist visiting it, at least do not download anything and more than all do not execute any code presented.

You are NOT the target of this stuff for the moment, and will not be for a long time. Clear?

Daniele,
I visited your website...but I need to learn more Italian so that I can understand it. Are you involved with the Scouts (as in Boy Scouts)? My son is an Eagle Scout. I just recently visited your country, but not the North. I was in Rome, Bari, and Sorrento (mostly in Sorrento). I took a cruise to Greece from Bari, and my flights were from Rome, but my wife and I spent a few days after the cruise in Sorrento (I brought back some Limoncello).

Peace,
DT

Hi David, thank you for your kind words. I'm form the middle-north of Italy, and yes I'm an agesci scout leader.
I should study a bit more english too, i think... every time I read something I posted I see a new mistake...

I hope yahoo babelfish helped you understanding it
( how do he know that? there is something evil going on his website... certanly a security issue being exploited )

This may explain a lot of this, especially my part of it. Your English is good enough I did not have any idea you were from outside of the US, where most of our posters are from.

I was not accusing you of doing anything wrong except exposing the people who are hitting your site to a bit more thorough scanning than they would normally get on the majority of the internet.

Primarily, my POV was to protect the novices, who do not usually know enough NOT to click on every link they see, from following your link unless they were prepared for what COULD be going on.

When I see an activity light on a device, it is telling me it is active (and in this case COULD be capturing images), not that it is simply telling the OS (which would already know about it) that it is there. But then, my privacy and security concerns are strong enough that I do not install Flash, or have a webcam.

The solution:
Direct download link for "novices": http://daniele.modena1.it/code/spamcop-den.../spamcop.py.txt
Hitting it will only transfer a non-executable text file.

And for the screenshots about the processing of an mbox file:
1. Get SpamCop ID(s)
The first reporting step is to submit the spam contained in a mailbox and get a "spamcop id" from spamcop.net. This will be used to gather further information and refer to each piece of spam.

2. Collect information about the spam
Then the scri_pt downloads the report page, where the detailed processing is shown by spamcop.net and where there are the submission forms. That page parsed to extract important information, then converted to text and stored in a temporary file for further reference.

3. Analyze the reports with fast dialogs
This is the only manual step. Each dialog presents an excerpt of the spam and the list of recipients. Each recipient can be de-selected and has a short string showing which is the role of the involved network (s: source, w: spamvertised, etc). You can see the full report (spamcop.net page) switching on the first entry and pressing ok. Then you can add your personal notes.
Click enter an the spam is confirmed, or "cancel" and it will be explicitly cancelled from spamcop.net. Your choose is stored for the next step.

4. Submit the reports
After you have analyzed all of them, the reports will be sent, confirming to spamcop.net as you would have done in your browser, but without interaction
A brief review of the submitted reports is printed (it is a slice of the response page obtained from spamcop.net). In case of error, the full web page will be printed out for debug.

5. Exit stats
At the end of the submission step some brief stats will be printed about the session. The time cost is calculated starting from the first response to a dialog (if you take a coffe between dialogs, ignore it!). In this case SCD was ran with -d switch so the mailbox containing the spam was cleared.

ANYWAY THIS IS NOT INTENDED FOR NOVICES!

Absolutely! But since I don't have a very clear idea of what's going on (as well as being a novice) and don't understand Italian (though I might be able to figure some via babelfish and long ago Latin), I doubt that I will ever visit your website.

I am not paranoid, but I do like to know enough to make a choice about what I do. If I were more technically fluent, it might be fun to visit your website and see what you are up to!

Miss Betsy

Miss B, as is usual, has a point. Many people would be deterred by the security alerts they may receive - for instance, visiting with XP Pro SP3 and IE7 one will see (though NOT on the new 'safe' page) "This website wants to run the following add-on: 'MSXML 5.0' from 'Microsoft Corporation'. If you trust the website and the add-on and want it to allow it to run, click here..." (unless MSXML 5.0 has been previously authorized - somewhere). If they are deterred, then that is not the problem.

Daniele has said already his site (or part of it) is not for tyros - though the XML warning will occur right at the opening page as might be seen by a passer-by. He has stated elsewhere his ideas about the purpose of a personal website - particularly what the owner might get from it, in exchange for the effort, and, if I understand correctly, that would not include him being condemned to transform himself into a full-time 'professional' website developer.

If he is willing to forgo visits from people like Miss Betsy and they are sensible enough to stay away then everyone is happy. But one cannot rely on the common sense of visitors. A blinking LED is one thing, but possibly encouraging visitors to approve controls (which are then active wherever else they go) - when safer options are (supposedly) available - is another. I am no expert in these matters but there seems to be wise advice given in: MSDN blog on add-on messages. But, at the end of the day, the concerns about the download page have been quickly and graciously addressed by Daniele - other matters are things of curiosity only and none of our business really.

And I love the name 'mythsmith'. As I once remarked to my country's leading employer of military historians, "There is nothing wrong with myths, they are more memorable than the facts and less mutable."

Thank you Farelf for having reported that. I hope I corrected it. It was a line in sarissa java scri_pt, part of Plone package, written to overcome shortage of IE conformance to standards I would never have seen that, 'cause I have never visited my site with IE , so your help was precious.

"Mythsmith" is a composed word myth+smith, and refer to a "legend-maker", who puts great effort (and pain) in it, like beating and forging metal.
I coined the word years ago reading a verse of Tolkien's Mythopoeia:

I, too, like the 'name' mythsmith and those who make legends are blessed. Not only those who make rhymes, but also others who actually make something for others to see - I am thinking of those who decorate yards or make gardens, but if I thought longer there might be other things - like websites.

BTW, my Flash Player (which I had to install for a particular reason) can't find the internet to update itself. And twice my clock has gone bonkers recently, once resetting to December 2001 and the other time to some other weird date in the past. Can't blame it on mythsmith though!

Miss Betsy