Jump to content
Manx Forums - A Discussion Board & Classifieds for the Isle of Man

Douglas Council to investigate 'corruption' allegations

HelmutX

By HelmutX
in Local News

 Share

Recommended Posts

  • Replies 373
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Amadeus
Amadeus

So far I’ve only observed this thread from a distance for obvious reasons and I can’t comment on its main topic, but there comes a point: Sorry how is Albert linked to DBC? It appears you are onc

Albert Tatlock
Albert Tatlock

Bullplop. I have absolutely no connection to DBC whatsover, other than being a ratepayer. People have only been suspended for repeated abusive posts or not following the so often repeated legal a

Ringy Rose
Ringy Rose

Give over. They say that they have launched an investigation in line with their policy. Private employers would do nothing different and would also make no further comment.

Posted Images

The Bastard Experienced

The Bastard

Posted
Posted (edited)
On 1/6/2023 at 9:30 AM, Gladys said:

How would she if she didn't have the email?  Apart from that, she probably doesn't have system admin rights at DBC.

Even I understand roughly what is alleged to have happened, and I am not very tech savvy.  You know about hovering your cursor over the email sender's address to check the real address sending it, I take it? 

Email is not secure. When a mail is sent, the sending server basically says "Helo. I've got a mail from x@y.com to a@b.com, subject is "bin collections", the text follows..."

The receiving mail server does no due diligence to check that the mail was really sent by the person listed as the sender, or where it came from, though the connecting IP will be logged.

There's nothing to stop anyone connecting to the email port of the receiving server, pasting in a fake mail with real addresses. It still gets delivered, still looks like a real mail, still has the genuine address of the apparent sender. This also isn't hacking - the original sender's account has not been compromised in any way. 

Email is 1970s tech for US universities, and it's genuinely not a secure way to communicate. Most email is sent in plain text for a start.

Edited by The Bastard
  • Confused 1
Link to comment
Share on other sites
genericUserName Experienced

genericUserName

Posted
Posted
3 minutes ago, The Bastard said:

The receiving mail server does no due diligence to check that the mail was really sent by the person listed as the sender, or where it came from, though the connecting IP will be logged.

There's nothing to stop anyone connecting to the email port of the receiving server, pasting in a fake mail with real addresses. It still gets delivered, still looks like a real mail, still has the genuine address of the apparent sender. This also isn't hacking - the original sender's account has not been compromised in any way.

In the modern world - SPF, DKIM and DMARC address these issues.

  • Like 1
Link to comment
Share on other sites
genericUserName Experienced

genericUserName

Posted
Posted (edited)
6 minutes ago, The Bastard said:

Except in the real world they don't

Nobody today should be seeing spoofed emails in their regular work email. Assuming their email is properly set up.

Properly set up email will reject (or quarantine) email which fails. That is the 'real world' today.

Edited by genericUserName
  • Haha 1
Link to comment
Share on other sites
Gladys Grand Master

Gladys

Posted
Posted
2 hours ago, The Bastard said:

Email is not secure. When a mail is sent, the sending server basically says "Helo. I've got a mail from x@y.com to a@b.com, subject is "bin collections", the text follows..."

The receiving mail server does no due diligence to check that the mail was really sent by the person listed as the sender, or where it came from, though the connecting IP will be logged.

There's nothing to stop anyone connecting to the email port of the receiving server, pasting in a fake mail with real addresses. It still gets delivered, still looks like a real mail, still has the genuine address of the apparent sender. This also isn't hacking - the original sender's account has not been compromised in any way. 

Email is 1970s tech for US universities, and it's genuinely not a secure way to communicate. Most email is sent in plain text for a start.

My point was to respond to the idea that she should have known about the email and identified it as bogus, her being in IT and all. 

  • Thanks 2
Link to comment
Share on other sites
The Bastard Experienced

The Bastard

Posted
Posted
1 hour ago, Gladys said:

My point was to respond to the idea that she should have known about the email and identified it as bogus, her being in IT and all. 

If it's spoofed, she would never see the mail, so I don't know how she would identify it as bogus. If someone sends a spoofed mail purporting to come from her email address, she doesn't see the mail. It doesn't show in her outbox, and it never shows in her email account, since her account is not involved in the sending process at all. The only place it appears is at the destination mailbox, the person who receives it. The spoofer just sends some text to the mail server, which takes it as gospel and delivers the mail to the recipient.

  • Like 1
Link to comment
Share on other sites
FANDL Community Regular

FANDL

Posted
Posted
2 minutes ago, The Bastard said:

The only place it appears is at the destination mailbox, the person who receives it. The spoofer just sends some text to the mail server, which takes it as gospel and delivers the mail to the recipient.

She’s talked herself into a corner on this but she seems to be so unbelievably confrontational in trying to show she’s a victim rather than an aggressor that she’s lost perspective on it all. As you say it must have been obvious it was a spoof fairly early on. Richard Butt has even said that he’d called her earlier in the week to check as he’d had a similar email which she presumably said hadn’t sent. So she knew then and presumably there was nothing in her outbox to justify claims of a hack (ie, that her machine had sent the mail shed been called about). She’s IT system admin for RL360 isn’t she? So she presumably knows what a hack is like. So why claims of a hack other than to try to criminalize the activity like she likes to taint the residents who are ‘ideologically opposed’ to doing as they’re told.  It’s doubtful they’ll ever publish this mystery ‘hacker’ either because as you say a lot of spoof sites just fire text at a server so it’s doubtful they’ll find anything other than an originating IP which anyone with half a brain would have VPN’d anyway. So why all the drama? It’s just another notch in her victimhood campaign because she appears to be totally incapable of accepting anyone else’s world view other than her own. 

  • Thanks 2
Link to comment
Share on other sites
Gladys Grand Master

Gladys

Posted
Posted
31 minutes ago, The Bastard said:

If it's spoofed, she would never see the mail, so I don't know how she would identify it as bogus. If someone sends a spoofed mail purporting to come from her email address, she doesn't see the mail. It doesn't show in her outbox, and it never shows in her email account, since her account is not involved in the sending process at all. The only place it appears is at the destination mailbox, the person who receives it. The spoofer just sends some text to the mail server, which takes it as gospel and delivers the mail to the recipient.

That was my point. 

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...