dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3224
share rss forum feed


Blogger
Jedi Poster
Premium
join:2012-10-18
Reviews:
·Champion Broadba..

1 edit

Danger? What EXACTLY does the following mean.

Follow along step by step. It's important to do so.

1. I have a Mac with OS X 10.6.7. I was looking at a friend's business web site. Both my friend and her business are drop dead honest. She runs Windows on her personal computer that she also uses to connect to her domain site or host.

2. I copied a picture from her web site using my Mac. I used the latest version of Chrome to view her site. The were no problems copying the picture off of her site to my computer.

3. I then emailed another friend with the picture I copied as an attachment to the email. So far at that point nothing unusual has appeared or popped up.

4. The person that I emailed replied back using her Windows machine. She used her email client's "reply" function. Therefore a copy of my email text and the picture were in her reply below her message.

THE POTENTIAL PROBLEM and WARNING FLAG:

In the reply email to me on the picture in question there was a new addition. Immediately above the border of the picture were now the following:

[cid:AEFFA5E2-3144-480E-B8B9-60B6B6CDF0A1@socal.rr.com]

I am worried that someone has a problem with an exploit or virus or hack via Java. But I'm not an expert.

What's the deal and who has the problem and what do you think their problem or danger if any might be?



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

Is that image hosted on another server, and is just linked?



Blogger
Jedi Poster
Premium
join:2012-10-18
Reviews:
·Champion Broadba..

said by Juggernaut:

Is that image hosted on another server, and is just linked?

It is probable but unknown.

The image came from my friend's business site. She accesses and uploads or alters her site via her home computer. The site has its own domain name.

The site has been in existence since at least 2008 when I first encountered it. I would speculate from circumstantial evidence that it has been up way before that though.


Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

Honestly, that would be the first thing to check out, just to make sure.



sivran
Opera ex-pat
Premium
join:2003-09-15
Irving, TX
kudos:1

1 recommendation

reply to Blogger

You're seeing a bit of the guts of the email, nothing to be concerned about. Somewhere along the way, someone had a client that didn't understand (or couldn't find) the pasted picture.
--
Think Outside the Fox.



Blogger
Jedi Poster
Premium
join:2012-10-18
Reviews:
·Champion Broadba..

said by sivran:

You're seeing a bit of the guts of the email, nothing to be concerned about. Somewhere along the way, someone had a client that didn't understand (or couldn't find) the pasted picture.

I believe through some investigating by me I have answered my own question.

When I sent the email with the picture and then received the "reply to" back with the new "red flag" entry I was accessing the Internet through a Time Warner ISP.

Time Warner uses Road Runner mail servers. The socal.rr.com is Road Runner email server.

I simply saw the new and unusual entry referenced in my in fixated my eyes on the part that read socal.rr.com and thought immediately, damn, a fracking "Russian domain." My professional experiences with the "Russians" combined with the "freak" appearance of the entry sent me off the wrong track.

Plus the fact that the wrong track was a suspected Java exploit. Certain really bad bugs that can be very damaging like to use Java and Java has we know carries a lot of potential security baggage.

HELLFIRE
Premium
join:2009-11-25
kudos:18
reply to Blogger

said by Blogger:

[cid:AEFFA5E2-3144-480E-B8B9-60B6B6CDF0A1@socal.rr.com]

sivran See Profile got it in one.

Dumb question, what mail client(s) were in use on either end of the connection? You work enough in the Corporate
world when x% uses Outlook / Exchange, Y% uses Lotus Notes, Z% uses something else, you get alot of fun reading
email trails with the above scattered all over the place when some mail server can't handle the extensions properly.

Regards


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to Blogger

said by Blogger:

Time Warner uses Road Runner mail servers. The socal.rr.com is Road Runner email server.

Actually, 'socal.rr.com' is a localized domain for Time Warner Internet Services; specifically for Los Angeles, California. As '@socal.rr.com', it forms part of the email address. As 'pop-server.socal.rr.com' it is the incoming email server. As 'smtp-server.socal.rr.com' it is the message submission server. As 'hrndva-smtpin01.mail.rr.com', and
'hrndva-smtpin02.mail.rr.com', it comprises two MX servers.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
reply to Blogger

said by Blogger:

[cid:AEFFA5E2-3144-480E-B8B9-60B6B6CDF0A1@socal.rr.com]

As far as I know, these "CID:" thingies are identifiers so as to allow links to attachments in the same mail. In this case, the attachment is most likely the image that was forwarded. It is common to use the domain name (such as "@socal.rr.com") as part of the identifying name.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 12.2; firefox 17.0

Mele20
Premium
join:2001-06-05
Hilo, HI
kudos:5
reply to NormanS

said by NormanS:

said by Blogger:

Time Warner uses Road Runner mail servers. The socal.rr.com is Road Runner email server.

Actually, 'socal.rr.com' is a localized domain for Time Warner Internet Services; specifically for Los Angeles, California. As '@socal.rr.com', it forms part of the email address. As 'pop-server.socal.rr.com' it is the incoming email server. As 'smtp-server.socal.rr.com' it is the message submission server. As 'hrndva-smtpin01.mail.rr.com', and
'hrndva-smtpin02.mail.rr.com', it comprises two MX servers.

Time Warner Cable (different entity from Time Warner) doesn't "use" RR email servers. It OWNS RR mail servers. The name has not changed because that would be a logistical nightmare. Road Runner name for TWC internet has changed (due to copy-write and royalty charges for Road Runner logo) to the pathetically unimaginative TW Internet Services but the email servers and addresses will likely never change.
--
When governments fear people, there is liberty. When the people fear the government, there is tyranny. Thomas Jefferson
Expand your moderator at work

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS
reply to nwrickert

Re: Danger? What EXACTLY does the following mean.

This is correct. The use of the 'cid:' URL scheme for Content-ID is described in RFC2392.

(Rest here is an amplification of points already made, not specifically in response to you).

The fact that it showed up in the user-visible presentation of the mail message just says that some piece of mail software goofed along the way. Nothing to be alarmed at, and no need to suspect foul play. Plenty of email software fondles the message on its way; it's a miracle it works as well as it does



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

Fondles??? Email goes through the TSA? I know other three-letter agencies get a copy.
--
Don't feed trolls--it only makes them grow!


dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8

Technical term



Blogger
Jedi Poster
Premium
join:2012-10-18
Reviews:
·Champion Broadba..
reply to Blogger

Thanks to all for your quick response and providing the information on what happen in why due to email transactions or exchanging.

I was a little paranoid simply because on my backup or secondary computer that runs Windows I had been just infected a couple of days ago with two Java Exploits that potentially were really nasty. I caught and thoroughly purged or deleted them from the entire system.

I only recently have had contact with Time Warner Internet Cable Internet access. I was not familiar with their relationship or linkage with the Road Runner domain.

Fortunately, as you can see from subsequent posts by me I was able to research from the entry tag on the email that alarmed me that it was a result of the domain socal.rr.com and that was a domain owned and used by Time Warner who still use the Road
Runner domain designation for their email service.

My Windows machine is Win7 64, which IMO is easily MS's best OS ever. I've run Windows OS exclusively since 1994. Used them all which is why I praise Win7.

However, a couple of years ago I got a Mac as a gift. I never had any experience with OS X at the time. At first I would occasionally fire up the Mac to just learn OS X by playing with it. The more I learned OS X the more frequently I used the Mac. Once I was comfortable with OS X I came to personally prefer it over Windows. Both OS's are fine with each having strengths and weaknesses but I found that for my specific likes and uses in using a personal desktop computer that I really preferred OS X overall.

In the context of this thread and this forum I have to say one thing that I like about OS X is that security issues or minimal in comparison to Windows both in terms of threats and what is needed to protect it from threats.

For my Windows I spend most of my time on it updating it constantly with MS updates for the OS and MS Office, as well as updates and/or scans by MSE, Malwarebytes, SuperAntiSpyware, and Spyeware Blaster. I say without any sarcasm that one doesn't realize just how much time and effort is spent in just doing that, (I keep everything in Windows all ways updated/patched, etc), until you switch to using OS X. I'm not exaggerating.

With OS X updates are rare. Even though threats are lower or less for OS X than Windows, I nevertheless use a firewall and good OS X AV/Malware protection with Avast specific for OS X that provides real time protection and scan options and other options are excellent.


Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1

1 recommendation

reply to Blogger

rr.com is nothing to fear really. TWC was for at least a decade called Road Runner, It only changed when TWC was spun off of the main company Time Warner because once spun off they would have to license the Road Runner.(as it was named after the cartoon bird and not the real species of bird with the same name.)
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports

Expand your moderator at work