summaryrefslogtreecommitdiff
path: root/e4/5749e6d06c981098804217abde9e26d464efa1
blob: ff8518d656cf915624d461add35b03637501d5d4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
Return-Path: <j@blockstream.io>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 715F43EE
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 17 Aug 2015 18:42:02 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-oi0-f45.google.com (mail-oi0-f45.google.com
	[209.85.218.45])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 8052411E
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 17 Aug 2015 18:42:01 +0000 (UTC)
Received: by oiew67 with SMTP id w67so67163771oie.2
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Mon, 17 Aug 2015 11:42:01 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:mime-version:from:date:message-id:subject:to
	:content-type;
	bh=+dKMqsihtizNiSy15qUYGceuVSQxuhkJz+KOAkVe9v8=;
	b=QaCZLm6AHpaZnWFmUDynhyfa+VSGUR6nhLzc7P7TU3ws0Rlj1wgeDW/M9t6Ald3V01
	5xxUqXoPCWWjL9Ub/ycXkjxsMIGgp6p/K8rjrRL7kvsj34iOHzMj2kRlkQqxbppa+z6w
	9tK+pcyQ5mDLxurGtDujwi5D0fvmzK0EJMm3bKSPEhiPKYG6VRJN9FVA/+8UBeJmaWCj
	tQ3K3aw12W82M+JdvzrLNMf20BJ3PCyhwA0M3VxFQ3/rm6mNtp40+J4A3A5b3kJ2Gvit
	BB79ol1adPC4E2ey4lwPFebVziLRd0snWWIGUCEnkp8fdLNCMOmrLSajyygylBKAljjD
	lGfw==
X-Gm-Message-State: ALoCoQkOpIQZAxEZC7bSrbkovfWLuE0R7C/p8te6SQdliaVQwWn+3e+IBEaVPicKxGRTWC3JZn1Y
X-Received: by 10.202.174.141 with SMTP id x135mr2301308oie.50.1439836920769; 
	Mon, 17 Aug 2015 11:42:00 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.202.46.147 with HTTP; Mon, 17 Aug 2015 11:41:31 -0700 (PDT)
From: Jonathan Wilkins <j@blockstream.com>
Date: Mon, 17 Aug 2015 11:41:31 -0700
Message-ID: <CAL0tybf2q=Mw8tmJFGJ+Y7n2vTi83XrMMOi2K0Bysr2KNaQtLg@mail.gmail.com>
To: bitcoin-dev@lists.linuxfoundation.org
Content-Type: multipart/alternative; boundary=001a113cf68032b14a051d86282b
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,HTML_MESSAGE,
	RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Subject: [bitcoin-dev] That email was almost certainly not the real Satoshi
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Aug 2015 18:42:02 -0000

--001a113cf68032b14a051d86282b
Content-Type: text/plain; charset=UTF-8

I'm sure that most people here were skeptical, but FWIW, the server that
hosts vistomail.com is a mess, it's a Plesk box with more than a couple of
services with dubious security histories. MailEnable smtpd, MSRPC, RDP, see
for yourself:

Most likely someone popped the box and is entertaining themselves.

Nmap scan report for vistomail.com (190.97.163.93)
Host is up (0.10s latency).
Not shown: 65521 filtered ports
PORT      STATE SERVICE       VERSION
21/tcp    open  ftp           Microsoft ftpd
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after:  2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.
25/tcp    open  smtp          MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
53/tcp    open  domain        Microsoft DNS 6.1.7601
| dns-nsid:
|_  bind.version: Microsoft DNS 6.1.7601 (1DB14556)
80/tcp    open  http          Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
| http-ntlm-info:
|   Target_Name: DS04
|   NetBIOS_Domain_Name: DS04
|   NetBIOS_Computer_Name: DS04
|   DNS_Domain_Name: DS04
|   DNS_Computer_Name: DS04
|_  Product_Version: 6.1 (Build 7601)
|_http-title: Domain Default page
110/tcp   open  pop3          MailEnable POP3 Server
|_pop3-capabilities: USER TOP UIDL
135/tcp   open  msrpc         Microsoft Windows RPC
143/tcp   open  imap          MailEnable imapd
|_imap-capabilities: completed CAPABILITY AUTH=CRAM-MD5 CHILDREN
UIDPLUSA0001 AUTH=LOGIN IMAP4rev1 OK IDLE IMAP4
443/tcp   open  ssl/http      Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
| http-methods: Potentially risky methods: TRACE
|_See http://nmap.org/nsedoc/scripts/http-methods.html
|_http-title: Domain Default page
| ssl-cert: Subject: commonName=secureanonymoussurfing.com
| Not valid before: 2015-05-03T00:00:00+00:00
|_Not valid after:  2018-05-02T23:59:59+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
587/tcp   open  smtp          MailEnable smptd 8.60--
| smtp-commands: vistomail.com [192.241.217.85], this server offers 4
extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=LOGIN,
|_ 211 Help:->Supported Commands:
HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOOP
3389/tcp  open  ms-wbt-server Microsoft Terminal Service
8443/tcp  open  https-alt?
| ssl-cert: Subject: commonName=Parallels Panel/organizationName=Parallels,
Inc./stateOrProvinceName=Virginia/countryName=US
| Not valid before: 2015-03-13T19:40:20+00:00
|_Not valid after:  2016-03-12T19:40:20+00:00
|_ssl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.
8880/tcp  open  http          Microsoft IIS httpd 7.5
|_http-favicon: Parallels Control Panel
|_http-methods: No Allow or Public header in OPTIONS response (status code
500)
|_http-title: Site doesn't have a title (text/html; charset=utf-8).
49154/tcp open  msrpc         Microsoft Windows RPC
49156/tcp open  msrpc         Microsoft Windows RPC
Warning: OSScan results may be unreliable because we could not find at
least 1 open and 1 closed port
Device type: general purpose|phone
Running: Microsoft Windows 2008|7|Phone|Vista
OS CPE: cpe:/o:microsoft:windows_server_2008:r2
cpe:/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8
cpe:/o:microsoft:windows cpe:/o:microsoft:windows_vista::-
cpe:/o:microsoft:windows_vista::sp1
OS details: Windows Server 2008 R2, Microsoft Windows 7 Professional or
Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows Vista SP0
or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows Vista SP2,
Windows 7 SP1, or Windows Server 2008

--001a113cf68032b14a051d86282b
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div>I&#39;m sure that most people here were skeptical, bu=
t FWIW, the server that hosts <a href=3D"http://vistomail.com">vistomail.co=
m</a> is a mess, it&#39;s a Plesk box with more than a couple of services w=
ith dubious security histories. MailEnable smtpd, MSRPC, RDP, see for yours=
elf: <br><br></div>Most likely someone popped the box and is entertaining t=
hemselves.<br><div><br>Nmap scan report for <a href=3D"http://vistomail.com=
">vistomail.com</a> (190.97.163.93)<br>Host is up (0.10s latency).<br>Not s=
hown: 65521 filtered ports<br>PORT=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 STATE SERV=
ICE=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 VERSION<br>21/tcp=C2=A0=C2=A0=C2=A0=
 open=C2=A0 ftp=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=
 Microsoft ftpd<br>| ssl-cert: Subject: commonName=3D<a href=3D"http://secu=
reanonymoussurfing.com">secureanonymoussurfing.com</a><br>| Not valid befor=
e: 2015-05-03T00:00:00+00:00<br>|_Not valid after:=C2=A0 2018-05-02T23:59:5=
9+00:00<br>|_ssl-date: 2015-08-16T00:08:25+00:00; +1m09s from local time.<b=
r>25/tcp=C2=A0=C2=A0=C2=A0 open=C2=A0 smtp=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0 MailEnable smptd 8.60--<br>| smtp-commands: <a href=
=3D"http://vistomail.com">vistomail.com</a> [192.241.217.85], this server o=
ffers 4 extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=3DLOGIN,<br>|_ 21=
1 Help:-&gt;Supported Commands: HELO,EHLO,QUIT,HELP,RCPT,MAIL,DATA,RSET,NOO=
P<br>53/tcp=C2=A0=C2=A0=C2=A0 open=C2=A0 domain=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0 Microsoft DNS 6.1.7601<br>| dns-nsid:<br>|_=C2=A0 bind.vers=
ion: Microsoft DNS 6.1.7601 (1DB14556)<br>80/tcp=C2=A0=C2=A0=C2=A0 open=C2=
=A0 http=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft II=
S httpd 7.5<br>|_http-favicon: Parallels Control Panel<br>| http-methods: P=
otentially risky methods: TRACE<br>|_See <a href=3D"http://nmap.org/nsedoc/=
scripts/http-methods.html">http://nmap.org/nsedoc/scripts/http-methods.html=
</a><br>| http-ntlm-info:<br>|=C2=A0=C2=A0 Target_Name: DS04<br>|=C2=A0=C2=
=A0 NetBIOS_Domain_Name: DS04<br>|=C2=A0=C2=A0 NetBIOS_Computer_Name: DS04<=
br>|=C2=A0=C2=A0 DNS_Domain_Name: DS04<br>|=C2=A0=C2=A0 DNS_Computer_Name: =
DS04<br>|_=C2=A0 Product_Version: 6.1 (Build 7601)<br>|_http-title: Domain =
Default page<br>110/tcp=C2=A0=C2=A0 open=C2=A0 pop3=C2=A0=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 MailEnable POP3 Server<br>|_pop3-capabilitie=
s: USER TOP UIDL<br>135/tcp=C2=A0=C2=A0 open=C2=A0 msrpc=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft Windows RPC<br>143/tcp=C2=A0=C2=A0=
 open=C2=A0 imap=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Mail=
Enable imapd<br>|_imap-capabilities: completed CAPABILITY AUTH=3DCRAM-MD5 C=
HILDREN UIDPLUSA0001 AUTH=3DLOGIN IMAP4rev1 OK IDLE IMAP4<br>443/tcp=C2=A0=
=C2=A0 open=C2=A0 ssl/http=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft IIS http=
d 7.5<br>|_http-favicon: Parallels Control Panel<br>| http-methods: Potenti=
ally risky methods: TRACE<br>|_See <a href=3D"http://nmap.org/nsedoc/script=
s/http-methods.html">http://nmap.org/nsedoc/scripts/http-methods.html</a><b=
r>|_http-title: Domain Default page<br>| ssl-cert: Subject: commonName=3D<a=
 href=3D"http://secureanonymoussurfing.com">secureanonymoussurfing.com</a><=
br>| Not valid before: 2015-05-03T00:00:00+00:00<br>|_Not valid after:=C2=
=A0 2018-05-02T23:59:59+00:00<br>|_ssl-date: 2015-08-16T00:08:24+00:00; +1m=
09s from local time.<br>587/tcp=C2=A0=C2=A0 open=C2=A0 smtp=C2=A0=C2=A0=C2=
=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 MailEnable smptd 8.60--<br>| smtp-c=
ommands: <a href=3D"http://vistomail.com">vistomail.com</a> [192.241.217.85=
], this server offers 4 extensions, AUTH LOGIN, SIZE 20480000, HELP, AUTH=
=3DLOGIN,<br>|_ 211 Help:-&gt;Supported Commands: HELO,EHLO,QUIT,HELP,RCPT,=
MAIL,DATA,RSET,NOOP<br>3389/tcp=C2=A0 open=C2=A0 ms-wbt-server Microsoft Te=
rminal Service<br>8443/tcp=C2=A0 open=C2=A0 https-alt?<br>| ssl-cert: Subje=
ct: commonName=3DParallels Panel/organizationName=3DParallels, Inc./stateOr=
ProvinceName=3DVirginia/countryName=3DUS<br>| Not valid before: 2015-03-13T=
19:40:20+00:00<br>|_Not valid after:=C2=A0 2016-03-12T19:40:20+00:00<br>|_s=
sl-date: 2015-08-16T00:08:24+00:00; +1m09s from local time.<br>8880/tcp=C2=
=A0 open=C2=A0 http=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 M=
icrosoft IIS httpd 7.5<br>|_http-favicon: Parallels Control Panel<br>|_http=
-methods: No Allow or Public header in OPTIONS response (status code 500)<b=
r>|_http-title: Site doesn&#39;t have a title (text/html; charset=3Dutf-8).=
<br>49154/tcp open=C2=A0 msrpc=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=
=A0 Microsoft Windows RPC<br>49156/tcp open=C2=A0 msrpc=C2=A0=C2=A0=C2=A0=
=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0 Microsoft Windows RPC<br>Warning: OSScan res=
ults may be unreliable because we could not find at least 1 open and 1 clos=
ed port<br>Device type: general purpose|phone<br>Running: Microsoft Windows=
 2008|7|Phone|Vista<br>OS CPE: cpe:/o:microsoft:windows_server_2008:r2 cpe:=
/o:microsoft:windows_7::-:professional cpe:/o:microsoft:windows_8 cpe:/o:mi=
crosoft:windows cpe:/o:microsoft:windows_vista::- cpe:/o:microsoft:windows_=
vista::sp1<br>OS details: Windows Server 2008 R2, Microsoft Windows 7 Profe=
ssional or Windows 8, Microsoft Windows Phone 7.5 or 8.0, Microsoft Windows=
 Vista SP0 or SP1, Windows Server 2008 SP1, or Windows 7, Microsoft Windows=
 Vista SP2, Windows 7 SP1, or Windows Server 2008<br></div></div>

--001a113cf68032b14a051d86282b--