Cyber Mystery

In article <[email protected]>, Stuart
<[email protected]> wrote:

> In article <[email protected]>,
> Larry Blanchard <[email protected]> wrote:
> > > The email address I use for posting to the usenet is obviously bogus.
> > > There really isn't any need to get another address just for posting
> > > purposes unless you actually want someone to reply to you personally.
> > >
>
> > And as I said, I do occasionally get such a reply.
>
> My address is genuine and, by and large, I am happy for * people* to
> contact me. Spam is rare though whether that's done to my ISP's filters or
> my address I have no idea.

Email addresses aren't generaly harvested from usenet or the web
anymore. the viruses and trojans that are rampant through Windows-based
computing is more than adequate for the scammers and spammers.

In article <[email protected]>,
Larry Blanchard <[email protected]> wrote:
> > The email address I use for posting to the usenet is obviously bogus.
> > There really isn't any need to get another address just for posting
> > purposes unless you actually want someone to reply to you personally.
> >

> And as I said, I do occasionally get such a reply.

My address is genuine and, by and large, I am happy for * people* to
contact me. Spam is rare though whether that's done to my ISP's filters or
my address I have no idea.

Stuart

Hi Tanus,

I'm Jody with the SketchUp Team and just wanted to chime in as well.
There is definitely nothing in SketchUp that collects any personal
information or distributes that information. The only time SketchUp
(the software) sends any information is when you authorize or access
your license and then we don't send any personal information. I'm in
the boat that its an email sniffing issue as well but don't have much
to suggest beyond that. Its great that there are so many willing and
knowledgable peers to help you track down the breach. Good luck
finding the culprit! Hopefully it won't take long to get this
straightened out and for you to be emailing and surfing in peace
again. (And of course drawing in SketchUp too!)

Regards,
Jody



On Aug 18, 6:05=A0pm, Tanus <[email protected]> wrote:
> daltxguy wrote:
>
> > Hi,
>
> > I am the author of the Cutlist plugin for Sketchup. I can assure you
> > that the version that I distribute and the current version ( or any
> > other officially distributed version) has no such software embedded
> > into it to collect personal information.
>
> > Having said that, my software is 'open source' and the code is freely
> > viewable and therefore freely modifiable - though I am not aware of
> > anyone having copied my code and making a different version
> > downloadable.
>
> > But it does make me wonder if there is anything I can do to prevent
> > that.
>
> > In any case, my day job is as an internet switching/routing protocol
> > developer. Part of my job is maintaining security software. There are
> > plenty of ways to secure email but that's certainly a huge topic.
>
> > FWIW, I would suspect either malware on your PC or snooping of
> > unencrypted SMTP messages to your workplace. As someone said, they may
> > really just be after a CC number and not so much interested in selling
> > you lumber. Though if they were snooping govt email, they would know
> > the govt just prints money when they need it, they don't need (or
> > probably even have ) a CC :) Snooping govt email may lead to good tips
> > about purchase activity, and when the govt is the only game left in
> > town still buying things, it may not be a bad tip =A0but certainly
> > illegal and unethical.
>
> > Someone else already mentioned that it may be easy to put email
> > address and phone number together from some internet searches,
> > especially, as you said, you may have given this out previously.
>
> > Another option is that you got a rogue version of my software. You can
> > download from the only valid source and verify that your copy is an
> > official version v4/0/7 is the latest (download it from
> >http://www.box.net/shared/8nzm1tmdfm)
>
> > Best thing is to stay vigilant. Do not leave personal details in
> > public places. Contact people offlist if you wish to trade info. Even
> > this forum makes me nervous because a prominent message at the top of
> > the posting states "Messages posted to this group will make your email
> > address visible to anyone on the internet" I don't really like that
> > and it's not necessary. Luckily I'm got some reasonably good spam
> > filters but that's another story...
>
> > It's not the Cutlist plugin, unless you don't have my version. Check
> > it.
>
> > Steve
>
> Hi Steve,
>
> That is a wonderfully reassuring post. Thank you. Because of my own lack
> of knowledge about how my email may have been sniffed, I was willing to
> look down any road. The more I think about it, the more I can eliminate
> both Cutlist and Sketchup itself. As mentioned in an earlier post, it
> pained me to even think that that kind of software could be suspect.
>
> My version is 4.0.6, so I'll download the most recent to ensure that
> there isn't any issue with what I had. Truth be told, I can't remember
> where I downloaded it from.
>
> I've scanned my PC and nothing shows up. I"m using AVG free, but maybe I
> need something more robust. I don't know. The PC at work is scanned
> constantly as is the email server, although the occasional spam does get
> through.
>
> I agree with the vigilance. The email address on this post is a gmail
> account, which is forwarded to my personal account. Gmail seems to
> screen just about everything, and I rarely get spam from the forwarded
> mail.
>
> I like the plugin, Steve. I'm sorry I suspected it, and will continue to
> use it. It's clean, easy to use and has a few quirks that I got onto
> quickly.
>
> Tanus

On Aug 18, 2:41=A0am, Jack Stein <[email protected]> wrote:
> Tanus wrote:
> > It's terrible to think that way, but nonetheless the thoughts happen.
> > The entire creed of "Don't be evil" had always struck me as sophmoric.
> > Having said that, I still use Google search 10 times a day on a slow
> > day, and love Sketchup. Google has almost become an indespensable aspec=
t
> > of many people's lives. The pressure to turn that to self-serving at th=
e
> > expense of the rest of us must at times be overwhelming.
>
> Google is fine but because it seems indispensable and I'm a bit of a
> non-conformist, I usehttp://clusty.com/for my main search engine. =A0I
> have it in my Firefox search window as primary. =A0It works just as good
> as Google.
>
> Also, on re-reading your problem, I thought you sent the email to a
> friend... it was to yourself at work... =A0Does your work have a web site
> that processes the email, that would be my first place to look if it
> does. Google mail would be next, the most unlikely would be sketchup/cut
> list program because it "seems" the problem is unique to you.
>
> --
> Jack
> Using FREE News Server:http://www.eternal-september.org/http://jbstein.co=
m

Hi,

I am the author of the Cutlist plugin for Sketchup. I can assure you
that the version that I distribute and the current version ( or any
other officially distributed version) has no such software embedded
into it to collect personal information.

Having said that, my software is 'open source' and the code is freely
viewable and therefore freely modifiable - though I am not aware of
anyone having copied my code and making a different version
downloadable.

But it does make me wonder if there is anything I can do to prevent
that.

In any case, my day job is as an internet switching/routing protocol
developer. Part of my job is maintaining security software. There are
plenty of ways to secure email but that's certainly a huge topic.

FWIW, I would suspect either malware on your PC or snooping of
unencrypted SMTP messages to your workplace. As someone said, they may
really just be after a CC number and not so much interested in selling
you lumber. Though if they were snooping govt email, they would know
the govt just prints money when they need it, they don't need (or
probably even have ) a CC :) Snooping govt email may lead to good tips
about purchase activity, and when the govt is the only game left in
town still buying things, it may not be a bad tip but certainly
illegal and unethical.

Someone else already mentioned that it may be easy to put email
address and phone number together from some internet searches,
especially, as you said, you may have given this out previously.

Another option is that you got a rogue version of my software. You can
download from the only valid source and verify that your copy is an
official version v4/0/7 is the latest (download it from
http://www.box.net/shared/8nzm1tmdfm )

Best thing is to stay vigilant. Do not leave personal details in
public places. Contact people offlist if you wish to trade info. Even
this forum makes me nervous because a prominent message at the top of
the posting states "Messages posted to this group will make your email
address visible to anyone on the internet" I don't really like that
and it's not necessary. Luckily I'm got some reasonably good spam
filters but that's another story...

It's not the Cutlist plugin, unless you don't have my version. Check
it.

Steve

On Aug 19, 12:05=A0pm, Tanus <[email protected]> wrote:
> daltxguy wrote:
>
> > Hi,
>
> > I am the author of the Cutlist plugin for Sketchup. I can assure you
> > that the version that I distribute and the current version ( or any
> > other officially distributed version) has no such software embedded
> > into it to collect personal information.
>
> > Having said that, my software is 'open source' and the code is freely
> > viewable and therefore freely modifiable - though I am not aware of
> > anyone having copied my code and making a different version
> > downloadable.
>
> > But it does make me wonder if there is anything I can do to prevent
> > that.
>
> > In any case, my day job is as an internet switching/routing protocol
> > developer. Part of my job is maintaining security software. There are
> > plenty of ways to secure email but that's certainly a huge topic.
>
> > FWIW, I would suspect either malware on your PC or snooping of
> > unencrypted SMTP messages to your workplace. As someone said, they may
> > really just be after a CC number and not so much interested in selling
> > you lumber. Though if they were snooping govt email, they would know
> > the govt just prints money when they need it, they don't need (or
> > probably even have ) a CC :) Snooping govt email may lead to good tips
> > about purchase activity, and when the govt is the only game left in
> > town still buying things, it may not be a bad tip =A0but certainly
> > illegal and unethical.
>
> > Someone else already mentioned that it may be easy to put email
> > address and phone number together from some internet searches,
> > especially, as you said, you may have given this out previously.
>
> > Another option is that you got a rogue version of my software. You can
> > download from the only valid source and verify that your copy is an
> > official version v4/0/7 is the latest (download it from
> >http://www.box.net/shared/8nzm1tmdfm)
>
> > Best thing is to stay vigilant. Do not leave personal details in
> > public places. Contact people offlist if you wish to trade info. Even
> > this forum makes me nervous because a prominent message at the top of
> > the posting states "Messages posted to this group will make your email
> > address visible to anyone on the internet" I don't really like that
> > and it's not necessary. Luckily I'm got some reasonably good spam
> > filters but that's another story...
>
> > It's not the Cutlist plugin, unless you don't have my version. Check
> > it.
>
> > Steve
>
> Hi Steve,
>
> That is a wonderfully reassuring post. Thank you. Because of my own lack
> of knowledge about how my email may have been sniffed, I was willing to
> look down any road. The more I think about it, the more I can eliminate
> both Cutlist and Sketchup itself. As mentioned in an earlier post, it
> pained me to even think that that kind of software could be suspect.
>
> My version is 4.0.6, so I'll download the most recent to ensure that
> there isn't any issue with what I had. Truth be told, I can't remember
> where I downloaded it from.
>
> I've scanned my PC and nothing shows up. I"m using AVG free, but maybe I
> need something more robust. I don't know. The PC at work is scanned
> constantly as is the email server, although the occasional spam does get
> through.
>
> I agree with the vigilance. The email address on this post is a gmail
> account, which is forwarded to my personal account. Gmail seems to
> screen just about everything, and I rarely get spam from the forwarded
> mail.
>
> I like the plugin, Steve. I'm sorry I suspected it, and will continue to
> use it. It's clean, easy to use and has a few quirks that I got onto
> quickly.
>
> Tanus

Hi Tanus,
No offense taken about suspecting everything and thanks for the
comments about the plugin.
I use a gmail account as well and have to say they do a pretty good
job of filtering spam. I do want this particular email address to be
available as I welcome feedback on the plugin from other woodworkers
for future versions. What you see today has been very much a
collaborative effort

It seems you've got a good response across the board for your mystery
but it remains a mystery.
Maybe you can bait the perpetrator and see if you can establish the
point of interception. Use different data in different places as a
'tracer'.

good luck with your investigations.

Steve

On 8/16/09 11:57 AM, "krw" <[email protected]> wrote:

> On Sat, 15 Aug 2009 21:29:24 -0400, Tanus <[email protected]> wrote:

>>
>> I started to do a design in Sketchup a while back, and used the add-on
>> CutList. CutList generates what its name implies: a list of cut pieces
>> that are superimposed on a standard sized plank, and tries to maximize
>> wood useage or minimize waste. After it's done all of that it exports
>> the pieces and their dimensions to a format that can be opened with a
>> spreadsheet program.

>> A few days later, I came home and my wife said that someone had called
>> and was ready to quote prices on the cut up pieces of wood that I
>> wanted, all in mahogany.
>
> Google has a back door in Sketchup? Nah, Google would never do such a
> thing.

Maybe. But the CutList add-on is just as likely to be the culprit. I doubt
that it is intercepted email.

You didn't say what OS you are using. You might install a program that
watches network trafic and run the program again. See if anything is
"calling home."

Tanus wrote:
> This is sorta OT, but I've left it unlabeled.
>
> I started to do a design in Sketchup a while back, and used the add-on
> CutList. CutList generates what its name implies: a list of cut pieces
> that are superimposed on a standard sized plank, and tries to maximize
> wood useage or minimize waste. After it's done all of that it exports
> the pieces and their dimensions to a format that can be opened with a
> spreadsheet program. If you have coloured the pieces with a wood colour,
> it will also specify the wood used in manufacture.
>
> In my case, I'd used a mahogany colouring, so CutList assumed I was
> specifying mahogany. It didn't matter to me, I just wanted some colour.
>
> I copy/pasted the piece sizes along with material specification to an
> email client and then emailed myself at work so I had a list of what I
> needed when I went to buy the wood.
>
> A few days later, I came home and my wife said that someone had called
> and was ready to quote prices on the cut up pieces of wood that I
> wanted, all in mahogany. In fact, they could ship that day if she would
> give them a CC number. I'd never mentioned mahogany to her, so she
> decided to give them my phone number at work and let me deal with it.
> She was a bit surprised by the call, and didn't get the name of the
> company. They never did call me at work, which is really interesting.
>
> My email client includes my name in the "From" box, but no other
> personal information. I won't say I've never given out my phone number
> on web forms, but I don't ever recall giving it out to any wood
> suppliers. In any event, it's not an unlisted number.
>
> In the project that I drew up the plans for, I'm either going to use
> select pine from the local guy, or use some oak that I have in-house.
> I've never used mahogany in my life, and have no plans in the near
> future to get prices on it.
>
> Somehow, someone got the cutlist email, and called.
>
> I don't know what to think here. My "sent" mail folder has no email that
> goes to wood suppliers or anyone else that would have received that
> email, other than my work account. I've got theories, but they're a bit
> wild and involve cyber sniffing, which seems a bit over the top at this
> point.
>
> I suspect I will never know for sure.

Data interception, plain and simple, most likely on your company side,
either in-house or clandestine. Packet sniffing is easy to practice and
is a big problem with many corporations and governments practicing it
routinely, and SMTP traffic, on either side of the server, is fair game.

Only defense for the little guy is to encrypt your e-mail.


--
www.e-woodshop.net
Last update: 10/22/08
KarlC@ (the obvious)

On Tue, 18 Aug 2009 03:52:04 -0700, daltxguy wrote:

> Even this forum
> makes me nervous because a prominent message at the top of the posting
> states "Messages posted to this group will make your email address
> visible to anyone on the internet" I don't really like that and it's not
> necessary.

Steve, I and a lot of others use a different email address to post to
groups than we use in normal correspondence. Lots of free email
providers with spam filters out there. I check that email account once
or twice a week - occasionally there's a non-spam message in it.

--
Intelligence is an experiment that failed - G. B. Shaw

Tanus wrote:
> This is sorta OT, but I've left it unlabeled.
>
> I started to do a design in Sketchup a while back, and used the add-on
> CutList. CutList generates what its name implies: a list of cut pieces
> that are superimposed on a standard sized plank, and tries to maximize
> wood useage or minimize waste. After it's done all of that it exports
> the pieces and their dimensions to a format that can be opened with a
> spreadsheet program. If you have coloured the pieces with a wood
> colour, it will also specify the wood used in manufacture.
>
> In my case, I'd used a mahogany colouring, so CutList assumed I was
> specifying mahogany. It didn't matter to me, I just wanted some
> colour.
> I copy/pasted the piece sizes along with material specification to an
> email client and then emailed myself at work so I had a list of what I
> needed when I went to buy the wood.
>
> A few days later, I came home and my wife said that someone had called
> and was ready to quote prices on the cut up pieces of wood that I
> wanted, all in mahogany. In fact, they could ship that day if she
> would give them a CC number. I'd never mentioned mahogany to her, so
> she decided to give them my phone number at work and let me deal with
> it. She was a bit surprised by the call, and didn't get the name of
> the company. They never did call me at work, which is really
> interesting.
> My email client includes my name in the "From" box, but no other
> personal information. I won't say I've never given out my phone number
> on web forms, but I don't ever recall giving it out to any wood
> suppliers. In any event, it's not an unlisted number.
>
> In the project that I drew up the plans for, I'm either going to use
> select pine from the local guy, or use some oak that I have in-house.
> I've never used mahogany in my life, and have no plans in the near
> future to get prices on it.
>
> Somehow, someone got the cutlist email, and called.
>
> I don't know what to think here. My "sent" mail folder has no email
> that goes to wood suppliers or anyone else that would have received
> that email, other than my work account. I've got theories, but
> they're a bit wild and involve cyber sniffing, which seems a bit over
> the top at this point.
>
> I suspect I will never know for sure.
>

whitehouse.gov?

They have recently claimed no knowledge of how email was sent to people who
have never communicated with any government agency, so it's possible your
name miracled itself somewhere too.

On Tue, 18 Aug 2009 11:30:57 -0500, Gordon Shumway wrote:

> On Tue, 18 Aug 2009 10:38:12 -0500, Larry Blanchard
> <[email protected]> wrote:
>

>>Steve, I and a lot of others use a different email address to post to
>>groups than we use in normal correspondence. Lots of free email
>>providers with spam filters out there. I check that email account once
>>or twice a week - occasionally there's a non-spam message in it.
>
> The email address I use for posting to the usenet is obviously bogus.
> There really isn't any need to get another address just for posting
> purposes unless you actually want someone to reply to you personally.
>

And as I said, I do occasionally get such a reply.

--
Intelligence is an experiment that failed - G. B. Shaw

On Sun, 16 Aug 2009 18:29:27 -0400, Tanus <[email protected]> wrote:

>krw wrote:
>> On Sat, 15 Aug 2009 21:29:24 -0400, Tanus <[email protected]> wrote:
>>
>>> This is sorta OT, but I've left it unlabeled.
>>>
>>> I started to do a design in Sketchup a while back, and used the add-on
>>> CutList. CutList generates what its name implies: a list of cut pieces
>>> that are superimposed on a standard sized plank, and tries to maximize
>>> wood useage or minimize waste. After it's done all of that it exports
>>> the pieces and their dimensions to a format that can be opened with a
>>> spreadsheet program. If you have coloured the pieces with a wood colour,
>>> it will also specify the wood used in manufacture.
>>>
>>> In my case, I'd used a mahogany colouring, so CutList assumed I was
>>> specifying mahogany. It didn't matter to me, I just wanted some colour.
>>>
>>> I copy/pasted the piece sizes along with material specification to an
>>> email client and then emailed myself at work so I had a list of what I
>>> needed when I went to buy the wood.
>>>
>>> A few days later, I came home and my wife said that someone had called
>>> and was ready to quote prices on the cut up pieces of wood that I
>>> wanted, all in mahogany. In fact, they could ship that day if she would
>>> give them a CC number. I'd never mentioned mahogany to her, so she
>>> decided to give them my phone number at work and let me deal with it.
>>> She was a bit surprised by the call, and didn't get the name of the
>>> company. They never did call me at work, which is really interesting.
>>>
>>> My email client includes my name in the "From" box, but no other
>>> personal information. I won't say I've never given out my phone number
>>> on web forms, but I don't ever recall giving it out to any wood
>>> suppliers. In any event, it's not an unlisted number.
>>>
>>> In the project that I drew up the plans for, I'm either going to use
>>> select pine from the local guy, or use some oak that I have in-house.
>>> I've never used mahogany in my life, and have no plans in the near
>>> future to get prices on it.
>>>
>>> Somehow, someone got the cutlist email, and called.
>>>
>>> I don't know what to think here. My "sent" mail folder has no email that
>>> goes to wood suppliers or anyone else that would have received that
>>> email, other than my work account. I've got theories, but they're a bit
>>> wild and involve cyber sniffing, which seems a bit over the top at this
>>> point.
>>>
>>> I suspect I will never know for sure.
>>
>> Google has a back door in Sketchup? Nah, Google would never do such a
>> thing.
>
>Thank you for voicing that. Now I'm not the only one to go there. The
>thought had crossed my mind, but it seemed a bit over the top. Frankly
>it still does, but it's also a possibility.
>
>It's terrible to think that way, but nonetheless the thoughts happen.
>The entire creed of "Don't be evil" had always struck me as sophmoric.
>Having said that, I still use Google search 10 times a day on a slow
>day, and love Sketchup. Google has almost become an indespensable aspect
>of many people's lives. The pressure to turn that to self-serving at the
>expense of the rest of us must at times be overwhelming.

Nothing would surprise me, WRT Google. Other than Google Groups (I
read during breaks at work and they've blocked all NNTP access), I
don't use Google. There are other search engines.

Morris Dovey wrote:

> Tanus wrote:
>> This is sorta OT, but I've left it unlabeled.
>>
... snip
>>
>> A few days later, I came home and my wife said that someone had called
>> and was ready to quote prices on the cut up pieces of wood that I
>> wanted, all in mahogany. In fact, they could ship that day if she would
>> give them a CC number. I'd never mentioned mahogany to her, so she
>> decided to give them my phone number at work and let me deal with it.
>> She was a bit surprised by the call, and didn't get the name of the
>> company. They never did call me at work, which is really interesting.
>>
>> My email client includes my name in the "From" box, but no other
>> personal information. I won't say I've never given out my phone number
>> on web forms, but I don't ever recall giving it out to any wood
>> suppliers. In any event, it's not an unlisted number.
>>
... snip
>>
>> Somehow, someone got the cutlist email, and called.
>
> Or perhaps they got the cutlist data, were able to associate it with
> you, looked up your phone number, and called...
>
>> I don't know what to think here. My "sent" mail folder has no email that
>> goes to wood suppliers or anyone else that would have received that
>> email, other than my work account. I've got theories, but they're a bit
>> wild and involve cyber sniffing, which seems a bit over the top at this
>> point.
>>
>> I suspect I will never know for sure.
>
> Hmm - very disturbing. I'd be inclined to label it "industrial
> espionage" and take it up with law enforcement.
>
> SketchUp
> CutList
> spresdsheet program
> home e-mail client (and plug-ins)
> server chain
> work e-mail client (and plug-ins)
>
> It might be interesting to discover what kinds of data are being slurped
> up from other users...
>
> Just out of curiosity, was the e-mail sent using your gmail account?
>

I'd take Morris's advice here, especially if some of this e-mail flowed
through your company e-mail. If your company is large enough, you probably
have an information assurance officer (or similar title). This could be
indicative of a significant issue that affects more than the fact that your
name and phone number were identified with your sketchup plans.





--

There is never a situation where having more rounds is a disadvantage

Rob Leatham

On Tue, 18 Aug 2009 10:38:12 -0500, Larry Blanchard
<[email protected]> wrote:

>On Tue, 18 Aug 2009 03:52:04 -0700, daltxguy wrote:
>
>> Even this forum
>> makes me nervous because a prominent message at the top of the posting
>> states "Messages posted to this group will make your email address
>> visible to anyone on the internet" I don't really like that and it's not
>> necessary.
>
>Steve, I and a lot of others use a different email address to post to
>groups than we use in normal correspondence. Lots of free email
>providers with spam filters out there. I check that email account once
>or twice a week - occasionally there's a non-spam message in it.

The email address I use for posting to the usenet is obviously bogus.
There really isn't any need to get another address just for posting
purposes unless you actually want someone to reply to you personally.

Gordon Shumway

Tanus wrote:
> This is sorta OT, but I've left it unlabeled.
>
> I started to do a design in Sketchup a while back, and used the add-on
> CutList. CutList generates what its name implies: a list of cut pieces
> that are superimposed on a standard sized plank, and tries to maximize
> wood useage or minimize waste. After it's done all of that it exports
> the pieces and their dimensions to a format that can be opened with a
> spreadsheet program. If you have coloured the pieces with a wood colour,
> it will also specify the wood used in manufacture.
>
> In my case, I'd used a mahogany colouring, so CutList assumed I was
> specifying mahogany. It didn't matter to me, I just wanted some colour.
>
> I copy/pasted the piece sizes along with material specification to an
> email client and then emailed myself at work so I had a list of what I
> needed when I went to buy the wood.
>
> A few days later, I came home and my wife said that someone had called
> and was ready to quote prices on the cut up pieces of wood that I
> wanted, all in mahogany. In fact, they could ship that day if she would
> give them a CC number. I'd never mentioned mahogany to her, so she
> decided to give them my phone number at work and let me deal with it.
> She was a bit surprised by the call, and didn't get the name of the
> company. They never did call me at work, which is really interesting.
>
> My email client includes my name in the "From" box, but no other
> personal information. I won't say I've never given out my phone number
> on web forms, but I don't ever recall giving it out to any wood
> suppliers. In any event, it's not an unlisted number.
>
> In the project that I drew up the plans for, I'm either going to use
> select pine from the local guy, or use some oak that I have in-house.
> I've never used mahogany in my life, and have no plans in the near
> future to get prices on it.
>
> Somehow, someone got the cutlist email, and called.

Or perhaps they got the cutlist data, were able to associate it with
you, looked up your phone number, and called...

> I don't know what to think here. My "sent" mail folder has no email that
> goes to wood suppliers or anyone else that would have received that
> email, other than my work account. I've got theories, but they're a bit
> wild and involve cyber sniffing, which seems a bit over the top at this
> point.
>
> I suspect I will never know for sure.

Hmm - very disturbing. I'd be inclined to label it "industrial
espionage" and take it up with law enforcement.

SketchUp
CutList
spresdsheet program
home e-mail client (and plug-ins)
server chain
work e-mail client (and plug-ins)

It might be interesting to discover what kinds of data are being slurped
up from other users...

Just out of curiosity, was the e-mail sent using your gmail account?

--
Morris Dovey
DeSoto Solar
DeSoto, Iowa USA
http://www.iedu.com/DeSoto/

Mark & Juanita wrote:
> Morris Dovey wrote:
>

>>
>> SketchUp
>> CutList
>> spresdsheet program
>> home e-mail client (and plug-ins)
>> server chain
>> work e-mail client (and plug-ins)
>>
>> It might be interesting to discover what kinds of data are being slurped
>> up from other users...
>>
>> Just out of curiosity, was the e-mail sent using your gmail account?
>>
>
> I'd take Morris's advice here, especially if some of this e-mail flowed
> through your company e-mail. If your company is large enough, you probably
> have an information assurance officer (or similar title). This could be
> indicative of a significant issue that affects more than the fact that your
> name and phone number were identified with your sketchup plans.
>
>

The email was sent through my personal ISP account.

I"m reluctant to go to law enforcement, but I will follow through with
our security people. I work for a government organization with a
population of about 15k, so I've got a few people I can tap, and maybe
even interest in this.

thanks.

Tanus

"Swingman" <[email protected]> wrote in message
news:[email protected]...
> Data interception, plain and simple, most likely on your company side,
> either in-house or clandestine.

Right. It *can't* be related to anything he's running at home. It would be
so much easier and more direct to intercept email at the company's email
portal; trace where it came from; and call him at home to offer my services.
A smarter person might, if he could figure out how, just slip you something
in your SU add-in. Maybe even have you enter the contact information when
you downloaded the software, even before you installed it. I know it sounds
counterintuitively complex, but that's how I would go about it.

"Swingman" <[email protected]> wrote in message
news:[email protected]...
> Packet sniffing is easy to practice and is a big problem with many
> corporations and governments practicing it routinely, and SMTP traffic, on
> either side of the server, is fair game.
>
> Only defense for the little guy is to encrypt your e-mail.

I forgot to mention... You could do your own sniffing. Wireshark is free for
the download. Sysinternals's tcpview is also a free download. Run them on
the client box if you suspect spyware.

krw wrote:
> On Sat, 15 Aug 2009 21:29:24 -0400, Tanus <[email protected]> wrote:
>
>> This is sorta OT, but I've left it unlabeled.
>>
>> I started to do a design in Sketchup a while back, and used the add-on
>> CutList. CutList generates what its name implies: a list of cut pieces
>> that are superimposed on a standard sized plank, and tries to maximize
>> wood useage or minimize waste. After it's done all of that it exports
>> the pieces and their dimensions to a format that can be opened with a
>> spreadsheet program. If you have coloured the pieces with a wood colour,
>> it will also specify the wood used in manufacture.
>>
>> In my case, I'd used a mahogany colouring, so CutList assumed I was
>> specifying mahogany. It didn't matter to me, I just wanted some colour.
>>
>> I copy/pasted the piece sizes along with material specification to an
>> email client and then emailed myself at work so I had a list of what I
>> needed when I went to buy the wood.
>>
>> A few days later, I came home and my wife said that someone had called
>> and was ready to quote prices on the cut up pieces of wood that I
>> wanted, all in mahogany. In fact, they could ship that day if she would
>> give them a CC number. I'd never mentioned mahogany to her, so she
>> decided to give them my phone number at work and let me deal with it.
>> She was a bit surprised by the call, and didn't get the name of the
>> company. They never did call me at work, which is really interesting.
>>
>> My email client includes my name in the "From" box, but no other
>> personal information. I won't say I've never given out my phone number
>> on web forms, but I don't ever recall giving it out to any wood
>> suppliers. In any event, it's not an unlisted number.
>>
>> In the project that I drew up the plans for, I'm either going to use
>> select pine from the local guy, or use some oak that I have in-house.
>> I've never used mahogany in my life, and have no plans in the near
>> future to get prices on it.
>>
>> Somehow, someone got the cutlist email, and called.
>>
>> I don't know what to think here. My "sent" mail folder has no email that
>> goes to wood suppliers or anyone else that would have received that
>> email, other than my work account. I've got theories, but they're a bit
>> wild and involve cyber sniffing, which seems a bit over the top at this
>> point.
>>
>> I suspect I will never know for sure.
>
> Google has a back door in Sketchup? Nah, Google would never do such a
> thing.

Thank you for voicing that. Now I'm not the only one to go there. The
thought had crossed my mind, but it seemed a bit over the top. Frankly
it still does, but it's also a possibility.

It's terrible to think that way, but nonetheless the thoughts happen.
The entire creed of "Don't be evil" had always struck me as sophmoric.
Having said that, I still use Google search 10 times a day on a slow
day, and love Sketchup. Google has almost become an indespensable aspect
of many people's lives. The pressure to turn that to self-serving at the
expense of the rest of us must at times be overwhelming.

Tanus

MikeWhy wrote:
> "Swingman" <[email protected]> wrote in message
> news:[email protected]...
>> Packet sniffing is easy to practice and is a big problem with many
>> corporations and governments practicing it routinely, and SMTP
>> traffic, on either side of the server, is fair game.
>>
>> Only defense for the little guy is to encrypt your e-mail.
>
> I forgot to mention... You could do your own sniffing. Wireshark is free
> for the download. Sysinternals's tcpview is also a free download. Run
> them on the client box if you suspect spyware.
>
>
I'll try Wireshark. I'll also consider encrypting. This thing is
bothering me. When I posted the original, I was thinking I was getting
paranoid about sniffing, and figured the reactions here would go in a
different direction. In fact, I was hoping so.

I'll check with our security people tomorrow, but my suspicion is that
they'll tell me I shouldn't be sending myself personal emails and leave
it at that.

Tanus

Tanus wrote:

> The email was sent through my personal ISP account.

It also could be on your friends email account. I doubt it has much to
do with sketchup or the cut list program, as millions use this stuff and
I would think it would have come up long ago. My guess is either your
outgoing mail or your friends incoming mail is intercepted. Does your
friend have a web site? Does his email go through his web site?
>
> I"m reluctant to go to law enforcement, but I will follow through with
> our security people. I work for a government organization with a
> population of about 15k, so I've got a few people I can tap, and maybe
> even interest in this.
>
> thanks.
>
> Tanus


--
Jack
Using FREE News Server: http://www.eternal-september.org/
http://jbstein.com

Tanus wrote:

> It's terrible to think that way, but nonetheless the thoughts happen.
> The entire creed of "Don't be evil" had always struck me as sophmoric.
> Having said that, I still use Google search 10 times a day on a slow
> day, and love Sketchup. Google has almost become an indespensable aspect
> of many people's lives. The pressure to turn that to self-serving at the
> expense of the rest of us must at times be overwhelming.

Google is fine but because it seems indispensable and I'm a bit of a
non-conformist, I use http://clusty.com/ for my main search engine. I
have it in my Firefox search window as primary. It works just as good
as Google.

Also, on re-reading your problem, I thought you sent the email to a
friend... it was to yourself at work... Does your work have a web site
that processes the email, that would be my first place to look if it
does. Google mail would be next, the most unlikely would be sketchup/cut
list program because it "seems" the problem is unique to you.

--
Jack
Using FREE News Server: http://www.eternal-september.org/
http://jbstein.com

Jack Stein wrote:
> Tanus wrote:
>
>> It's terrible to think that way, but nonetheless the thoughts happen.
>> The entire creed of "Don't be evil" had always struck me as sophmoric.
>> Having said that, I still use Google search 10 times a day on a slow
>> day, and love Sketchup. Google has almost become an indespensable
>> aspect of many people's lives. The pressure to turn that to
>> self-serving at the expense of the rest of us must at times be
>> overwhelming.
>
> Google is fine but because it seems indispensable and I'm a bit of a
> non-conformist, I use http://clusty.com/ for my main search engine. I
> have it in my Firefox search window as primary. It works just as good
> as Google.
>
> Also, on re-reading your problem, I thought you sent the email to a
> friend... it was to yourself at work... Does your work have a web site
> that processes the email, that would be my first place to look if it
> does. Google mail would be next, the most unlikely would be sketchup/cut
> list program because it "seems" the problem is unique to you.
>

I called at work to the help line and they were particularly
uninterested. So far as I know, the email server is not a website at
work, but even if it is, I can't get through to the guys who could
verify it.

I suspect you're right about Google and CutList. I wouldn't be the first
by any means. This sounds more like sniffing between my end and work.
I'd also be very surprised if the people who called here were actually
anything other than someone looking for a CC number.

A lesson learned, and a cheap one at that.

Tanus

In article <[email protected]>, Tanus <[email protected]> wrote:
>
>I suspect you're right about Google and CutList. I wouldn't be the first
>by any means. This sounds more like sniffing between my end and work.

I think you ought to run a thorough malware scan on both PCs, using several
different scanners.

>I'd also be very surprised if the people who called here were actually
>anything other than someone looking for a CC number.

Probably so... but how'd they know to call you?

"Gordon Shumway" <[email protected]> wrote in message
news:[email protected]...
> On Tue, 18 Aug 2009 10:38:12 -0500, Larry Blanchard
> <[email protected]> wrote:
>
>>On Tue, 18 Aug 2009 03:52:04 -0700, daltxguy wrote:
>>
>>> Even this forum
>>> makes me nervous because a prominent message at the top of the posting
>>> states "Messages posted to this group will make your email address
>>> visible to anyone on the internet" I don't really like that and it's not
>>> necessary.
>>
>>Steve, I and a lot of others use a different email address to post to
>>groups than we use in normal correspondence. Lots of free email
>>providers with spam filters out there. I check that email account once
>>or twice a week - occasionally there's a non-spam message in it.
>
> The email address I use for posting to the usenet is obviously bogus.
> There really isn't any need to get another address just for posting
> purposes unless you actually want someone to reply to you personally.
>
> Gordon Shumway

I can state with some certainty from personal knowledge and experience that
email addresses containing "-spam" or "-nospam" are ignored by spambots.

Doug Miller wrote:
> In article <[email protected]>, Tanus <[email protected]> wrote:
>> I suspect you're right about Google and CutList. I wouldn't be the first
>> by any means. This sounds more like sniffing between my end and work.
>
> I think you ought to run a thorough malware scan on both PCs, using several
> different scanners.
>
>> I'd also be very surprised if the people who called here were actually
>> anything other than someone looking for a CC number.
>
> Probably so... but how'd they know to call you?

I've done the scans and nothing shows up.

My full name is on the "From" field in outgoing mail. Running a 411
search on that name will get not that many hits on a somewhat unusual
name. Trial and error I suppose.

T

daltxguy wrote:

>
> Hi,
>
> I am the author of the Cutlist plugin for Sketchup. I can assure you
> that the version that I distribute and the current version ( or any
> other officially distributed version) has no such software embedded
> into it to collect personal information.
>
> Having said that, my software is 'open source' and the code is freely
> viewable and therefore freely modifiable - though I am not aware of
> anyone having copied my code and making a different version
> downloadable.
>
> But it does make me wonder if there is anything I can do to prevent
> that.
>
> In any case, my day job is as an internet switching/routing protocol
> developer. Part of my job is maintaining security software. There are
> plenty of ways to secure email but that's certainly a huge topic.
>
> FWIW, I would suspect either malware on your PC or snooping of
> unencrypted SMTP messages to your workplace. As someone said, they may
> really just be after a CC number and not so much interested in selling
> you lumber. Though if they were snooping govt email, they would know
> the govt just prints money when they need it, they don't need (or
> probably even have ) a CC :) Snooping govt email may lead to good tips
> about purchase activity, and when the govt is the only game left in
> town still buying things, it may not be a bad tip but certainly
> illegal and unethical.
>
> Someone else already mentioned that it may be easy to put email
> address and phone number together from some internet searches,
> especially, as you said, you may have given this out previously.
>
> Another option is that you got a rogue version of my software. You can
> download from the only valid source and verify that your copy is an
> official version v4/0/7 is the latest (download it from
> http://www.box.net/shared/8nzm1tmdfm )
>
> Best thing is to stay vigilant. Do not leave personal details in
> public places. Contact people offlist if you wish to trade info. Even
> this forum makes me nervous because a prominent message at the top of
> the posting states "Messages posted to this group will make your email
> address visible to anyone on the internet" I don't really like that
> and it's not necessary. Luckily I'm got some reasonably good spam
> filters but that's another story...
>
> It's not the Cutlist plugin, unless you don't have my version. Check
> it.
>
> Steve

Hi Steve,

That is a wonderfully reassuring post. Thank you. Because of my own lack
of knowledge about how my email may have been sniffed, I was willing to
look down any road. The more I think about it, the more I can eliminate
both Cutlist and Sketchup itself. As mentioned in an earlier post, it
pained me to even think that that kind of software could be suspect.

My version is 4.0.6, so I'll download the most recent to ensure that
there isn't any issue with what I had. Truth be told, I can't remember
where I downloaded it from.

I've scanned my PC and nothing shows up. I"m using AVG free, but maybe I
need something more robust. I don't know. The PC at work is scanned
constantly as is the email server, although the occasional spam does get
through.

I agree with the vigilance. The email address on this post is a gmail
account, which is forwarded to my personal account. Gmail seems to
screen just about everything, and I rarely get spam from the forwarded
mail.

I like the plugin, Steve. I'm sorry I suspected it, and will continue to
use it. It's clean, easy to use and has a few quirks that I got onto
quickly.

Tanus

"SketchUp Guide Jody" <[email protected]> wrote in message
news:510f4a55-774d-4e39-8675-a27a13ef1619@b14g2000yqd.googlegroups.com...
Hi Tanus,

I'm Jody with the SketchUp Team and just wanted to chime in as well.
There is definitely nothing in SketchUp that collects any personal
information or distributes that information. The only time SketchUp
(the software) sends any information is when you authorize or access
your license and then we don't send any personal information. I'm in
the boat that its an email sniffing issue as well but don't have much
to suggest beyond that. Its great that there are so many willing and
knowledgable peers to help you track down the breach. Good luck
finding the culprit! Hopefully it won't take long to get this
straightened out and for you to be emailing and surfing in peace
again. (And of course drawing in SketchUp too!)

==============
Well, Guys. What do think of them apples? Speak His name and hear the rustle
of His wings. :D Where'd I put that tin-foil hat?

MikeWhy wrote:
> "SketchUp Guide Jody" <[email protected]> wrote in message
> news:510f4a55-774d-4e39-8675-a27a13ef1619@b14g2000yqd.googlegroups.com...
> Hi Tanus,
>
> I'm Jody with the SketchUp Team and just wanted to chime in as well.
> There is definitely nothing in SketchUp that collects any personal
> information or distributes that information. The only time SketchUp
> (the software) sends any information is when you authorize or access
> your license and then we don't send any personal information. I'm in
> the boat that its an email sniffing issue as well but don't have much
> to suggest beyond that. Its great that there are so many willing and
> knowledgable peers to help you track down the breach. Good luck
> finding the culprit! Hopefully it won't take long to get this
> straightened out and for you to be emailing and surfing in peace
> again. (And of course drawing in SketchUp too!)
>
> ==============
> Well, Guys. What do think of them apples? Speak His name and hear the
> rustle of His wings. :D Where'd I put that tin-foil hat?
>
>

I'm impressed with both of those apples, and have no problem believing
either Jody or Steve from CutList.

I know that some might say that of course they're going to deny any bad
software, but the more I think of it, the more I think it's likely on my
end but I've got some malware somewhere. That or it's being yanked out
of what is essentially public domain.

FYI Jody I never stopped working in SU even with the problem I was
having. And I too am very happy with the responses I got with this
thing, both from the forum regulars and the pros.

Thanks again to everyone and I'll be sure to post anything that I learn
about this in the future.

Tanus

Stuart wrote:
> In article <[email protected]>,
> Larry Blanchard <[email protected]> wrote:
>>> The email address I use for posting to the usenet is obviously bogus.
>>> There really isn't any need to get another address just for posting
>>> purposes unless you actually want someone to reply to you personally.

>> And as I said, I do occasionally get such a reply.

> My address is genuine and, by and large, I am happy for * people* to
> contact me. Spam is rare though whether that's done to my ISP's filters or
> my address I have no idea.

Same. I use comcast and comcast filters out most spam. I used to check
it occasionally to make sure it wasn't scanning out real mail, but it
never did, so now I have comcast throw everything it doesn't like in the
bit bucket. I get a few ads from places I told could send me ads, like
Amazon and a couple of wood working sites, but almost no stuff I don't want.

--
Jack
Using FREE News Server: http://www.eternal-september.org/
http://jbstein.com

Jack Stein wrote:

> Tanus wrote:
>
>> It's terrible to think that way, but nonetheless the thoughts happen.
>> The entire creed of "Don't be evil" had always struck me as sophmoric.
>> Having said that, I still use Google search 10 times a day on a slow
>> day, and love Sketchup. Google has almost become an indespensable aspect
>> of many people's lives. The pressure to turn that to self-serving at the
>> expense of the rest of us must at times be overwhelming.
>
> Google is fine but because it seems indispensable and I'm a bit of a
> non-conformist, I use http://clusty.com/ for my main search engine. I
> have it in my Firefox search window as primary. It works just as good
> as Google.
>

I've been using ask.com, but have recently found that something they have
done causes the pages to scroll very slowly on Firefox under Linux. I've
actually started trying Bing (yeah, I get the irony) and have found it to
work much better from that regard.


--

There is never a situation where having more rounds is a disadvantage

Rob Leatham

On Sat, 15 Aug 2009 21:29:24 -0400, Tanus <[email protected]> wrote:

>This is sorta OT, but I've left it unlabeled.
>
>I started to do a design in Sketchup a while back, and used the add-on
>CutList. CutList generates what its name implies: a list of cut pieces
>that are superimposed on a standard sized plank, and tries to maximize
>wood useage or minimize waste. After it's done all of that it exports
>the pieces and their dimensions to a format that can be opened with a
>spreadsheet program. If you have coloured the pieces with a wood colour,
>it will also specify the wood used in manufacture.
>
>In my case, I'd used a mahogany colouring, so CutList assumed I was
>specifying mahogany. It didn't matter to me, I just wanted some colour.
>
>I copy/pasted the piece sizes along with material specification to an
>email client and then emailed myself at work so I had a list of what I
>needed when I went to buy the wood.
>
>A few days later, I came home and my wife said that someone had called
>and was ready to quote prices on the cut up pieces of wood that I
>wanted, all in mahogany. In fact, they could ship that day if she would
>give them a CC number. I'd never mentioned mahogany to her, so she
>decided to give them my phone number at work and let me deal with it.
>She was a bit surprised by the call, and didn't get the name of the
>company. They never did call me at work, which is really interesting.
>
>My email client includes my name in the "From" box, but no other
>personal information. I won't say I've never given out my phone number
>on web forms, but I don't ever recall giving it out to any wood
>suppliers. In any event, it's not an unlisted number.
>
>In the project that I drew up the plans for, I'm either going to use
>select pine from the local guy, or use some oak that I have in-house.
>I've never used mahogany in my life, and have no plans in the near
>future to get prices on it.
>
>Somehow, someone got the cutlist email, and called.
>
>I don't know what to think here. My "sent" mail folder has no email that
>goes to wood suppliers or anyone else that would have received that
>email, other than my work account. I've got theories, but they're a bit
>wild and involve cyber sniffing, which seems a bit over the top at this
>point.
>
>I suspect I will never know for sure.

Google has a back door in Sketchup? Nah, Google would never do such a
thing.