Msen Home page  
     

Announcement Log


10/14/2004 - SPF records set for Msen.com and clients
As a step in slowing down viruses and email forgery in spam, Msen has installed Sender Policy Framework (SPF) records for domains that we process email for. As more ISPs start processing these records while receiving email, spam forgeries and viruses will be slowed significantly. See spf.pobox.com for more details.

06/15/2004 - Akamai DNS currently failing - Affects www.Yahoo.com and www.Google.com
Akamai who is a leader in uptime reliability is currently having DNS issues. Their servers are unreachable. This make www.yahoo.com appear down as well as many other very public web sites. The problem started at 8:30am. Yahoo and Google have changed their DNS by 10:00am so as to avoid the problem. Other high profile sites will still be affected until the problem is resolved. Most of the situation was solved by 11:00am.

05/01/2004 - Spam reduced 93% by use of Greylisting
Msen has implemented a greylisting system for SMTP email access to our servers. This process delays email for 10 minutes before accepting it. It is an attempt to block spammers who will only make one attempt at sending email before they go on to another victim. Any legitimate email server will retry any delayed mail, and so legitimate email gets through, while most spam is denied. Measurements show that 93% of spam is being blocked using this method alone. Msen's other spam blocking features can be activeated on a per account basis..

03/03/2004 - Virus posing as Msen.com Management Team
There is a new virus out that is posing as "Msen.com team" that claims you have been sending a virus. It has a "password protected zip file" that you can use to clean it up. DON'T! It is in fact a virus itself. Msen employees will never send you an attachment with a cleanup program. At most, we will give you a URL to go get it from the web yourself. Our ususal procedure for virus notification is to call the owner of the account and speak to you directly.

02/02/2004 - QUARANTINE rules went overboard
On of the two new rules when overboard in its attempt to filter out potentially harmful emails. Effectively, anthing that had html encoded in a mail message that had a link/object/embed/script was tagged as potentially dangereous. This filter has been removed.

01/31/2004 - New antivirus rules installed on mail systems
Because of the overwhelming load of Novarg/MyDoom viruses and its mutation, two new antivirus rules have been installed on the mail machines. These remove only a dozen of the latest viruses in mail and are not to be thought of as comprehensive. In other words, always run a virus scanner on your own machine.

Anything with an file extension of: bat pif cmd vba vbs scr lnk com exe chm
will be stripped from email. In order to send a file of this type, zip the file first, and email the zip archive.

01/27/2004 - Internet attack/virus in progress: W32.Novarg.A@mm
W32.Novarg.A@mm is a mass-mailing worm that arrives as an attachment with the file extension .bat, .cmd, .exe, .pif, .scr, or .zip.

When a computer is infected, the worm will set up a backdoor into the system by opening TCP ports 3127 through 3198, which can
potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network re sources.

In addition, the backdoor can download and execute arbitrary files.

The worm will perform a Denial of Service (DoS) starting on February 1, 2004. It also has a trigger date to sto p spreading on February 12, 2004.

Removal Instructions, please go to this link:

http ://securityresponse.symantec.com/avcenter/venc/data/w32.novarg.a@mm.html#removalinstructions

12/12/2003 - Fiber Cut in Michigan
At about 10:00 AM, there was a major fiber cut for phone and T1/T3 service in Michigan. This has affected wireless communications, SBC, Verizon, and many others. We are affected as well. So, there will be intermittant outages of our service until it is repaired. Estimates we have received are about noon.

08/14/2003 - The Blackout of 2003
As the initial news reports of the entire east coast being affected by a power outage, Msen shut down our servers until the backbone providers could restore service. We have now powered back on our servers, and are providing service via generator power. All routers, most servers, and one of two phone banks are available. We still have some telecom outages. Those are dependent on others restoring power at their facilites.

03/15/2003 - Expanded calling area
Msen now has local dialin numbers across most of the lower peninsula of Michigan. See our updated list of access numbers on the menu to your left for complete coverage information.

01/25/2003 - Internet attack/virus in progress
At 12:30am, an attack/virus started attacking Microsoft SQL servers on port UDP 1434. The attack is in saturation and causing 100% bandwidth and CPU utilization across much of the internet. Therefore, connections to everything are slow due to the excessive congestion.
4:00am The problem has been reduced to a minimum. SQL services across the Internet are currently blocked until this virus dies off from attrition.

07/16/2002 - MsenLite server upgrade
Today, Msen upgraded the machine serving email and web pages for MsenLite users. At this point we believe that all services are functioning properly. contact Msen if you have any issues.

06/26/2002 - SSH upgraded including server keys
All Msen production servers have been upgraded to avoid a remote exploit vulnerabily. The upgrade process required the changing of some server keys.

06/25/2002 - Apache web servers upgraded
All Msen production web servers have been upgraded to avoid a denial of service vulnerabily. If the upgrades have caused a problem in your website, contact Msen.

05/16/2002 - 10 digit dialing in 248/947 area codes
Ameritech is adding an overlay area code to the 248 area. Starting June 8th, 2002, seven digit dialing for a local phone number will no longer work. More details are available.

03/01/2002 - Spam tagging
Msen has started adding a header line to email when we suspect that a piece of email may be spam. This is an automated system using orbz.org and string matching. Full details and form to enable spam deletion are available upon request.

02/25/2002 - Microsoft Internet Explorer vulnerable -- Upgrade immediately
CERT Advisory CA-2002-04 Buffer Overflow in Microsoft Internet Explorer
Overview
Microsoft Internet Explorer contains a buffer overflow vulnerability in its handling of embedded objects in HTML documents. This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message.

Systems Affected

- Microsoft Internet Explorer

- Microsoft Outlook and Outlook Express

- Other applications that use the Internet Explorer HTML rendering engine
See Microsoft for the fix.

12/20/2001 - Windows XP vulnerable to network attacks -- Upgrade immediately
See the Detroit Free Press article or Eeye Digital Security's bulletin. The new UPNP (Universal Plug and Play) has several serious flaws. XP is vulnerable by default, and Me and 98 could be if the service has been installed. See Microsoft for the fix.

12/19/2001 - Microsoft Internet Explorer 6.0 vulnerable -- Upgrade immediately
CERT Advisory CA-2001-36 Microsoft Internet Explorer Does Not Respect Content-Disposition and Content-Type MIME Headers. Systems Affected:

- Microsoft Internet Explorer 6.0 for Windows

- Microsoft Outlook, Outlook Express, or any other software that utilizes vulnerable versions of Internet Explorer to render HTML
Microsoft Internet Explorer contains a vulnerability in its handling of certain MIME headers in web pages and HTML email messages. This vulnerability may allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message.
See Microsoft for the fix.

12/14/2001 - News service changes
Msen will be discountinuing our internal news server and is now outsourcing USENET news. This will provide a larger and more complete news service for our clients. This new service will only be available to Msen customers who use Msen routed IP addresses. As article numbers will be different, customers must use the catch up feature and re-get the list of newsgroups. The quickest solution is to delete and re-add your news server.
Customers outside of Msen IP address space will have access to the old server until at least December 31st.

11/29/2001 - And Another Worm In The Wild
The Badtrans.B worm exploits an Outlook and Outlook Express hole to execute its infected attachment automatically when the e-mail is opened. The worm's subject line appears to be a reply to a previously sent message. Badtrans.B self-propagates, then installs a back door on the computer, sends the machine's IP address to the worm's author, and runs a key logging program. Not a nice one for sure. There is a good article with some more background over at the InfoWorld site here:

09/18/2001 - New virus attacking Microsoft IIS servers
A new internet worm/virus has began propagating via the Internet this morning. This worm, named nimda, is spreading rapidly and is infecting Microsoft IIS 4.0 and 5.0 servers. Microsoft has issued a patch.

07/13/2001 - Code Red advisory
Patches to deal with the vunlerability exploited by Code Red are available from Microsoft.

02/23/2001 - Msen adds Sprint bandwidth
Today, Msen turned up a link to Sprint.

02/22/2001 - ssh vulnerablability removed
An exploit in ssh was found which may permit root access by remote users. Msen has patched ssh on all servers to prevent the exploit.

02/13/2001 - AnnaKournikova mail filter installed
1:00 am - Filters were installed to delete the AnnaKournikova.jpg.vbs virus before it infected customers mailboxes.

02/08/2001 - Bind (named) upgrade
In light of recent security issues with the previous version of BIND (named, the program that provides DNS services), all Msen machines providing DNS services have been upgraded to to BIND version 9.1.0.


The remainder of this file contains historical information which some Msen customers may find interesting.

08/08/2000 - Spam tagging
Msen has started adding a header line to email when we suspect that a piece of email may be spam. This is an automated system using the Realtime Blackhole List (RBL), ORBS, and the Dialup Users List (DUL). This detection is done by the ip addresses found in the headers or envelope of the email message.
   X-Spam-Suspected-by-Msen-because-of-Envelope: [207.69.200.226]_orbs
   X-Spam-Suspected-by-Msen-because-of-Header: [210.155.14.194]_rbl
are examples of the header line that is added to the email. These detection services do provide "false positives", especially ORBS. Therefore, instead of throwing out the email, Msen has chosen to only tag it as possible spam, and leave it up to the user to throw out the email based on the recommendation. One known false positive is Amazon.com's purchase receipts. That example alone serves as case and point on why we do not automatically throw out suspected spam. Currently about 6% of mail is being tagged.

01/17/2000 - Newsfeed upgrade.
Msen has upgraded our newsfeed again. Binary groups should be more complete and news should be delivered faster. If there is a specific group that interests you and you do not see it on our server, please send mail to service to let us know.

11/17/99 - New Web Cache machine is active.
Msen has added a web cache server for customer use. This server is designed to speed up web page loading by keeping a copy of all web pages that are viewed by Msen users. This eliminates the download time across the Internet for everyone except the first viewer.

10/28/99 - New news machine is active.
Msen has finished building the successor to ink.msen.com. The new machine is pravda.msen.com. The burn-in tests are complete, and were necessary. We killed and replaced one 18gig harddrive in the first week.

08/30/99 - Upgrade to conch
Msen had been planning to upgrade conch soon. Today, we started getting (corrected) SCSI errors on one of the drives. So, rather than try to upgrade the old hardware, we switched to the new hardware. This is a bigger, faster machine that is now running current code.

4/21/99 - News server rebooted
After nearly a year of uptime (345 days), Msens news server required a reboot.

4/12/99 - Msen customer sues the phone company -- and wins!
Today, in a precedent-setting case, the Michigan Public Service Commission ordered CenturyTel to stop discriminating against customers making calls to Internet Service Providers. The case was brought by an Msen customer who was charged more than $2,500.00 for what should have been local calls.

Last Update:Wednesday, 31-Aug-2005 10:54:46 EDT

Copyright 2001, 2002 Msen, Inc. All Rights Reserved.