Cyber Mystery

Or perhaps they got the cutlist data, were able to associate it with you, looked up your phone number, and called...

Hmm - very disturbing. I'd be inclined to label it "industrial espionage" and take it up with law enforcement.

SketchUp CutList spresdsheet program home e-mail client (and plug-ins) server chain work e-mail client (and plug-ins)

It might be interesting to discover what kinds of data are being slurped up from other users...

Just out of curiosity, was the e-mail sent using your gmail account?

... snip

... snip

I'd take Morris's advice here, especially if some of this e-mail flowed through your company e-mail. If your company is large enough, you probably have an information assurance officer (or similar title). This could be indicative of a significant issue that affects more than the fact that your name and phone number were identified with your sketchup plans.

The email was sent through my personal ISP account.

I"m reluctant to go to law enforcement, but I will follow through with our security people. I work for a government organization with a population of about 15k, so I've got a few people I can tap, and maybe even interest in this.

thanks.

Tanus

whitehouse.gov?

They have recently claimed no knowledge of how email was sent to people who have never communicated with any government agency, so it's possible your name miracled itself somewhere too.

Data interception, plain and simple, most likely on your company side, either in-house or clandestine. Packet sniffing is easy to practice and is a big problem with many corporations and governments practicing it routinely, and SMTP traffic, on either side of the server, is fair game.

Only defense for the little guy is to encrypt your e-mail.

Google has a back door in Sketchup? Nah, Google would never do such a thing.

Right. It *can't* be related to anything he's running at home. It would be so much easier and more direct to intercept email at the company's email portal; trace where it came from; and call him at home to offer my services. A smarter person might, if he could figure out how, just slip you something in your SU add-in. Maybe even have you enter the contact information when you downloaded the software, even before you installed it. I know it sounds counterintuitively complex, but that's how I would go about it.

I forgot to mention... You could do your own sniffing. Wireshark is free for the download. Sysinternals's tcpview is also a free download. Run them on the client box if you suspect spyware.

Thank you for voicing that. Now I'm not the only one to go there. The thought had crossed my mind, but it seemed a bit over the top. Frankly it still does, but it's also a possibility.

It's terrible to think that way, but nonetheless the thoughts happen. The entire creed of "Don't be evil" had always struck me as sophmoric. Having said that, I still use Google search 10 times a day on a slow day, and love Sketchup. Google has almost become an indespensable aspect of many people's lives. The pressure to turn that to self-serving at the expense of the rest of us must at times be overwhelming.

Tanus

I'll try Wireshark. I'll also consider encrypting. This thing is bothering me. When I posted the original, I was thinking I was getting paranoid about sniffing, and figured the reactions here would go in a different direction. In fact, I was hoping so.

I'll check with our security people tomorrow, but my suspicion is that they'll tell me I shouldn't be sending myself personal emails and leave it at that.

Tanus

Nothing would surprise me, WRT Google. Other than Google Groups (I read during breaks at work and they've blocked all NNTP access), I don't use Google. There are other search engines.

Maybe. But the CutList add-on is just as likely to be the culprit. I doubt that it is intercepted email.

You didn't say what OS you are using. You might install a program that watches network trafic and run the program again. See if anything is "calling home."

It also could be on your friends email account. I doubt it has much to do with sketchup or the cut list program, as millions use this stuff and I would think it would have come up long ago. My guess is either your outgoing mail or your friends incoming mail is intercepted. Does your friend have a web site? Does his email go through his web site?

Google is fine but because it seems indispensable and I'm a bit of a non-conformist, I use

for my main search engine. I have it in my Firefox search window as primary. It works just as good as Google.

Also, on re-reading your problem, I thought you sent the email to a friend... it was to yourself at work... Does your work have a web site that processes the email, that would be my first place to look if it does. Google mail would be next, the most unlikely would be sketchup/cut list program because it "seems" the problem is unique to you.

I called at work to the help line and they were particularly uninterested. So far as I know, the email server is not a website at work, but even if it is, I can't get through to the guys who could verify it.

I suspect you're right about Google and CutList. I wouldn't be the first by any means. This sounds more like sniffing between my end and work. I'd also be very surprised if the people who called here were actually anything other than someone looking for a CC number.

A lesson learned, and a cheap one at that.

Tanus

I've been using ask.com, but have recently found that something they have done causes the pages to scroll very slowly on Firefox under Linux. I've actually started trying Bing (yeah, I get the irony) and have found it to work much better from that regard.

I am the author of the Cutlist plugin for Sketchup. I can assure you that the version that I distribute and the current version ( or any other officially distributed version) has no such software embedded into it to collect personal information.

Having said that, my software is 'open source' and the code is freely viewable and therefore freely modifiable - though I am not aware of anyone having copied my code and making a different version downloadable.

But it does make me wonder if there is anything I can do to prevent that.

In any case, my day job is as an internet switching/routing protocol developer. Part of my job is maintaining security software. There are plenty of ways to secure email but that's certainly a huge topic.

FWIW, I would suspect either malware on your PC or snooping of unencrypted SMTP messages to your workplace. As someone said, they may really just be after a CC number and not so much interested in selling you lumber. Though if they were snooping govt email, they would know the govt just prints money when they need it, they don't need (or probably even have ) a CC :) Snooping govt email may lead to good tips about purchase activity, and when the govt is the only game left in town still buying things, it may not be a bad tip but certainly illegal and unethical.

Someone else already mentioned that it may be easy to put email address and phone number together from some internet searches, especially, as you said, you may have given this out previously.

Another option is that you got a rogue version of my software. You can download from the only valid source and verify that your copy is an official version v4/0/7 is the latest (download it from

)

Best thing is to stay vigilant. Do not leave personal details in public places. Contact people offlist if you wish to trade info. Even this forum makes me nervous because a prominent message at the top of the posting states "Messages posted to this group will make your email address visible to anyone on the internet" I don't really like that and it's not necessary. Luckily I'm got some reasonably good spam filters but that's another story...

It's not the Cutlist plugin, unless you don't have my version. Check it.

Steve

I think you ought to run a thorough malware scan on both PCs, using several different scanners.

Probably so... but how'd they know to call you?

Steve, I and a lot of others use a different email address to post to groups than we use in normal correspondence. Lots of free email providers with spam filters out there. I check that email account once or twice a week - occasionally there's a non-spam message in it.