lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: kernelclue at hushmail.com (kernelclue@...hmail.com)
Subject: FW: Tim recommended you


On Mon, 08 Sep 2003 16:11:33 -0700 Brian McWilliams <brian@...radio.com>
wrote:
>Random complaints about spammering may have no place on F-D, but
>spamming 
>has *everything* to do with security.
>

Um.  No.  Spamming has really nothing more to do with security than do
junk faxes.

>1. Spammers usually rely on open mail relays to send their junk
>e-mails.

This is a problem of stupid administrators but has nothing to do with
security or really even the security of those hosts.  One can operate
a fully secured open relay.  Reports of open relays do not belong on
this list.  If you find a new way to cause an open relay condition on
an otherwise secure box, that would be appropriate for this list.

>2. Spammers often use insecure FormMail scripts to send their junk
>e-mails.

The scripts themselves aren't security issues but their setup can enable
a spammer to use them to send spam.  While that may have been interesting
four years ago it's nothing new and again has less to do with security
than with stupid admins.

>3. Spammers recently have begun sending "net-send" or Windows Messenger
>>
>spams targeting folks on Windows PCs without adequate firewalls or
>port 
>settings.

And, like other issues, this isn't a security issue for this list.  It's
nothing new or even that interesting.  The net send command is an authorized,
 known command being used to send network messages.  The issue here is
also one of poor configuration.  This type of discussion may be more
appropriate on the securityfocus.com 'Security Basics' list. 

>4. Spammers use social engineering techniques such as spoofed "From"
>lines 
>in their messages.

Heh.  Social engineering techniques are probably valid for the list but
I didn't see that as being the goal of this thread.

The Full-Disclosure charter states: "Any information pertaining to vulnerabilities
is acceptable, for instance announcement and discussion thereof, exploit
techniques and code, related tools and papers, and other useful information."

I don't see any of the above in a complaint about spam to this list.
 There are no vulnerability announcements, no exploit techniques or discussion
thereof, no tools or papers, and it's definitely not useful information.

So, unless you're reporting something new or interesting about spam or
spammers, there are more appropriate lists for the content.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ