lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: purdy at tecman.com (Curt Purdy)
Subject: Spam with PGP

The answer to SPAM IMHO is filtering on the client side.  Our server filter
gets 80%+ of it but I still got 50+ SPAMs a day.  Since going to PopFile
proxy filter on my laptop (awsome & free @ sourceforge) I get maybe one a
week. It's based on Bayesian Theorum.  Not bad for a 15th Century monk ;)

Curt Purdy CISSP, GSEC, MCSE+I, CNE, CCDA
Information Security Engineer
DP Solutions

----------------------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity zar Richard Clarke


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of MaX Flebus
Sent: Tuesday, October 07, 2003 6:52 PM
To: Full-Disclosure@...ts.netsys.com
Subject: [inbox] Re: [Full-Disclosure] Spam with PGP


>  I remember hearing this is another method for bypassing spam filters.
>Apparently some filters will pass e-mail with PGP signatures thinking it
>is legitimate. It is an interesting concept, though.
>
>  I think my favorite is still the jpgin an html enabled e-mail with
>seemingly valid information and links that is actually a link to an xss or
>pr0n site. Spammers are starting to use better methodologies and soon
>filtering options will be almost impossible. I find it amusing to see what
>they will do next, though.
>
>-William

Well, this reminds us that a spam filter, although definitely a good
thing, it's not the definitive solution, just like a firewall IMHO.
You can't bet too much on a purely automatic solution.
Anyway, again like firewalls, I'm not so pessimistic: completely
filtering out what you don't want could be, OK, impossible but filtering
out almost all, is what we really need.

MaX
-- www.flebus.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists