| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: David.Taylor at austrac.gov.au (David Taylor) Subject: Mailing lists and unsolicited/malicious spam It would be good to see the user's email addresses obfuscated in some way. M2c M@nga -----Original Message----- From: full-disclosure-admin@...ts.netsys.com [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of n3td3v Sent: Friday, 26 November 2004 11:38 AM To: full-disclosure@...ts.netsys.com Subject: [Full-Disclosure] Mailing lists and unsolicited/malicious spam How many people are actually subscribed (on FD) and what are the general figures for subscribers for high profile mailing lists, has any figures ever been released? And would the theft of the list of e-mails subscribed be of value to spammers? I think it would be, I hope FD admin is up to date with and keeping tracks of bugs as the rest of us. If malicious hackers/script kiddies got hold of the list, I think they would be able to attack a good percentage of inboxes with whatever they send. Weather it be porn spam or a phishing to take passwords or if it be malcious code to take advantage of POP mail clients via SMTP. I think already FD is targeted by spam/phishing hackers who wish to collect e-mail addresses for further exploration. Perhaps posting on FD could be a security risk in itself (well not just FD but mailing lists online in general) as far as POP mail clients and SMTP is concerned. (web-based e-mail has its own problems which usually don't have the risk of taking over computers like mail clients do. Usually web-based e-mail is just at risk from xss/cookie disclosure/account theft, whereas malicious code sent to mail clients can take over whole computer systems) For those of you who already have a "mailing list only" e-mail address and a seperate address for work related/corporate/company matters, do you see a different level of unsolicited spam, compared to the work address or other private e-mail address for friends and family? I'm thinking about setting up the same myself, just for experimental reasons! I think i'll find some differences between the two. Sorry if you don't care about anti-spam, but its something i'm interested in. Sorry to all the script kiddie hax0rs who don't like me working against you and your e-mail collecting bots! Plus, do FD admin and other high profile mailing lists have honey pots or similar methods to catch FD/mailing list born spam? I believe a big mailing list can have its own domestic/internal spam, seperate from the general internet who are not subscribed to the given mailing list or lists, and even different mailing lists having its own group of spammers targeting them, with its own nature of spam/phish/malicious code exploration. Thanks, n3td3v _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html ********************************************************************** Please note that your email address is known to AUSTRAC for the purposes of communicating with you. The information transmitted in this e-mail is for the use of the intended recipient only and may contain confidential and/or legally privileged material. If you have received this information in error you must not disseminate, copy or take any action on it and we request that you delete all copies of this transmission together with attachments and notify the sender. This footnote also confirms that this email message has been swept for the presence of computer viruses. **********************************************************************
Powered by blists - more mailing lists