lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: uberguidoz at gmail.com (GuidoZ)
Subject: Mailing lists and unsolicited/malicious spam

> Yeah the last time I can remember that someone tried that on FD, was
> that some called exploit that had a IRC trojan in it...it was discovered
> after about 5 secs..lol

Ah yes - that perl script that magically appeared in the tmp
directory. heh, hey, can't blame the guy for trying.

Also to touch on the Nigerian scam, I get more of those to my "list
only" address then anything else. I've never seen so many per day
either... they must be crawling the lists, desperate for suckers. I
dragged someone along for a few months just for $hits and giggles. lol
He sent me pictures, passport photocopy, bank transfer statements, all
kinds of good stuff. I posted it over on: http://www.scamorama.com/

Good times.

--
Peace. ~G


On Fri, 26 Nov 2004 13:44:01 -0600, Todd Towles
<toddtowles@...okshires.com> wrote:
> Yeah the last time I can remember that someone tried that on FD, was
> that some called exploit that had a IRC trojan in it...it was discovered
> after about 5 secs..lol
> 
> > -----Original Message-----
> > From: full-disclosure-admin@...ts.netsys.com
> > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Ron
> > Sent: Friday, November 26, 2004 12:40 PM
> > To: n3td3v
> > Cc: full-disclosure@...ts.netsys.com
> > Subject: Re: [Full-Disclosure] Mailing lists and
> > unsolicited/malicious spam
> >
> > One thing to note, however, is that people who post on this
> > list would tend to be the ones who know better than to listen
> > to spam or to open viruses or to help out those pool old
> > Nigerian Diplomats.
> >
> >
> > n3td3v wrote:
> >
> > >How many people are actually subscribed (on FD) and what are the
> > >general figures for subscribers for high profile mailing
> > lists, has any
> > >figures ever been released? And would the theft of the list
> > of e-mails
> > >subscribed be of value to spammers? I think it would be, I hope FD
> > >admin is up to date with and keeping tracks of bugs as the
> > rest of us.
> > >If malicious hackers/script kiddies got hold of the list, I
> > think they
> > >would be able to attack a good percentage of inboxes with
> > whatever they
> > >send. Weather it be porn spam or a phishing to take
> > passwords or if it
> > >be malcious code to take advantage of POP mail clients via SMTP.
> > >
> > >I think already FD is targeted by spam/phishing hackers who wish to
> > >collect e-mail addresses for further exploration. Perhaps
> > posting on FD
> > >could be a security risk in itself (well not just FD but
> > mailing lists
> > >online in general) as far as POP mail clients and SMTP is concerned.
> > >(web-based e-mail has its own problems which usually don't have the
> > >risk of taking over computers like mail clients do. Usually
> > web-based
> > >e-mail is just at risk from xss/cookie disclosure/account theft,
> > >whereas malicious code sent to mail clients can take over whole
> > >computer systems)
> > >
> > >For those of you who already have a "mailing list only"
> > e-mail address
> > >and a seperate address for work related/corporate/company
> > matters, do
> > >you see a different level of unsolicited spam, compared to the work
> > >address or other private e-mail address for friends and family? I'm
> > >thinking about setting up the same myself, just for experimental
> > >reasons! I think i'll find some differences between the two.
> > >
> > >Sorry if you don't care about anti-spam, but its something i'm
> > >interested in. Sorry to all the script kiddie hax0rs who
> > don't like me
> > >working against you and your e-mail collecting bots!
> > >
> > >Plus, do FD admin and other high profile mailing lists have
> > honey pots
> > >or similar methods to catch FD/mailing list born spam? I
> > believe a big
> > >mailing list can have its own domestic/internal spam,
> > seperate from the
> > >general internet who are not subscribed to the given mailing list or
> > >lists, and even different mailing lists having its own group of
> > >spammers targeting them, with its own nature of spam/phish/malicious
> > >code exploration.
> > >
> > >Thanks,
> > >n3td3v
> > >
> > >_______________________________________________
> > >Full-Disclosure - We believe in it.
> > >Charter: http://lists.netsys.com/full-disclosure-charter.html
> > >
> > >
> > >
> > >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ