lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue Jun 20 12:49:41 2006
From: cardosolistas at contraditorium.com (Cardoso)
Subject: scammers paradise (big useless rant)


As every morning, I check my mailbox and start my traditional precedure
of reporting scammers spreading malware.

After a few months  doing it, I think the MAJOR source of malware are
free hosting providers. Most are small one-man sites, with little or
none security policy.

Scammers feast on the easyness of hosting their crap, and those sites
don't give a frack (Yes, I'm a Galactica fan) if they're hosting a
subdomain named "microsoft", a .exe, a .com or even a very suspicious
.scr, not to mention .pif or .bat files. 

If Joe T. Hoster wanted he could block any of the Evil Extensions (.exe
.bat .com and .scr) and presto, 99% of the scammers would be defanged.

The reality? Most sites don't have a security report, some require you
to sign-up to send a report, others are so badly designed that don't
even have a public email. 

Some of the worse to report:

www.sapo.pt
www.webcindario.com (and anything related to starmedia)
www.cjb.net

If I were the great ISPs, I'd BLOCK those sites and all others like them,
until they write down and FOLLOW a security policy. 

I'm really tired of so many people scammed, not only because they're
stupid (yes, the two reasons someone falls for a scam are stupidity or
greed) but also because some lazy smartass thinks he can make a quick
money being a "mini-geocities" sharing his punny $7/month Dreamhost site
with a gazillion of users, not caring about the kind of crapware they
share on his server. 

I apologize for the rant, but I try to keep all my apps (at my servers
and at home) up-to-date and try NOT to be stupid (altough I'm greed once
in a while) and don't like to see how people don't give a damn about
what others do with the resoucers THEY share. 




Allgemeinen Anschulterlaubnis
Cardoso <cardoso@...ox.com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299
vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com

Powered by blists - more mailing lists