lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 01 Nov 2007 03:16:04 -0000
From: "lsi" <stuart@...erdelix.net>
To: "Aaron Katz" <atkatz@...il.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: spammer wades into US Presidential race

> Did you try contacting his campaign, and asking them if it was theres?
>  While they may not fess up,  it wouldn't hurt.

Actually, it would hurt my wallet, and waste my time, compounding the 
loss
already incurred by receiving the spam in the first place.

> Also, if you really believed that it might come from his campaign,

I didn't say that.

> wouldn't it be worth trying to find out if

No.

> Simply postulating that it's his (considering spamming is not a nice

I didn't do that.  But now you mention it - why would a spammer 
divert precious bandwidth from sending profitable spam?  That's gonna 
cost him money.  Either the spammer donated his resources for free, 
or someone paid - and who is that most likely to be?   You?  Me?  Ron 
Paul?  Hilary Clinton?  You decide.

> thing) without even checking his record on such a topic, and claiming
> "newsworthy" isn't quite... nice.

Check out Wired's take on it here:

http://www.wired.com/politics/security/news/2007/10/paul_bot

It seems the net is somewhat overrun with his apologists.

Stu

> On 10/30/07, lsi <stuart@...erdelix.net> wrote:
> > I didn't do much in the way of research, cos this is surely spam, and
> > we know spammers forge as much as possible.  So, I presume Derk
> > Gaston doesn't exist (I note his email address is
> > janek@...withxxx.com, unlikely).
> >
> > I note the mail is coming from .cn, a quick ping and traceroute
> > confirm this, again, it's unlikely Mr Paul is posting his newsletter
> > via China.
> >
> > I also note the forged Received: line containing the hostname
> > dns02e.hants.gov.uk (this must be forged since it claims that host
> > has the IP 59.52.247.195, yet my own mailserver has resolved
> > 59.52.247.195 to 195.247.52.59.broad.nc.jx.dynamic.163data.com.cn,
> > and besides, there's no reason for Hampshire Council to be forwarding
> > my mail, especially when it's concerning an American politican and
> > it's sent from China by a guy named Derk with an email address that
> > starts with Jane ...
> >
> > Finally I note the randomness inserted and the end of the subject
> > line and body.
> >
> > That looks like professionally-produced spam, if its possible for
> > spam to be professional, which is why I forwarded it, because I don't
> > recall seeing spammers take much of an interest in politics before.
> > Unless of course Ron Paul commissioned the spam, which is unlikely
> > but certainly newsworthy if so.  All of these unlikelies got me
> > curious...
> >
> > Stu
> >
> > On 28 Oct 2007 at 12:04, Aaron Katz wrote:
> >
> > Date sent:              Sun, 28 Oct 2007 12:04:13 -0400
> > From:                   "Aaron Katz" <atkatz@...il.com>
> > To:                     stuart@...erdelix.net
> > Subject:                Re: [Full-disclosure] spammer wades into US
> > Presidential race
> > Copies to:              full-disclosure@...ts.grok.org.uk
> >
> > > Could you provide a little more information/investigation (I'm too
> > > lazy, at this very moment, to do the background investigation that you
> > > should have provided, like who derk gaston is)?  According to the
> > > headers, this looks like it might be forged (not just the little "may
> > > be forged" notice, but the source locations, and even the name of the
> > > person sending the mail - what association do they have to Ron Paul?)
> > >
> > > On 10/28/07, lsi <stuart@...erdelix.net> wrote:
> > > > [Well, it could be worse.  Spam that wants to end the Iraq war,
> > > > great! - Stu]
> > > >
> > > > Return-Path: <janek@...withxxx.com>
> > > > Received: from 195.247.52.59.broad.nc.jx.dynamic.163data.com.cn
> > > > (195.247.52.59.broad.nc.jx.dynamic.163data.com.cn [59.52.247.195]
> > > > (may be forged))
> > > >         by x.y.net (8.13.1/8.13.1) with ESMTP id l9S5irW8004442
> > > >         for <x@...et>; Sun, 28 Oct 2007 05:44:54 GMT
> > > > Received: from [59.52.247.195] by dns02e.hants.gov.uk; Sun, 28 Oct
> > > > 2007 05:44:51 +0000
> > > > Message-ID: <000701c81925$02a66001$93e966b1@...dwrot>
> > > > From: "derk gaston" <janek@...withxxx.com>
> > > > To: <x@...et>
> > > > Subject: Government Wasteful Spending Eliminated By Ron Paul  yGVed
> > > > Date: Sun, 28 Oct 2007 03:57:28 +0000
> > > >
> > > > [...]
> > > >
> > > > Hello Scott,
> > > >
> > > > Ron Paul is for the people, unless you want your children to
> > > > have human implant RFID chips, a National ID card and create
> > > > a North American Union and see an economic collapse far worse
> > > > than the great depression. Vote for Ron Paul he speaks the
> > > > truth and the media and government is afraid of him. This is
> > > > the last honest politican left to bring this country out of
> > > > this rut from the War Profiteers and bush Administration has
> > > > created. Get motivated America, don't believe the lies of the
> > > > media he has also WON the GOP Debate On Sunday! Value Freedom
> > > > and Liberty instead of corporate lies and corruption. Bypass
> > > > this media blackout they are doing to Ron Paul, tell your family
> > > > and friends and get involved in a local group at meetup.com make
> > > > your voice heard! He will end the War In Iraq immediately,
> > > > He will eliminate the IRS and wasteful government spending, and
> > > > eliminate the Federal Reserve and restore power to the people
> > > > and the only person not a member on the CFR. Can any other runner
> > > > make these claims or give Americans the true freedom we were all
> > > > raised to believe? We are all economic slaves to the banks and the
> > > > illegal federal Reserve. This is why our currency is worth nothing
> > > > because of Hidden Inflation Tax and the IRS taking everything
> > > > you make!
> > > >
> > > > ** RON PAUL WILL STOP THE IRAQ WAR IMMEDIATELY! **
> > > >
> > > > He has NEVER voted:
> > > > * to raise taxes
> > > > * for an unbalanced budget
> > > > * to raise congressional pay
> > > > * for a federal restriction on gun ownership
> > > > * to increase the power of the executive branch
> > > >
> > > > He HAS voted:
> > > > * against the Iraq war
> > > > * against the inappropriately named USA PATRIOT act
> > > > * against regulating the internet
> > > > * against the Military Commissions Act
> > > >
> > > > He will eliminate the IRS, Wasteful Government Spending &
> > > > Stop The Iraq War Immediately!
> > > >
> > > > Most importantly, he voted NO on anything in Congress that
> > > > is not allowed by the Constitution. And he Despises any
> > > > politican that does not do their job for the people and lives
> > > > up to the constitution!
> > > >
> > > > Google.com & Youtube.com Search: "Ron Paul"
> > > > Join The Revolution!
> > > >
> > > > ***************************************
> > > > We Need A Real President That Will Restore And Protect
> > > > Americans! Stop The War! Protect Our Borders!
> > > > *********VOTE RON PAUL 2008************
> > > > rIQdkb
> > > >
> > > >
> > > > -- End --
> > > >
> > > >
> > > > ---
> > > > Stuart Udall
> > > > stuart at@...erdelix.dot net - http://www.cyberdelix.net/
> > > >
> > > > ---
> > > >  * Origin: lsi: revolution through evolution (192:168/0.2)
> > > >
> > > > _______________________________________________
> > > > Full-Disclosure - We believe in it.
> > > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > > Hosted and sponsored by Secunia - http://secunia.com/
> > > >
> >
> >
> >
> > ---
> > Stuart Udall
> > stuart at@...erdelix.dot net - http://www.cyberdelix.net/
> >
> > ---
> >  * Origin: lsi: revolution through evolution (192:168/0.2)
> >
> >



---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ