lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <p05210606bb2961af5a1e@localhost.>
From: rdump at river.com (Richard Johnson)
Subject: Email marketing company gives out
 questionable security advice

At 20:03 -0400 on 2003-07-02, Richard M. Smith wrote:
> Hi,
>
> Last week, I received an unsolicited email message from Mobil Travel
> Guide about their new online service.  In the message, I was encouraged
> to turn back on ActiveX and scripting in Outlook in order to view a
> Flash movie embedded in the message.  Needless to say, I thought this
> was a terrible idea.  Instead, I wrote the company who created the ad,
> Digital Produce (http://www.digita lproduce.com), saying they were giving
> out bad security advice and they should stop doing this sort of thing
> in future mailings.


The spamming for Mobile Travel Guide isn't the worst this bunch has done.

Amusingly, digitalproduce.com (AKA flashedmail.com) was involved in a
whitcon.net/uswives.com spamgang [1] attack against a number of addresses
on our servers just about a year ago.

They've been blacklisted on all our servers since.  Mere mention of their
security violation URLs in mail bodies causes the mail to be rejected.
This prevents their willful lack of security, let alone their deliberately
bad advice, from affecting our users.

All in all, their association with infamous porn spam gang Whitaker
Consulting has been a good thing for securing our systems against their
shoddy flash and evilX.  I sincerely applaud their taste in business
partners.  Bad company breeds bad attitude.  Or is it the other way around?

As long as they keep spamming, and providing spam support, they'll remain
blocked.


> It will be interesting to see how email marketing companies and
> spammers adapt to these technical changes in HTML email.


I've yet to discover any useful, practical difference between "email
marketing companies" and "spammers".  The terms are synonymous.

Why anyone would trust active content from a spammer is beyond me.


Richard

[1] http://www.spamhaus.org/rokso/search.lasso?evidencefile=1610

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ