lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6E4E9A51D91C044F9879FD72389600F73A6E3C@new_iron.vigilantminds.com>
From: brian.dinello at vigilantminds.com (Brian Dinello)
Subject: Spam with PGP

My personal favorite is the 'message embedded in an html table' trick
where every letter in the email is in its own cell in a table like this:

<pre>
<table cellpaddig=0 cellspacing=0>
<tr>
<td>
H
</td>
<td>
e
</td>
<td>
l
</td>
<td>
l
</td>
<td>
o
</td>
</tr>
</table>
</pre>

This defeats almost every type of spam blocking app made today.  Even if
html tags are stripped.  When the message is rendered in an html capable
browser, it is human readable.

Very sneaky!  

Brian Dinello, CISSP
Senior Security Consultant




-----Original Message-----
From: Security Administrator [mailto:security@...aru.com] 
Sent: Tuesday, October 07, 2003 9:22 AM
To: Lan Guy
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Spam with PGP



 I remember hearing this is another method for bypassing spam filters.
Apparently some filters will pass e-mail with PGP signatures thinking it
is legitimate. It is an interesting concept, though.

 I think my favorite is still the jpgin an html enabled e-mail with
seemingly valid information and links that is actually a link to an xss
or pr0n site. Spammers are starting to use better methodologies and soon
filtering options will be almost impossible. I find it amusing to see
what they will do next, though.

-William

#########################
  security@...aru.com
   I'm nobody, yet..
#########################

On Tue, 7 Oct 2003, Lan Guy wrote:

> I just got this piece of Spam, with a PGP signature!
> Lan Guy
> ----- Original Message -----
> From: <mhz2H4@...cast.com>
> To: "sackMail" <>
> Sent: Tuesday, October 07, 2003 12:30 PM
> Subject: l, i didnt know you could put that up there , h l t
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> >  Hash: Q5
> >
> >  The following is your information.  This info will make you a 
> > happier  person. If it does not make you a happier person maybe you 
> > need  to get out more.
> >
> >
> > What was that thing she put up inside;
> >
> >   
> > http://200.206.184.201:8040/11/cgi/spind.pl?h=fi.dat&p=1a&lah=sq3ycn
> >
> >
> >
> > 2_._._._7
> >
> > 1) Switch your email options;
> > 3)  http://200.206.184.201:8040/11/r2.html
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> >  Version: GnuPG v1.0.2 (GNU/Linux)
> >
> > owsejfoiewur9834u9u3j4ojdflsejflkiew934udfo3i
> > sfdpo32i09rediwoejdolwesdnlfklksdjfj3409jldsfdk
> > sdnok3peodkpo3kdpo3kdnlaskdnlsakdnlwkd0-9
> > sfdpo32i09redswoejdolwesdnlfklksdjfj3409jlddfdk
> > sdlnkfsdk.fv,fe
> >  -----END PGP SIGNATURE-----
> >
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ