lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <000001c39268$444718b0$3321a8c0@ampcpas.com>
From: mstarr at ampeisch.com (Michael A. Starr)
Subject: Re: Any news on www.kievonline.org site?

Gentlemen;

I got the same message that is being discussed in this thread.  I include it
again, not to continue the propagation, but to have it convenient for
viewing.  From reading this thread, it seems that the site in question is,
or rather was, some kind of porn site, possibly which this guy
admin@...vonline.org would like to advertise.  If you look at the words that
were chosen, you'll notice that there are several of the words that *should*
get picked up by body content filters (if we're running body content
filters) -- ranging from sex (fuck, head), to golden showers (piss), to
"hate words" (nigger), to "hacking and warez" (hacking), phrases like "in my
face", and "a man needs" might get tagged as well.

What I suspect is that the kievonline.org site was a throw-away, and that
this guy is really running some kind of sophisticated probe against mail
servers to determine what filters we have in place.  I hate to say so, but
it might even be a subscriber to this list that is monitoring who reports
receiving this email.  The spam assassin score was a 3.0, so that probably
won't catch it. Header filters certainly won't stop the subject "Thank you".
He's even prepped us for a spam flood by saying that he added our address to
every spam list he could find. . .  All in all a very convincing package. I
don't think the point of this is a malicious code attack, but as I said, a
probe to see what can be gotten through.

Any thoughts?

Michael Starr, GSEC



<---Begin Spam --->
You are a piss head for hacking my site and informing my isp !!! Fuck you
nigger.

if your a man you should come here and tell me in my face
A man needs to make a living you know, Now you think my isp is going to do
something to stop me ?

FUCK YOU

Nice try. I have added your email address to every fucking spam list I can
find

Next time youll fuck with the right person
<--- End Spam --->

-----Original Message-----
From: Johannes Segitz [mailto:jusenet2@...itz.de]
Sent: Tuesday, October 14, 2003 5:48 AM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Re: Any news on www.kievonline.org site?


Steve Wray <steve.wray@...adise.net.nz> wrote:
> So far in my googling I havn't found anything about
> the site.

It's slowly getting into the index
http://groups.google.com/groups?q=kievonline.org&hl=en&lr=&ie=UTF-8&oe=utf-8
&sa=N&tab=wg

It's spam. Just feed your $BAYESIAN_FILTER

Regards,
Johannes
--
      Give a man a match and he will be warm for a while,
light him on fire and he will be warm for the rest of his life

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ