lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040128123711.2927997B44@cpo.tn.tudelft.nl>
From: emvs.fd.3FB4D11C at cpo.tn.tudelft.nl (Erik van Straten)
Subject: SCV = Fundamentally Flawed (was: MyDoom Email targets)

The world could be a better place if more ISP's would query Spamcop or
cbl.abuseat.org (which includes the Spamhaus.org XBL). Also ISP's
could block egress 25/tcp for dialups/dsl's that are not supposed to
run their own MTA. SPF and RMX may help (but do have nuisances - we
may have to accept).

MyDoom proves that SCV is Fundamentally Flawed. It *does not* prove
the virus sender. It *will* push spammers in the wrong direction.

On Wed, 28 Jan 2004 09:20:51 -0000 Jos Osborne wrote:
> We've has Sales@ hit repeatedly. Not sure if that's cos it's in
> people's address books or not - there definitely haven't been any
> e-mails sent out from Sales recently.

If sales <at> meltemi,co,uk was Joe-jobbed, mail (spam usually) will
have been sent using that address. It will be in people's inboxes.
BTW Googling your sales address also hits. One or more of these pages
have probably been in the cache (and/or WAB) of infected PC's.

Finally I keep telling people not to use loads of addresses in To:/Cc:
and to be careful what they publish on the web. People tend to call me
a troll. I respect those who do not do this behind my back.

Erik (plz refrain from silly Q's - Google is your friend)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ