lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.60.0405120932160.17524@catbert.rellim.com>
From: gem at rellim.com (Gary E. Miller)
Subject: leaking

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Jimmy!

On Wed, 12 May 2004, KUIJPERS Jimmy wrote:

> I see no reason whatsoever why I should generate the e-mail address in a
>  cryptographic manner... .whatever that may mean (since when
> do we create an email address via a "cryptographically-secure" way and w
> hat is the relevance?

That is because spammers do not even bother to check for valid email
accounts anymore.  They run dictionaries of known usernames, millions
of them, against all know domains.  This is why Hotmail was so screwed up
last week.  Hundreds of emails to invalid email accounts for every valid
one.  Their poor server could not stand up to the load.

Someone asked me set up a new account "greg" on a lightly used domain
name.  His old email was getting too much spam and he figured that since
greg@...mple.com had never been used he should be spam free.  So I
checked the email logs.  Several dictionary spamers had visited in the
last few days, sending millions of emails, with millions of usernames,
to a domain that never had more than 5 active usernames.  Guess what?
greg@...mple.com was already being sent spam!  Also greg1@, greg2@,
greg3@, etc. were also being sent spam.  So changing his email to any of
those would only slow down his spam a little for a short while.

Unless you set up a test account with a big long random number there is
no hope that it is not already in one of these dictionaries.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
	gem@...lim.com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAolOm8KZibdeR3qURAr6hAJ0WaaivNEfiuCgMwko4eIJSdCQe1gCfSDa4
9y3ERoqoXn653xveMxma6lQ=
=79d2
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ