lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4173CCED.7010604@sdf.lonestar.org>
From: bkfsec at sdf.lonestar.org (Barry Fitzgerald)
Subject: why o why did NASA do this.

Harry de Grote wrote:

>i have to admit... it's pretty old and useless, but i think this may be a nice 
>place for spammers to try out some new adresses...
>
>  
>
This is *NOT* the major issue that everyone is blowing it out to be.

Lists like this are available on many organization/company websites.  
This mailing list itself is a vast treasure-trove of data for spammers.  
In fact, it's a far more lucrative one because the users span multiple 
active e-mail domains.

Even with this abundance of e-mail accounts, spammers STILL use botnets 
and the like to send out spam to random e-mails.  Spammers don't need a 
list of verified e-mails to spam people, not the way that they do things.

Not to mention that people listed in this file aren't an amazing target 
for spam.  Do you think someone thinking "Hmmm... where can I find 
stupid people who will respond to my random scam e-mail?" is going to 
respond with "I know!  Nasa!"  I mean, seriously, they're going to spend 
their time spamming AOL, not Nasa.  Even with that, I'm sure that they 
do it...and they don't even need this list to do it.

Come on people, rather than being scared of the monster in the closet, 
can we apply a logic filter to things like this?

             -Barry

p.s.  Spam is a nuisance that occassionally includes exploits to achieve 
a further goal.  Sending spam may include the act of compromising 
systems, but recieving (and subsequently deleting) spam does not 
constitute a security issue.  Random people can e-mail you.  Random 
people have always been able to e-mail you.  If this scares you, go on 
Paxil and get over you Generalized Anxiety Disorder condition.   The 
only instance where I can see the reciept of spam as a security issue is 
if it's DoS'ing your network, and that is a different issue altogether.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ