| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <41A7788D.1030001@valhallalegends.com> From: iago at valhallalegends.com (Ron) Subject: Mailing lists and unsolicited/malicious spam One thing to note, however, is that people who post on this list would tend to be the ones who know better than to listen to spam or to open viruses or to help out those pool old Nigerian Diplomats. n3td3v wrote: >How many people are actually subscribed (on FD) and what are the >general figures for subscribers for high profile mailing lists, has >any figures ever been released? And would the theft of the list of >e-mails subscribed be of value to spammers? I think it would be, I >hope FD admin is up to date with and keeping tracks of bugs as the >rest of us. If malicious hackers/script kiddies got hold of the list, >I think they would be able to attack a good percentage of inboxes with >whatever they send. Weather it be porn spam or a phishing to take >passwords or if it be malcious code to take advantage of POP mail >clients via SMTP. > >I think already FD is targeted by spam/phishing hackers who wish to >collect e-mail addresses for further exploration. Perhaps posting on >FD could be a security risk in itself (well not just FD but mailing >lists online in general) as far as POP mail clients and SMTP is >concerned. (web-based e-mail has its own problems which usually don't >have the risk of taking over computers like mail clients do. Usually >web-based e-mail is just at risk from xss/cookie disclosure/account >theft, whereas malicious code sent to mail clients can take over whole >computer systems) > >For those of you who already have a "mailing list only" e-mail address >and a seperate address for work related/corporate/company matters, do >you see a different level of unsolicited spam, compared to the work >address or other private e-mail address for friends and family? I'm >thinking about setting up the same myself, just for experimental >reasons! I think i'll find some differences between the two. > >Sorry if you don't care about anti-spam, but its something i'm >interested in. Sorry to all the script kiddie hax0rs who don't like me >working against you and your e-mail collecting bots! > >Plus, do FD admin and other high profile mailing lists have honey pots >or similar methods to catch FD/mailing list born spam? I believe a big >mailing list can have its own domestic/internal spam, seperate from >the general internet who are not subscribed to the given mailing list >or lists, and even different mailing lists having its own group of >spammers targeting them, with its own nature of spam/phish/malicious >code exploration. > >Thanks, >n3td3v > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > >
Powered by blists - more mailing lists