lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: toddtowles at (Todd Towles)
Subject: Mailing lists and unsolicited/malicious spam

Yeah the last time I can remember that someone tried that on FD, was
that some called exploit that had a IRC trojan in was discovered
after about 5 

> -----Original Message-----
> From: 
> [] On Behalf Of Ron
> Sent: Friday, November 26, 2004 12:40 PM
> To: n3td3v
> Cc:
> Subject: Re: [Full-Disclosure] Mailing lists and 
> unsolicited/malicious spam
> One thing to note, however, is that people who post on this 
> list would tend to be the ones who know better than to listen 
> to spam or to open viruses or to help out those pool old 
> Nigerian Diplomats.
> n3td3v wrote:
> >How many people are actually subscribed (on FD) and what are the 
> >general figures for subscribers for high profile mailing 
> lists, has any 
> >figures ever been released? And would the theft of the list 
> of e-mails 
> >subscribed be of value to spammers? I think it would be, I hope FD 
> >admin is up to date with and keeping tracks of bugs as the 
> rest of us. 
> >If malicious hackers/script kiddies got hold of the list, I 
> think they 
> >would be able to attack a good percentage of inboxes with 
> whatever they 
> >send. Weather it be porn spam or a phishing to take 
> passwords or if it 
> >be malcious code to take advantage of POP mail clients via SMTP.
> >
> >I think already FD is targeted by spam/phishing hackers who wish to 
> >collect e-mail addresses for further exploration. Perhaps 
> posting on FD 
> >could be a security risk in itself (well not just FD but 
> mailing lists 
> >online in general) as far as POP mail clients and SMTP is concerned. 
> >(web-based e-mail has its own problems which usually don't have the 
> >risk of taking over computers like mail clients do. Usually 
> web-based 
> >e-mail is just at risk from xss/cookie disclosure/account theft, 
> >whereas malicious code sent to mail clients can take over whole 
> >computer systems)
> >
> >For those of you who already have a "mailing list only" 
> e-mail address 
> >and a seperate address for work related/corporate/company 
> matters, do 
> >you see a different level of unsolicited spam, compared to the work 
> >address or other private e-mail address for friends and family? I'm 
> >thinking about setting up the same myself, just for experimental 
> >reasons! I think i'll find some differences between the two.
> >
> >Sorry if you don't care about anti-spam, but its something i'm 
> >interested in. Sorry to all the script kiddie hax0rs who 
> don't like me 
> >working against you and your e-mail collecting bots!
> >
> >Plus, do FD admin and other high profile mailing lists have 
> honey pots 
> >or similar methods to catch FD/mailing list born spam? I 
> believe a big 
> >mailing list can have its own domestic/internal spam, 
> seperate from the 
> >general internet who are not subscribed to the given mailing list or 
> >lists, and even different mailing lists having its own group of 
> >spammers targeting them, with its own nature of spam/phish/malicious 
> >code exploration.
> >
> >Thanks,
> >n3td3v
> >
> >_______________________________________________
> >Full-Disclosure - We believe in it.
> >Charter:
> >
> >
> >  
> >
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:

Powered by blists - more mailing lists