| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <9E97F0997FB84D42B221B9FB203EFA273F3C0F@dc1ms2.msad.brookshires.net> From: toddtowles at brookshires.com (Todd Towles) Subject: Mailing lists and unsolicited/malicious spam Yeah the last time I can remember that someone tried that on FD, was that some called exploit that had a IRC trojan in it...it was discovered after about 5 secs..lol > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Ron > Sent: Friday, November 26, 2004 12:40 PM > To: n3td3v > Cc: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Mailing lists and > unsolicited/malicious spam > > One thing to note, however, is that people who post on this > list would tend to be the ones who know better than to listen > to spam or to open viruses or to help out those pool old > Nigerian Diplomats. > > > n3td3v wrote: > > >How many people are actually subscribed (on FD) and what are the > >general figures for subscribers for high profile mailing > lists, has any > >figures ever been released? And would the theft of the list > of e-mails > >subscribed be of value to spammers? I think it would be, I hope FD > >admin is up to date with and keeping tracks of bugs as the > rest of us. > >If malicious hackers/script kiddies got hold of the list, I > think they > >would be able to attack a good percentage of inboxes with > whatever they > >send. Weather it be porn spam or a phishing to take > passwords or if it > >be malcious code to take advantage of POP mail clients via SMTP. > > > >I think already FD is targeted by spam/phishing hackers who wish to > >collect e-mail addresses for further exploration. Perhaps > posting on FD > >could be a security risk in itself (well not just FD but > mailing lists > >online in general) as far as POP mail clients and SMTP is concerned. > >(web-based e-mail has its own problems which usually don't have the > >risk of taking over computers like mail clients do. Usually > web-based > >e-mail is just at risk from xss/cookie disclosure/account theft, > >whereas malicious code sent to mail clients can take over whole > >computer systems) > > > >For those of you who already have a "mailing list only" > e-mail address > >and a seperate address for work related/corporate/company > matters, do > >you see a different level of unsolicited spam, compared to the work > >address or other private e-mail address for friends and family? I'm > >thinking about setting up the same myself, just for experimental > >reasons! I think i'll find some differences between the two. > > > >Sorry if you don't care about anti-spam, but its something i'm > >interested in. Sorry to all the script kiddie hax0rs who > don't like me > >working against you and your e-mail collecting bots! > > > >Plus, do FD admin and other high profile mailing lists have > honey pots > >or similar methods to catch FD/mailing list born spam? I > believe a big > >mailing list can have its own domestic/internal spam, > seperate from the > >general internet who are not subscribed to the given mailing list or > >lists, and even different mailing lists having its own group of > >spammers targeting them, with its own nature of spam/phish/malicious > >code exploration. > > > >Thanks, > >n3td3v > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.netsys.com/full-disclosure-charter.html > > > > > > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists