lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: bernhard at bksys.at (Bernhard Kuemel)
Subject: Re: mailman email harvester

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dave Korn wrote:
|>An improved version that collects addresses that are restricted to
|>subscribers, processes more lists and works more parallelized is
|>planned.
|
|
| Why?

The addresses of mailing list subscribers are top quality to
spammers. It's just a matter of time until one exploits this. I'd
rather want us to close this hole before this happens.

| You hoping to sell it to spammers?

I'm on the anti spammers side, but hey, I'm rather low on money so
if theres a good offer, I just might do that. 1 cent/address. If it
collects 1 million addresses, that would be 10,000 euros. That's my
price. And there are programmers who don't have objections working
for spammers. They even make worms that act as mail relays. See how
real the danger is?

| Obfuscating *works*;

The report you cited is about individuals obfuscating addresses in
individual ways. Mailman is a widespread mailing list manager and
obfuscates very many addresses in a uniform way. This makes it much
more attractive for spammers. If you hoped this would remain
unnoticed by spammers I'm sorry to disappoint you, but security by
obscurity does not work.

| if YOU break it, that makes YOU a spamming motherfucker.

This seems to bother you. Would you feel better if someone else did
it without anyone noticing it? Hey, it may already be happening.

| Why don't you go fuck yourself instead?

I'm too busy fucking my girl friend.

|   Oh, and by the way
|
| <bernhard@...ys.at>

Uh, fuck!

Oh, BTW, obscuring or hiding email addresses wont's solve the
problem. Hashcash or ecash probably will.

Bernhard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org

iD8DBQFCCg069zL78+QhnUgRAkaYAKCCBJ4joy49YPcxwVL4ZRAVcKmTtgCfSQc3
OvDsFCwDyg0tTnLd84RcpWg=
=iNhD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ