lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20050922195009.GA28434@pobox.com>
Date: Thu Sep 22 20:50:19 2005
From: cstone at pobox.com (cstone)
Subject: Call to Arms: Rita Scams

On Thu, Sep 22, 2005 at 09:18:49PM +0200, Gadi Evron wrote:
[...]
> This is a notice from MWP, the malicious websites and phishing research 
> & operational mailing list.
> 
> Over the next few days some of us are going to process information
> about sites that will probably be used for Rita scams.

Glad to hear it; perhaps we'll even get lucky, damage from Rita
will be minimal, and the need for emergency relief money will be
low, thus removing the attraction for scammers.

But how can we join this list?  Who else is involved?  
In particular, are you coordinating with US-CERT, FTC, the FBI/IC3, 
or other agencies reportedly[1,2] working on disaster-relief-related 
scams?  Where are the list archives?

(Of course I checked likely-related web searches before responding and
causing noise:  there are no references to this group other than you
posting about it.  It is apparently[3] a subgroup of the "drone
armies / botnets research and mitigation mailing list".  This list,
too, is also apparently secret[4]; one needs to be "vetted" and/or
"trusted".  But perhaps even more curiously, you are the only one
posting about it.  Are you sure this is germane to full-disclosure?)

> Through MWP resources and ISP connections we are going to make sure 
> these sites are taken off-line as soon as we detect them.
> 
> Also, via reg-ops, an operational list for registrars, we are going to 
> see if we can get the domains terminated at the registrar level.

Is *this* list private too?

> To accomplish this we don't want to rely only on our sources, but rather 
> issue a Call to Arms to the public. If you know of a new Rita Hurricane 
> Scam, please notify us by emailing me directly at ge@...uxbox.org with 
> the subject line "Rita Report", where we will be processing them for the 
> next week.

How do we know that mailing you personally is going to result in a more 
timely and effective response than working to track down incidents and/or 
notifying authorities directly?

> We hope to get the cooperation of several incident response mechanisms 
> both in the US and abroad. We will update you as we proceed and when we 
> are done.

How?  f-d posts?


[1] http://www.usdoj.gov/criminal/SpecialReport-HurricaneKatrina.htm
[2] http://news.yahoo.com/news?tmpl=story&u=/usatoday/20050922/tc_usatoday/fbiwarnsagainstfraudulentkatrinasites
[3] http://www.merit.edu/mail.archives/nanog/2005-03/msg00703.html
[4] http://www1.ietf.org/mail-archive/web/asrg/current/msg11539.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ