lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Jul  5 12:34:08 2006
From: cardosolistas at contraditorium.com (Cardoso)
Subject: Who should i contact?

Do nothing. Are your emails random-proof?

Can you guarantee a simple algorithm can't generate such emails? Are
they +20 chars long, like

1212dfdfdnere0-psankdncxzcoxzicczppp-a at hotmail.com ?

If they aren't, sorry, but any script kiddie can create a perl script to
generate your "secret" address.




On Wed, 05 Jul 2006 01:09:06 -0700
<screwedbytaxes@...hmail.com> wrote:

s> Hello all,
s> 
s> The recent thread on the exposed data containing hospital records 
s> made me think to ask something here.
s> 
s> I have recently received spam to several email addresses created 
s> explicitly and solely for filing my US federal taxes online through 
s> an internet tax filing system. The emails I received are tied to 
s> four separate filings by four separate people on a COMPLETELY 
s> unrelated subject through an IP address managed by a completely 
s> different person than the entity that these addresses were given 
s> to.
s> 
s> I've already asked the tax filing company for more information 
s> about any breaches they may have suffered and what other 
s> information may have been exposed. They asked for the source 
s> emails, which I provided, and I have not heard back. This was over 
s> a week ago.
s> 
s> What should I do? What would you do?
s> 
s> I'm not up on current legislation (I'm a part-time security guy), 
s> but would this fall under HIPAA (one of the people filing is 
s> disabled, that data was included on the online form), Sarbanes 
s> Oxley, GLBA, California Breach Act (I'm in CA)... or anything else?
s> 
s> Since it looks like they're not going to even respond to me, I'd 
s> like to nail them to the wall.
s> 
s> Thanks
s> 
s> 
s> 
s> Concerned about your privacy? Instantly send FREE secure email, no account required
s> http://www.hushmail.com/send?l=480
s> 
s> Get the best prices on SSL certificates from Hushmail
s> https://www.hushssl.com?l=485
s> 
s> _______________________________________________
s> Full-Disclosure - We believe in it.
s> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
s> Hosted and sponsored by Secunia - http://secunia.com/
s> 

year(now) + 1 ser? o ano do linux!
Cardoso <cardoso@...ox.com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299
vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ