lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 02 Nov 2007 13:00:12 -0000
From: "lsi" <stuart@...erdelix.net>
To: "Aaron Katz" <atkatz@...il.com>, full-disclosure@...ts.grok.org.uk
Subject: Re: spammer wades into US Presidential race

> > Actually, it would hurt my wallet, and waste my time, compounding the
> > loss
> > already incurred by receiving the spam in the first place.
> 
> But it's worth your time to forward spam to everyone on the

Simply put, it's evidence of a crime. The mail was forwarded in its 
entirety to provide the group with the fullest amount of evidence 
possible.  

> > > Also, if you really believed that it might come from his campaign,
> > I didn't say that.
> 
> Then what benefit was there to forwarding it along?

1. The public interest is served in debating whether it's appropriate 
that presidential campaigns are spamvertised.  Spam is unethical, is 
it appropriate that potential presidents are potentially unethical?  

2. The public interest is served in locating the source of the spam.  
Paying spammers sends money to organised criminals who do cracking, 
credit-card fraud and identity theft, as well as spamming, and who 
knows what else.  It is supporting an industry that the world can do 
without, and it is wholly inappropriate to be paying organised crime 
to get elected.  

3. Focusing the group mind on the case and thus maximising possible 
lines of inquiry.  

4. Analysis of spam for the benefit of the group.  

5. Opportunity to forward an anti-war message globally.  

6. Scooping wired.com by a whole 3 days.  

> > > Simply postulating that it's his (considering spamming is not a nice
> > I didn't do that.
> 
> Then I apologize if I read too much into your email.

I was careful not to directly point any fingers, although I do admit 
to suspecting an "over-enthusiasic intern" in his campaign.  However 
with more thought, I now think that only a fool would spamvertise his 
own campaign, and, given that the mail was outrageously worded, 
gramattically incorrect etc, I think it's reasonable to add his 
opponents to the list of suspects.

Paying gangsters to beat up your opponents is also unethical and 
should not be tolerated in a presidential campaign.  

> > But now you mention it - why would a spammer
> > divert precious bandwidth from sending profitable spam?  That's gonna
> > cost him money.  Either the spammer donated his resources for free,
> > or someone paid - and who is that most likely to be?   You?  Me?  Ron
> > Paul?  Hilary Clinton?  You decide.
> 
> I'd rather wait for some form of evidence.  Right now all that is
> available is gossip.

I forwarded all the evidence I had, the fulltext as well, with 
headers, much better than the snippet in wired.

> > > thing) without even checking his record on such a topic, and claiming
> > > "newsworthy" isn't quite... nice.
> > Check out Wired's take on it here:
> > http://www.wired.com/politics/security/news/2007/10/paul_bot
> 
> If you read the article from Wired, *they* contacted Paul's campaign,
> and performed some basic investigation.  That's rather different from
> forwarding a spam message on to a mailing list.

They are a news service, that's what they do.  My role, as a 
recipient of the mail, is to report it, that's what I did.  Repeat, 
it is not just spam, it is evidence that, in all likelihood, one of 
the presidential campaigns purchased spamming services from some 
seriously dark people, enriching them and encouraging them to crack 
more machines and send more spam than ever.  This is wrong, very 
wrong and that overzealous intern needs to get it.  

> > It seems the net is somewhat overrun with his apologists.
> 
> At what point has anyone acted as his apologist (recently, on this
> thread)?

I was referring to the Wired article and the online polls mentioned 
therein.

>  I've see others clarifying positions he's taken on
> particular issues/votes, and I've questioned your lack of
> investigation before forwarding the message on to everyone.

As you admitted, the guilty party is unlikely to admit their guilt, 
so there is no point asking them.  I also doubt his voting record is 
much use.  The fact is, someone paid, and I'll bet the fact is also 
that ALL the candidates have a squeaky-clean anti-spam record.  By 
your logic, I should never have received the mail in the first place.

Finally, I have no idea who you are, asking me to run down blind 
alleys is a good way to get me to think you are working for the same 
people I am complaining about.

I have no intention of doing any further research.  That is a job for 
the police and the appropriate federal electoral authorities.

Stu

---
Stuart Udall
stuart at@...erdelix.dot net - http://www.cyberdelix.net/

--- 
 * Origin: lsi: revolution through evolution (192:168/0.2)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ