lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e1958c1969aa951049ac271ec50290d9.squirrel@gameframe.net>
Date: Fri, 10 Jun 2011 04:20:02 +0300
From: nix@...roxylists.com
To: Valdis.Kletnieks@...edu
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: (no subject)

> On Fri, 10 Jun 2011 02:40:16 +0300, nix@...roxylists.com said:
>
>> Im happy to hear it works out to you. A few days ago, i received an
>> email
>> from https://www.proxpn.com/ admin that he suspended fraudulent user VPN
>> account due to the abuse. A fraudster used a stolen credit card using
>> their VPN to purchase a service from us. Needless to say, their CIDR's
>> has
>> been also added to this list.
>
> You're incredibly lucky it was proxpn.com and not comcast.com. ;)
>
I sense sarcasm. Im exacly aware of comcast and almost all other U.S cable
providers residental address ranges. Did you happend to know that comcast
do also provide static IP's for companies, dedicated hosting.

Im also fully aware of botnet proxies that are spreaded wide to comcast
ranges, not only to comcast, to a majority of U.S cable providers. We have
a method to detect some of those botnet proxies but I wont go in to
details for obvious reasons.

Once again, almost none of you did not bothered to read features. You have
the option to CHOOSE will you block hosting providers or not. It does not
block anything by default.

This is my last reply to this topic.

Simply, it does provide protection to those who wants it and everyone can
configure their API in the way they want. None is not enforced to block
anything. Period.

Atleast I managed to open discussion. Something else than daily boring
XSS/CRLF bugs.

Thanks to everyone for the feedback and interests, whether it was positive
or negative.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists