lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 6 Aug 2021 15:26:57 -0400
From: Jeffrey Walton <noloader@...il.com>
To: Nick Boyce <nick.boyce@...il.com>
Cc: Full Disclosure List <fulldisclosure@...lists.org>
Subject: Re: [FD] Spammers Using storage[.]googleapis[.]com ?!!?

On Tue, Aug 3, 2021 at 1:35 PM Nick Boyce <nick.boyce@...il.com> wrote:
>
> I notice that among the spam in my Gmail spam folder, there are a
> number of "address-check" type messages (i.e. that just seek
> confirmation my address exists), which attempt to get their response
> by performing a scripted redirect via a web property belonging to
> Google ...... and I tend to think "Huh? ... Surely Google wouldn't let
> that happen ... is this redirect something that by some chance they
> don't know about ?".
>
> Every link in the spam has the following HREF:
>
> https://storage[.]googleapis[.]com/medya00/redirectDOM80.html#[long-alphanum-string-that-presumably-identifies-me]
> ...
> FWIW, people complain that Amazon AWS is also abused in the same way.
>
> [No, I haven't bothered to let Google know directly - all of my
> attempts to let them know about other minor issues with their services
> have just resulted in a deafening silence - but I will try if folks
> think I should.]

That's nothing compared to Sharepoint and sharepointonline.com. I get
10 to 20 pieces of offensive emails daily from Microsoft's cesspool.
All using those useless redirects under the guise of "sharing a
document" with me and offering me sex.

Microsoft has more garbage spewing from their web properties than
Amazon, Google, IBM, Salesforce and Rackspace combined (based on my
experience).

sharepointonline.com is the crack neighborhood of the virtual world.
Microsoft is a slumlord...

Jeff

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists