Re: [Full-Disclosure] Email marketing company gives out questionable security advice
From: Richard Johnson (rdump_at_river.com)
Date: 07/03/03
- Previous message: Richard M. Smith: "[Full-Disclosure] Software vendors just don't "get" ActiveX security"
- In reply to: Richard M. Smith: "[Full-Disclosure] Email marketing company gives out questionable security advice"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Richard M. Smith" <rms@computerbytesman.com> Date: Wed, 2 Jul 2003 22:44:45 -0600
At 20:03 -0400 on 2003-07-02, Richard M. Smith wrote:
> Hi,
>
> Last week, I received an unsolicited email message from Mobil Travel
> Guide about their new online service. In the message, I was encouraged
> to turn back on ActiveX and scripting in Outlook in order to view a
> Flash movie embedded in the message. Needless to say, I thought this
> was a terrible idea. Instead, I wrote the company who created the ad,
> Digital Produce (http://www.digita lproduce.com), saying they were giving
> out bad security advice and they should stop doing this sort of thing
> in future mailings.
The spamming for Mobile Travel Guide isn't the worst this bunch has done.
Amusingly, digitalproduce.com (AKA flashedmail.com) was involved in a
whitcon.net/uswives.com spamgang [1] attack against a number of addresses
on our servers just about a year ago.
They've been blacklisted on all our servers since. Mere mention of their
security violation URLs in mail bodies causes the mail to be rejected.
This prevents their willful lack of security, let alone their deliberately
bad advice, from affecting our users.
All in all, their association with infamous porn spam gang Whitaker
Consulting has been a good thing for securing our systems against their
shoddy flash and evilX. I sincerely applaud their taste in business
partners. Bad company breeds bad attitude. Or is it the other way around?
As long as they keep spamming, and providing spam support, they'll remain
blocked.
> It will be interesting to see how email marketing companies and
> spammers adapt to these technical changes in HTML email.
I've yet to discover any useful, practical difference between "email
marketing companies" and "spammers". The terms are synonymous.
Why anyone would trust active content from a spammer is beyond me.
Richard
[1] http://www.spamhaus.org/rokso/search.lasso?evidencefile=1610
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Richard M. Smith: "[Full-Disclosure] Software vendors just don't "get" ActiveX security"
- In reply to: Richard M. Smith: "[Full-Disclosure] Email marketing company gives out questionable security advice"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
