RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam

From: Todd Towles (toddtowles_at_brookshires.com)
Date: 11/26/04

  • Next message: Ron: "Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam" 
    To: "Ron" <iago@valhallalegends.com>, "n3td3v" <xploitable@gmail.com>
Date: Fri, 26 Nov 2004 13:44:01 -0600

    Yeah the last time I can remember that someone tried that on FD, was
    that some called exploit that had a IRC trojan in it...it was discovered
    after about 5 secs..lol

    > -----Original Message-----
    > From: full-disclosure-admin@lists.netsys.com
    > [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of Ron
    > Sent: Friday, November 26, 2004 12:40 PM
    > To: n3td3v
    > Cc: full-disclosure@lists.netsys.com
    > Subject: Re: [Full-Disclosure] Mailing lists and
    > unsolicited/malicious spam
    >
    > One thing to note, however, is that people who post on this
    > list would tend to be the ones who know better than to listen
    > to spam or to open viruses or to help out those pool old
    > Nigerian Diplomats.
    >
    >
    > n3td3v wrote:
    >
    > >How many people are actually subscribed (on FD) and what are the
    > >general figures for subscribers for high profile mailing
    > lists, has any
    > >figures ever been released? And would the theft of the list
    > of e-mails
    > >subscribed be of value to spammers? I think it would be, I hope FD
    > >admin is up to date with and keeping tracks of bugs as the
    > rest of us.
    > >If malicious hackers/script kiddies got hold of the list, I
    > think they
    > >would be able to attack a good percentage of inboxes with
    > whatever they
    > >send. Weather it be porn spam or a phishing to take
    > passwords or if it
    > >be malcious code to take advantage of POP mail clients via SMTP.
    > >
    > >I think already FD is targeted by spam/phishing hackers who wish to
    > >collect e-mail addresses for further exploration. Perhaps
    > posting on FD
    > >could be a security risk in itself (well not just FD but
    > mailing lists
    > >online in general) as far as POP mail clients and SMTP is concerned.
    > >(web-based e-mail has its own problems which usually don't have the
    > >risk of taking over computers like mail clients do. Usually
    > web-based
    > >e-mail is just at risk from xss/cookie disclosure/account theft,
    > >whereas malicious code sent to mail clients can take over whole
    > >computer systems)
    > >
    > >For those of you who already have a "mailing list only"
    > e-mail address
    > >and a seperate address for work related/corporate/company
    > matters, do
    > >you see a different level of unsolicited spam, compared to the work
    > >address or other private e-mail address for friends and family? I'm
    > >thinking about setting up the same myself, just for experimental
    > >reasons! I think i'll find some differences between the two.
    > >
    > >Sorry if you don't care about anti-spam, but its something i'm
    > >interested in. Sorry to all the script kiddie hax0rs who
    > don't like me
    > >working against you and your e-mail collecting bots!
    > >
    > >Plus, do FD admin and other high profile mailing lists have
    > honey pots
    > >or similar methods to catch FD/mailing list born spam? I
    > believe a big
    > >mailing list can have its own domestic/internal spam,
    > seperate from the
    > >general internet who are not subscribed to the given mailing list or
    > >lists, and even different mailing lists having its own group of
    > >spammers targeting them, with its own nature of spam/phish/malicious
    > >code exploration.
    > >
    > >Thanks,
    > >n3td3v
    > >
    > >_______________________________________________
    > >Full-Disclosure - We believe in it.
    > >Charter: http://lists.netsys.com/full-disclosure-charter.html
    > >
    > >
    > >
    > >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Ron: "Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam"

    Relevant Pages

    • [Full-Disclosure] Mailing lists and unsolicited/malicious spam
      ... general figures for subscribers for high profile mailing lists, ... Weather it be porn spam or a phishing to take ... have the risk of taking over computers like mail clients do. ... do FD admin and other high profile mailing lists have honey pots ...
      (Full-Disclosure)
    • RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam
      ... Mailing lists and unsolicited/malicious spam ... general figures for subscribers for high profile mailing lists, ... have the risk of taking over computers like mail clients do. ...
      (Full-Disclosure)
    • RE: bogofilter ate 3/5
      ... Subscribers subscribing one address ... respond to spam as well (well, unless you put a spam filter ... I'm sure there are some people that don't run mailing lists that would love to call this behavior 'bad'. ... I find it highly ironic that spam blocker services tell you not to use certain techniques (autoresponders, bounce messages) that are not only commonplace, but precedented and even mandated by RFC on the grounds that they may cause you to be blocked. ...
      (Linux-Kernel)
    • asp.net Mailing List software/components
      ... Can anyone recommend an asp.net mailing list system that we could attach to ... We're looking for a tool that can maintain multiple mailing lists, ... when we update certain content on the web site via the CMS). ... - ability for subscribers to sub/unsub themselves online ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: An Amazing Fact
      ... Yet, for example, most mailing lists send RAVs and do not ... >>suffer for subscribers. ... >>just can't design negative filters that can reliablly, over time, tell the ...
      (comp.os.linux.misc)