Re: [Full-disclosure] Fwd: GWAVA Sender Notification (Content filter)

Valdis.Kletnieks_at_vt.edu
Date: 05/10/05

  • Next message: Oliver Goebel: "[Full-disclosure] CAIF 1.2 released"
    To: James Tucker <jftucker@gmail.com>
    Date: Mon, 09 May 2005 23:44:09 -0400
    
    
    
    

    On Tue, 10 May 2005 02:32:41 BST, James Tucker said:
    > Surely this kind of message is a really bad idea.

    You know it, I know it, and the A/V vendors know it.

    > What is the possible true business value of such a filter?

    The true business value is for the A/V vendor, who can blat out a
    free spam to the forged MAIL FROM: address (which is probably scraped off
    a disk by the worm/virus and therefor likely an actual address.

    In this case, the bozos at GWAVA can spam you about finding something they
    didn't consider acceptable.

    > What is the potential impact upon security to disclose the information
    > that this mail does?

    It demonstrates that the site running it is lame enough to still be running
    A/V software that spams people.

    > What is the cost of deployment of this system against the costs
    > related to it's potential, and actual effects?

    The GWAVA people don't care. They've been paid for the product already, and
    they're not the ones paying for the bandwidth.

    Remember - you're talking here about a market segment *founded* on the business
    model that *partially* patching some other vendor's broken software will lead
    to a permanent gravy train. Once you've wrapped your brain around the morals
    and ethics of that business model, it's obviously a very tiny step to spamming
    other people about the wonders of the product.

    
    

    
    

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/



  • Next message: Oliver Goebel: "[Full-disclosure] CAIF 1.2 released"

    Relevant Pages

    • Re: Man gets nine years for spamming
      ... >>1) SPAM is not a SECURITY issue. ... >>business model as you. ... You may be able to block countries, ... blanket IP block filtering. ...
      (alt.computer.security)
    • Re: 7 Acre Ranchette, 15 min. from Baltimore City/Columbia
      ... I publish Sport Horse ... It's spam if you post repeatedly, ... business owners in a category somewhere below slugs. ... We all buy things from business owners, ...
      (rec.equestrian)
    • Re: Newsgroup filtering with host server software
      ... Hotmail offers free and "for pay" accounts with extra services. ... was spam. ... If the company is able to get business where you are required to travel, ... Does the business have an Internet presence? ...
      (comp.security.firewalls)
    • Re: Foam wing cutting
      ... Posts of intrest to the hobby are what this group is for. ... on ebay is not spam. ... business, he pays google to place ads for him in related google searches. ... Yep, Nike shoes ads here, I think I would consider off topic but his ...
      (rec.models.rc.air)
    • Re: Which greylist milter is least maintenance
      ... Which is the most maintenance free in a business environment? ... I'm shooting for removing the additional 150-200 spam messages a day ... daemon that all the mail servers can talk to - one database for all servers. ... MailScanner -- stopping the UCE/spam at the connection point, ...
      (comp.mail.sendmail)