Full Disclosure mailing list archives
RE: Backdoor not recognized by Kaspersky
From: "Larry Seltzer" <larry () larryseltzer com>
Date: Thu, 4 Mar 2004 06:20:48 -0500
Another quick workaround to SPF, Caller ID and Domain Keys has alredy been implemented by spammers for a year or so. The only premise behind S/C/D is that you are trusted if you have access to a DNS server. Spammers are using compromised machines not only as SMTP servers, but also web servers and DNS servers. The end result is that spammers have already completely circumvented all three solutions way before they were ever implemented.
I'm really not clear how this could work on a DHCP client, which the overwhelming majority of compromised systems must be. Please don't just tell me it's magic and works. What you said in another message about just cracking the storage of credentials in the registry or file system impresses me more and I'm looking into it. Larry Seltzer eWEEK.com Security Center Editor http://security.eweek.com/ larryseltzer () ziffdavis com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Email legislation does not exist, (continued)
- RE: Email legislation does not exist Bill Royds (Mar 04)
- RE: Email legislation does not exist Ron DuFresne (Mar 05)
- Re: Email legislation does not exist Oliver Schneider (Mar 04)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)
- RE: Backdoor not recognized by Kaspersky Schmehl, Paul L (Mar 03)
- RE: Re[2]: Backdoor not recognized by Kaspersky Glenn_Everhart (Mar 03)
- RE: Backdoor not recognized by Kaspersky Thor Larholm (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 03)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 04)
- RE: Backdoor not recognized by Kaspersky Nick FitzGerald (Mar 04)
- ProFtp bufferoverflow. Frederic Charpentier (Mar 04)
- Re: ProFtp bufferoverflow. Andreas Gietl (Mar 04)
- RE: ProFtp bufferoverflow. Epic (Mar 04)
- Re: ProFtp bufferoverflow. Andreas Gietl (Mar 04)
- RE: Backdoor not recognized by Kaspersky Larry Seltzer (Mar 03)
- RE: Critical WFTPD buffer overflow vulnerability Geo. (Mar 04)
- Re: Backdoor not recognized by Kaspersky Valdis . Kletnieks (Mar 04)