funsec mailing list archives
Re: Off Topic: When Did LinkedIn Start Sucking So Bad?
From: Rich Kulawiec <rsk () gsp org>
Date: Mon, 17 Mar 2008 10:56:57 -0400
On Wed, Mar 12, 2008 at 05:41:03PM -0400, cracker () gmail com wrote:
seeing as we were talking about LinkedIn and all, I thought it appropriate to toss this conversational hand grenade... Six Degrees of E-Separation http://blog.washingtonpost.com/securityfix/2008/03/six_degrees_of_eseparation_1.html
This same effect shows up in other places as well. Some of us suspect that spammers have been quietly busy over the past decade building databases encapsulating the same sort of relationship information. Reason? People are much more likely to accept and read messages from people they know, so if it's possible to forge mail from a given sender to a given recipient, (or better yet, hijack their system or the mail server they use so that it's undetectable as a forgery) then there's a high probability the payload will reach its destination. Analysis of mailing list traffic, newsgroup traffic, blogs, and mailboxes/address books on already-hijacked systems all yield data useful for such an exercise. This would not only be handy for keeping pace with the myriad defenses we've deployed, but when it comes to highly targeted phishing runs, it'd be truly useful. I have no proof of this, only circumstantial evidence, so this may simply be so much drivel. On the other hand: anyone with the expertise to code this graph theory exercise and run it on a very large dataset may also have the expertise to avoid being detected. And we already know that [some] spammers have expended considerable resources on a similar exercise: list-washing/complainer avoidance/spamtrap identification. So I don't think it's much of a leap of the imagination. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Off Topic: When Did LinkedIn Start Sucking So Bad? Paul Ferguson (Mar 07)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? William Lefkovics (Mar 07)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? Nick FitzGerald (Mar 08)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? cracker (Mar 12)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? Rich Kulawiec (Mar 17)
- <Possible follow-ups>
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? Paul Ferguson (Mar 08)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? Nick FitzGerald (Mar 09)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? Paul Vixie (Mar 09)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? Rich Kulawiec (Mar 10)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? John C. A. Bambenek, CISSP (Mar 10)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? Gadi Evron (Mar 10)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? John C. A. Bambenek, CISSP (Mar 10)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? Chris Blask (Mar 10)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? Valdis . Kletnieks (Mar 12)
- Re: Off Topic: When Did LinkedIn Start Sucking So Bad? Nick FitzGerald (Mar 09)