funsec mailing list archives
Re: Google's "Shared Endorsements"
From: Rich Kulawiec <rsk () gsp org>
Date: Sat, 26 Oct 2013 10:12:15 -0400
On Tue, Oct 22, 2013 at 06:11:46PM +0200, Dani??l W. Crompton wrote:
[...] I'm unsure if a blanket statement such as "spammer-originated, abusive, invasive" apply here.
It does, in the sense that yes, that's where those originated. That doesn't mean that you're using them for the same reasons, only that's where they started. Let me explain. Spammers used/use them for three reasons: first, to identify spamtraps. This is highly useful intelligence, although they don't always use it wisely. Second, they track the N-tuple that caused the message to be read by someone foolish enough to use an HTML-enabled mail client. That N-tuple might include (originating IP, message version, addressees, putative sender, spam batch) or other information. This in turn allows them to narrowly target the particular recipient and to broadly assess the effectiveness of any particular spam batch. Third, they harvest metadata like the the IP address from which the link was fetched as well as browser/mail client information. This is useful for the same reasons as point two (above) but it also provides useful data for phishing and other attacks -- whether they use it themselves or just accrue it and sell it to others. (Consider all the useful geolocation information contained in such databases.) Not all of this is always accurate, of course; but it doesn't need to be. Spammers work on a volume, volume, volume basis. So even if some of this is wrong or outdated, mishandled or corrupted, that really doesn't mean much. There's always another spam run tomorrow, and another chance to acquire more data, and eventually, over a long enough time span with enough runs, they'll get what they want. I consider all of this highly abusive. Others don't, primarily spammers and their supporters, who have all kinds of spurious rationales for invading the privacy and attacking the security of their victims. But I do recognize that it's commonplace -- which I find very sad, as the collective "we" really shouldn't tolerate this nonsense. And this is one of many reasons why I don't use an HTML-enabled mail client and recommend the same course of action to others. I'm certain that the same people who do all this stuff are constantly developing ever-more-sophisticated ways to attack Internet users, because well, that's what they do. (See, for example, the spammers at LinkedIn, who are now doing it overtly.) I don't blame them: I blame us, because we haven't found the collective will to put a stop to it -- which we could, in a day/week/month, if we acted together and stuck to it. ---rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Google's "Shared Endorsements" Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 15)
- Re: Google's "Shared Endorsements" Daniël W . Crompton (Oct 15)
- Re: Google's "Shared Endorsements" Charlie Derr (Oct 15)
- Re: Google's "Shared Endorsements" Daniël W . Crompton (Oct 15)
- Re: Google's "Shared Endorsements" Rich Kulawiec (Oct 22)
- Re: Google's "Shared Endorsements" Daniël W . Crompton (Oct 22)
- Re: Google's "Shared Endorsements" Rich Kulawiec (Oct 26)
- Re: Google's "Shared Endorsements" Charlie Derr (Oct 15)
- Re: Google's "Shared Endorsements" Daniël W . Crompton (Oct 15)
- <Possible follow-ups>
- Re: Google's "Shared Endorsements" Chester Wisniewski (Oct 15)