Full Disclosure mailing list archives
Re: FW: Tim recommended you
From: <kernelclue () hushmail com>
Date: Mon, 8 Sep 2003 16:57:00 -0700
On Mon, 08 Sep 2003 16:11:33 -0700 Brian McWilliams <brian () pc-radio com> wrote:
Random complaints about spammering may have no place on F-D, but spamming has *everything* to do with security.
Um. No. Spamming has really nothing more to do with security than do junk faxes.
1. Spammers usually rely on open mail relays to send their junk e-mails.
This is a problem of stupid administrators but has nothing to do with security or really even the security of those hosts. One can operate a fully secured open relay. Reports of open relays do not belong on this list. If you find a new way to cause an open relay condition on an otherwise secure box, that would be appropriate for this list.
2. Spammers often use insecure FormMail scripts to send their junk e-mails.
The scripts themselves aren't security issues but their setup can enable a spammer to use them to send spam. While that may have been interesting four years ago it's nothing new and again has less to do with security than with stupid admins.
3. Spammers recently have begun sending "net-send" or Windows Messengerspams targeting folks on Windows PCs without adequate firewalls or port settings.
And, like other issues, this isn't a security issue for this list. It's nothing new or even that interesting. The net send command is an authorized, known command being used to send network messages. The issue here is also one of poor configuration. This type of discussion may be more appropriate on the securityfocus.com 'Security Basics' list.
4. Spammers use social engineering techniques such as spoofed "From" lines in their messages.
Heh. Social engineering techniques are probably valid for the list but I didn't see that as being the goal of this thread. The Full-Disclosure charter states: "Any information pertaining to vulnerabilities is acceptable, for instance announcement and discussion thereof, exploit techniques and code, related tools and papers, and other useful information." I don't see any of the above in a complaint about spam to this list. There are no vulnerability announcements, no exploit techniques or discussion thereof, no tools or papers, and it's definitely not useful information. So, unless you're reporting something new or interesting about spam or spammers, there are more appropriate lists for the content. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- FW: Tim recommended you Jason Coombs (Sep 08)
- Re: FW: Tim recommended you Mary Landesman (Sep 08)
- <Possible follow-ups>
- RE: FW: Tim recommended you Schmehl, Paul L (Sep 08)
- Re: FW: Tim recommended you Gregory A. Gilliss (Sep 08)
- Re: FW: Tim recommended you Brian McWilliams (Sep 08)
- Re: FW: Tim recommended you Gary E. Miller (Sep 08)
- RE: FW: Tim recommended you Jason Coombs (Sep 08)
- Re: FW: Tim recommended you Gregory A. Gilliss (Sep 08)
- Re: FW: Tim recommended you Jure Pecar (Sep 08)
- Re: FW: Tim recommended you kernelclue (Sep 08)