Full Disclosure mailing list archives

Re: FW: Tim recommended you

From: <kernelclue () hushmail com>
Date: Mon, 8 Sep 2003 16:57:00 -0700



On Mon, 08 Sep 2003 16:11:33 -0700 Brian McWilliams <brian () pc-radio com>
wrote:

Random complaints about spammering may have no place on F-D, but
spamming 
has *everything* to do with security.


Um.  No.  Spamming has really nothing more to do with security than do
junk faxes.

1. Spammers usually rely on open mail relays to send their junk
e-mails.


This is a problem of stupid administrators but has nothing to do with
security or really even the security of those hosts.  One can operate
a fully secured open relay.  Reports of open relays do not belong on
this list.  If you find a new way to cause an open relay condition on
an otherwise secure box, that would be appropriate for this list.

2. Spammers often use insecure FormMail scripts to send their junk
e-mails.


The scripts themselves aren't security issues but their setup can enable
a spammer to use them to send spam.  While that may have been interesting
four years ago it's nothing new and again has less to do with security
than with stupid admins.

3. Spammers recently have begun sending "net-send" or Windows Messenger

spams targeting folks on Windows PCs without adequate firewalls or
port 
settings.


And, like other issues, this isn't a security issue for this list.  It's
nothing new or even that interesting.  The net send command is an authorized,
 known command being used to send network messages.  The issue here is
also one of poor configuration.  This type of discussion may be more
appropriate on the securityfocus.com 'Security Basics' list.

4. Spammers use social engineering techniques such as spoofed "From"
lines 
in their messages.


Heh.  Social engineering techniques are probably valid for the list but
I didn't see that as being the goal of this thread.

The Full-Disclosure charter states: "Any information pertaining to vulnerabilities
is acceptable, for instance announcement and discussion thereof, exploit
techniques and code, related tools and papers, and other useful information."

I don't see any of the above in a complaint about spam to this list.
 There are no vulnerability announcements, no exploit techniques or discussion
thereof, no tools or papers, and it's definitely not useful information.

So, unless you're reporting something new or interesting about spam or
spammers, there are more appropriate lists for the content.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

FW: Tim recommended you Jason Coombs (Sep 08)
- Re: FW: Tim recommended you Mary Landesman (Sep 08)
- <Possible follow-ups>
- RE: FW: Tim recommended you Schmehl, Paul L (Sep 08)
  - Re: FW: Tim recommended you Gregory A. Gilliss (Sep 08)
    - Re: FW: Tim recommended you Brian McWilliams (Sep 08)
    - Re: FW: Tim recommended you Gary E. Miller (Sep 08)
    - RE: FW: Tim recommended you Jason Coombs (Sep 08)
  - Re: FW: Tim recommended you Jure Pecar (Sep 08)
- Re: FW: Tim recommended you kernelclue (Sep 08)