RE: Mailing lists and unsolicited/malicious spam

["Todd Towles" <toddtowles () brookshires com>]

Yeah the last time I can remember that someone tried that on FD, was
that some called exploit that had a IRC trojan in it...it was discovered
after about 5 secs..lol 

> -----Original Message-----
> From: full-disclosure-admin () lists netsys com 
> [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Ron
> Sent: Friday, November 26, 2004 12:40 PM
> To: n3td3v
> Cc: full-disclosure () lists netsys com
> Subject: Re: [Full-disclosure] Mailing lists and 
> unsolicited/malicious spam
>
> One thing to note, however, is that people who post on this 
> list would tend to be the ones who know better than to listen 
> to spam or to open viruses or to help out those pool old 
> Nigerian Diplomats.
>
>
> n3td3v wrote:
>
> > How many people are actually subscribed (on FD) and what are the 
> > general figures for subscribers for high profile mailing 
> lists, has any 
> > figures ever been released? And would the theft of the list 
> of e-mails 
> > subscribed be of value to spammers? I think it would be, I hope FD 
> > admin is up to date with and keeping tracks of bugs as the 
> rest of us. 
> > If malicious hackers/script kiddies got hold of the list, I 
> think they 
> > would be able to attack a good percentage of inboxes with 
> whatever they 
> > send. Weather it be porn spam or a phishing to take 
> passwords or if it 
> > be malcious code to take advantage of POP mail clients via SMTP.
> >
> > I think already FD is targeted by spam/phishing hackers who wish to 
> > collect e-mail addresses for further exploration. Perhaps 
> posting on FD 
> > could be a security risk in itself (well not just FD but 
> mailing lists 
> > online in general) as far as POP mail clients and SMTP is concerned. 
> > (web-based e-mail has its own problems which usually don't have the 
> > risk of taking over computers like mail clients do. Usually 
> web-based 
> > e-mail is just at risk from xss/cookie disclosure/account theft, 
> > whereas malicious code sent to mail clients can take over whole 
> > computer systems)
> >
> > For those of you who already have a "mailing list only" 
> e-mail address 
> > and a seperate address for work related/corporate/company 
> matters, do 
> > you see a different level of unsolicited spam, compared to the work 
> > address or other private e-mail address for friends and family? I'm 
> > thinking about setting up the same myself, just for experimental 
> > reasons! I think i'll find some differences between the two.
> >
> > Sorry if you don't care about anti-spam, but its something i'm 
> > interested in. Sorry to all the script kiddie hax0rs who 
> don't like me 
> > working against you and your e-mail collecting bots!
> >
> > Plus, do FD admin and other high profile mailing lists have 
> honey pots 
> > or similar methods to catch FD/mailing list born spam? I 
> believe a big 
> > mailing list can have its own domestic/internal spam, 
> seperate from the 
> > general internet who are not subscribed to the given mailing list or 
> > lists, and even different mailing lists having its own group of 
> > spammers targeting them, with its own nature of spam/phish/malicious 
> > code exploration.
> >
> > Thanks,
> > n3td3v
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.netsys.com/full-disclosure-charter.html
> >
> >
> >  
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html