Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Mailing lists and unsolicited/malicious spam

from [n3td3v] Network Security [Permanent Link]
Subject: [Full-Disclosure] Mailing lists and unsolicited/malicious spam
Date: Fri, 26 Nov 2004 00:38:17 +0000 
How many people are actually subscribed (on FD) and what are the
general figures for subscribers for high profile mailing lists, has
any figures ever been released? And would the theft of the list of
e-mails subscribed be of value to spammers? I think it would be, I
hope FD admin is up to date with and keeping tracks of bugs as the
rest of us. If malicious hackers/script kiddies got hold of the list,
I think they would be able to attack a good percentage of inboxes with
whatever they send. Weather it be porn spam or a phishing to take
passwords or if it be malcious code to take advantage of POP mail
clients via SMTP.

I think already FD is targeted by spam/phishing hackers who wish to
collect e-mail addresses for further exploration. Perhaps posting on
FD could be a security risk in itself (well not just FD but mailing
lists online in general) as far as POP mail clients and SMTP is
concerned. (web-based e-mail has its own problems which usually don't
have the risk of taking over computers like mail clients do. Usually
web-based e-mail is just at risk from xss/cookie disclosure/account
theft, whereas malicious code sent to mail clients can take over whole
computer systems)

For those of you who already have a "mailing list only" e-mail address
and a seperate address for work related/corporate/company matters, do
you see a different level of unsolicited spam, compared to the work
address or other private e-mail address for friends and family? I'm
thinking about setting up the same myself, just for experimental
reasons! I think i'll find some differences between the two.

Sorry if you don't care about anti-spam, but its something i'm
interested in. Sorry to all the script kiddie hax0rs who don't like me
working against you and your e-mail collecting bots!

Plus, do FD admin and other high profile mailing lists have honey pots
or similar methods to catch FD/mailing list born spam? I believe a big
mailing list can have its own domestic/internal spam, seperate from
the general internet who are not subscribed to the given mailing list
or lists, and even different mailing lists having its own group of
spammers targeting them, with its own nature of spam/phish/malicious
code exploration.

Thanks, 
n3td3v

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] MSIE & FIREFOX flaws: "detailed" advisory and comments that you probably don't want to read anyway, Berend-Jan Wever
Next by Date:  Re: [Full-Disclosure] Why is IRC still around?, vord
Previous by Thread:  [Full-Disclosure] MDKSA-2004:140 - Updated a2ps packages fix vulnerability, Mandrake Linux Security Team
Next by Thread:  Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Ron
Indexes:  [Date] [Thread] [Top] [All Lists]