Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam

from [n3td3v] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam
Date: Fri, 26 Nov 2004 16:51:27 +0000 
On the note of hiding e-mail addresses:

Yahoo! Groups, a fully featured user group and mailing list has taken
steps to prevent malicious users harvesting new e-mail addresses to
add to spam list databases. They (Yahoo) cut the e-mail address on the
website, so harvesting becomes impossible by only showing the user
side of the e-mail address. Example "n3td3v@...".

On the note of mailing lists and user groups having its own unique
(back-end off list) spam:

I have also noticed Yahoo!s own resident hax0rs, spammers, whatever
you wish to label them as, actually use Yahoo! users to create bot
yahoo accounts (by sending them a carefully crafted url, which relays
via google and queries the malicious webpage, which looks like a
legitimate Yahoo! word verification page) to later broadcast out to
Yahoo! users of Yahoo! Mail and Yahoo! Groups. So, in some instances,
mailing lists and user groups can have its internal scams going on (if
the network is big enough, which yahoo (mail and groups)

We could take Yahoo!s e-mail hiding idea, but take it a step further:

I was thinking, why are all e-mail addresses not encrypted as soon as
they leave the authors mail client, surely this would stop anyone
seeing the address, apart from the mail client at the other end the
message was intended for. And when a user mails a mailing list the
e-mail address could be read by the mailing list software, but stays
encrypted for the broadcast out to the subscribers of the list.

All you need to do to stop spam is have e-mail addresses encrpyted and
only readable by the person they were sent to. perhaps to make it
nicer, leave the user@ side of the e-mail address showing, but encrypt
the @domain side of the e-mail address.

Don't tell me, this has already been thought of and i'm the last to
think of it, oh well nevermind!

This would at least stop the malicious spammers harvesting new
addresses on mailing lists and the third party sites where mailing
list threads are published, example: seclists.org. I'm sure encrpyting
the domain side of e-mail addresses has its pitfalls and flaws. Its
just something I thought about on top of my head, I haven't researched
fully the pro's and con's (at least yet).

Thanks,
n3td3v@h4hfshjkewts

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Re: MSIE flaws: nested array sort() loop Stack overflow exception, Gadi Evron
Next by Date:  RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, pingywon MCSE
Previous by Thread:  RE: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Todd Towles
Next by Thread:  Re: [Full-Disclosure] Mailing lists and unsolicited/malicious spam, Valdis . Kletnieks
Indexes:  [Date] [Thread] [Top] [All Lists]