[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] FW: Tim recommended you

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] FW: Tim recommended you
From: <kernelclue@xxxxxxxxxxxx>
Date: Mon, 8 Sep 2003 16:57:00 -0700

On Mon, 08 Sep 2003 16:11:33 -0700 Brian McWilliams <brian@xxxxxxxxxxxx>
wrote:
>Random complaints about spammering may have no place on F-D, but
>spamming 
>has *everything* to do with security.
>

Um.  No.  Spamming has really nothing more to do with security than do
junk faxes.

>1. Spammers usually rely on open mail relays to send their junk
>e-mails.

This is a problem of stupid administrators but has nothing to do with
security or really even the security of those hosts.  One can operate
a fully secured open relay.  Reports of open relays do not belong on
this list.  If you find a new way to cause an open relay condition on
an otherwise secure box, that would be appropriate for this list.

>2. Spammers often use insecure FormMail scripts to send their junk
>e-mails.

The scripts themselves aren't security issues but their setup can enable
a spammer to use them to send spam.  While that may have been interesting
four years ago it's nothing new and again has less to do with security
than with stupid admins.

>3. Spammers recently have begun sending "net-send" or Windows Messenger
>>
>spams targeting folks on Windows PCs without adequate firewalls or
>port 
>settings.

And, like other issues, this isn't a security issue for this list.  It's
nothing new or even that interesting.  The net send command is an authorized,
 known command being used to send network messages.  The issue here is
also one of poor configuration.  This type of discussion may be more
appropriate on the securityfocus.com 'Security Basics' list. 

>4. Spammers use social engineering techniques such as spoofed "From"
>lines 
>in their messages.

Heh.  Social engineering techniques are probably valid for the list but
I didn't see that as being the goal of this thread.

The Full-Disclosure charter states: "Any information pertaining to 
vulnerabilities
is acceptable, for instance announcement and discussion thereof, exploit
techniques and code, related tools and papers, and other useful information."

I don't see any of the above in a complaint about spam to this list.
 There are no vulnerability announcements, no exploit techniques or discussion
thereof, no tools or papers, and it's definitely not useful information.

So, unless you're reporting something new or interesting about spam or
spammers, there are more appropriate lists for the content.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] Apache::Gallery local webserver compromise, privilege escalation
Next by Date: [Full-Disclosure] Interesting traffic
Previous by thread: RE: [Full-Disclosure] FW: Tim recommended you
Next by thread: [Full-Disclosure] Temporary Fix for IE Zero Day Malware RE: BAD NEWS: Microsoft Security Bulletin MS03-032
Index(es):
- Date
- Thread