Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: why o why did NASA do this.
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Mon, 18 Oct 2004 10:02:21 -0400

Harry de Grote wrote:

i have to admit... it's pretty old and useless, but i think this may be a nice place for spammers to try out some new adresses...

This is *NOT* the major issue that everyone is blowing it out to be.

Lists like this are available on many organization/company websites. This mailing list itself is a vast treasure-trove of data for spammers. In fact, it's a far more lucrative one because the users span multiple active e-mail domains.

Even with this abundance of e-mail accounts, spammers STILL use botnets and the like to send out spam to random e-mails. Spammers don't need a list of verified e-mails to spam people, not the way that they do things.

Not to mention that people listed in this file aren't an amazing target for spam. Do you think someone thinking "Hmmm... where can I find stupid people who will respond to my random scam e-mail?" is going to respond with "I know! Nasa!" I mean, seriously, they're going to spend their time spamming AOL, not Nasa. Even with that, I'm sure that they do it...and they don't even need this list to do it.

Come on people, rather than being scared of the monster in the closet, can we apply a logic filter to things like this?

            -Barry

p.s. Spam is a nuisance that occassionally includes exploits to achieve a further goal. Sending spam may include the act of compromising systems, but recieving (and subsequently deleting) spam does not constitute a security issue. Random people can e-mail you. Random people have always been able to e-mail you. If this scares you, go on Paxil and get over you Generalized Anxiety Disorder condition. The only instance where I can see the reciept of spam as a security issue is if it's DoS'ing your network, and that is a different issue altogether.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault