Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: why o why did NASA do this.
From: "Todd Towles" <toddtowles () brookshires com>
Date: Tue, 19 Oct 2004 12:59:37 -0500

 
GuidoZ wrote:
=) Yeah, I do. I wasn't sure if you were having a brain fart 
or something. lol
Ok Mr. Limpy..lol

Well said. It was finally removed from public view, though 
I'd imagine quite a few saved it just in case (myself 
included). No, it's not some perfect list for every malicious 
purpose, though it's certainly better then nothing. Spammers 
really don't care if it's active or not - they will still 
sell it. Social Engineering can go a long way though. It's 
entirely possible someone that worked at NASA in 1996 would 
be there still today. It's called a career. =)
Great point about the "career" job. Even if they aren't there, knowing a
time and a name can get you more information out of a person in another
dept, I think. I wouldn't try =) 

-Todd

--
Peace. ~G


On Tue, 19 Oct 2004 07:59:36 -0500, Todd Towles 
<toddtowles () brookshires com> wrote:
I meant this outdated NASA e-mail list. I undestand that FD 
could be 
used for this purpose.

The fact that NASA just hands you this information 
(outdated or not) 
is pretty sad. As I stated before it is free information leakage at 
best and because it is outdated it should be removed from 
public view. 
This could be used for social attacks and e-mail attacks. I don't 
think SPAMmers care about some 6 year old list but hackers 
would. Any 
information that they can get free of charge is just that 
much better.

You know me better than that GuidoZ .....lol

-----Original Message-----
From: GuidoZ [mailto:uberguidoz () gmail com]
Sent: Tuesday, October 19, 2004 1:24 AM
To: Todd Towles
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] why o why did NASA do this.

how would this list help me spam?

Google your email address - then simply use a bot to 
gather ALL the 
email addresses listed in the posts along with it. ;) The 
sad fact 
is that the email addresses used to post to this list (and any 
others like it) are freely there for the taking. Plus, it's quite 
obvious they are active. (More obvious then, say, email 
addies fro 
1996?) ;)

--
Peace. ~G


On Mon, 18 Oct 2004 11:02:00 -0500, Todd Towles 
<toddtowles () brookshires com> wrote:
Exactly as I stated eariler...this is just information
leakage...old
as it might be, it helps...the people on the list are just
doing their
jobs...getting paid and giving information to a employee that 
knows their name (and is higher in the company) seems harmless.
Spam isn't
the issue with this information leakage, I can buy a CD
with 6 million
e-mail address on it...how would this list help me spam?



-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
KF_lists
Sent: Monday, October 18, 2004 9:06 AM
To: Harry de Grote
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] why o why did NASA do this.


Forget about the spammers, how about social engineers.
This is quite
the gold mine for that.

Hi this is Joe Schmoe from building 69 I need to have my 
password reset.
-KF



i have to admit... it's pretty old and useless, but i think
this may
be a nice place for spammers to try out some new adresses...


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]