spam to this list from stolen addresses

spam to this list from stolen addresses

[Moshe Yudkowsky]

I use a unique email address to send and receive email from this list (I
have about 180 separate email addresses in order to segregate
identities). I've just received spam to that address, which means that
there's been a security breach of the email list -- either in someone's
personal machine, or of the subscription list itself.

The security breach was exploited by spammers who push penny stocks.
About two weeks ago, this gang or a similar and very aggressive gang
stole the subscription list of Investor's Business Daily, a national
financial newspaper.
<http://www.pebbleandavalanche.com/weblog/2006/10/20/blog-20061020T0508>

I'm writing for informational purposes only at this point. I begin to
suspect that there's a new exploit out there, because I'm reliably
informed by a security-expert friend that Newegg merchants recently had
its subscription lists stolen.

I'll likely turn this email address off, but since I'm not currently
receiving summaries from the list, I will leave it on for a while in
case someone wants to contact me directly.

Regards,
 Moshe

-- 
 Moshe Yudkowsky
 work: http://www.Disaggregate.com
 book: http://www.PebbleAndAvalanche.com

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid\x120709&bid&3057&dat\x121642
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel

Re: spam to this list from stolen addresses

[Dave Dodge]

On Wed, Oct 25, 2006 at 08:46:05AM -0500, Moshe Yudkowsky wrote:
> I use a unique email address to send and receive email from this list (I
> have about 180 separate email addresses in order to segregate
> identities). I've just received spam to that address, which means that
> there's been a security breach of the email list -- either in someone's
> personal machine, or of the subscription list itself.

This isn't the first time you've sent mail to the list, and people
responding to you in December quoted your email address in their
messages.  So the unique address you use for this list appears
unprotected in the list archives -- which are of course readily
available and even Google-indexed:

  http://www.google.com/search?q=msha5_17%40bl.com

I'm not saying that a security breach didn't happen, but it certainly
wasn't the only way the address could have been farmed.

                                                  -Dave Dodge

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid\x120709&bid&3057&dat\x121642
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel