On Wed, Mar 12, 2008 at 05:41:03PM -0400, [EMAIL PROTECTED] wrote: > seeing as we were talking about LinkedIn and all, I thought it appropriate > to toss this conversational hand grenade... > > Six Degrees of E-Separation > http://blog.washingtonpost.com/securityfix/2008/03/six_degrees_of_eseparation_1.html
This same effect shows up in other places as well. Some of us suspect that spammers have been quietly busy over the past decade building databases encapsulating the same sort of relationship information. Reason? People are much more likely to accept and read messages from people they know, so if it's possible to forge mail from a given sender to a given recipient, (or better yet, hijack their system or the mail server they use so that it's undetectable as a forgery) then there's a high probability the payload will reach its destination. Analysis of mailing list traffic, newsgroup traffic, blogs, and mailboxes/address books on already-hijacked systems all yield data useful for such an exercise. This would not only be handy for keeping pace with the myriad defenses we've deployed, but when it comes to highly targeted phishing runs, it'd be truly useful. I have no proof of this, only circumstantial evidence, so this may simply be so much drivel. On the other hand: anyone with the expertise to code this graph theory exercise and run it on a very large dataset may also have the expertise to avoid being detected. And we already know that [some] spammers have expended considerable resources on a similar exercise: list-washing/complainer avoidance/spamtrap identification. So I don't think it's much of a leap of the imagination. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
