On 2/21/02 2:00 PM, "John Morton" <[EMAIL PROTECTED]> wrote:
> I think we're really getting into wild speculation territory here. No one > will bother hacking the code to automatically get new free mail accounts [...] Nobody has bothered to do this YET. That we know of. But the spamhacks are evolving rapidly. More rapidly than the anti-spam hacks in many ways. I sure wouldn't depend on them never doing this. I'm not sure what we'd do if they did, either, but some aspects of it have happened to me in small ways, just not from the major spamhacks. Fact is, if they want your subscribers, they can get them. Or more correctly, your subcribers that post -- but if everyone lurks in fear, why hav a mail list? The question is, what can we do to make it as tough as we can for the spammers, without screwing it up for us (as admins) or our list users. If only because the harder we make it for them to hack us, they more likely they'll go somewhere else that's easier to crack... On the other hand, if Mailman does become the de-factor mail list standard, or one of a couple of key list servers, you can bet the spam ahcks will focus on it, because if they can crack the code, they can crack a LOT of lists really fast. So we have the potential to become a target of our success, and we should be aware of that. > No one is going to bother implementing and maintaining this attack while they > can grep addresses straight out of Usenet, off the web and out of DNS. The "low hanging fruit" theory, or as I used yesterday, it's "the club" mentality. The Club (which, for those who don't catch my reference) is a big hunk o' steel you lock to your steering wheel. It's ability to slow down a car thief boils down to two things: how badly the thief wants YOUR car (vs. Any car), and how many other cars they can steal more easily. But what happens when other groups get smart too, and clean up the low hanging fruit? Depending on that to protect us is a false security, basically no better than the old security-by-obscurity issue. Given port scanners and the like, there IS no obscurity from the crackers any more. -- Chuq Von Rospach, Architech [EMAIL PROTECTED] -- http://www.chuqui.com/ Stress is when you wake up screaming and you realize you haven't fallen asleep yet. _______________________________________________ Mailman-Developers mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-developers