Re: Random musing about words and spam
Hello, On Wed, 3 Sep 2003, Thomas Shaddack wrote: Spammers recently adopted tactics of using randomly generated words, eg. wryqf, in both the subject and the body of the message. These pseudowords are random, which makes them different from real words that are made of syllables. Could the pseudowords be easily detected by their characteristics, eg. presence of syllables, wovel-consonant sequences/ratio, something like that? This could shift the balance of force in spam detection again, until the adversary will be forced to adopt the tactics of generating the random words from syllables instead of characters. Presence of pseudowords then could be added as one of spam characteristics. I have, for a year or so now, been wondering about all the odd character strings I am finding in the subjects and body of my spam, and I too thought about keying on these for detection. However, I immediately abandoned the idea, as a quick glance over the content of my legitimate email - to and from developers, technical mailing lists, etc., revealed that almost all of my legitimate email also contains seemingly random bits of gibberish and pseudowords. Try to write the logic that distinguishes this: if_gre in the tree passes the mbuf to netisr_dispatch(), which in turn calls if_handoff(), which does something similar. ([EMAIL PROTECTED]) from this: dyeiluykxoer dyeiluykcqkutknig dyeiluykkrpmhrku dyeiluykngeqx dyeiluykoybim dyeiluykbihlyrelg dyeiluyktwucinmdyeiluykwenmttwvm (actual spam) I must reiterate that, given the relentless efficiency of spam-spiders, merely publishing a shadow email address on all web documents that your real email address reside on, and deleting all email sent to both accounts is my current favorite anti-spam mechanism. Simple to DIY, and requires no centralization. - John Kozubik - [EMAIL PROTECTED] - http://www.kozubik.com
Re: DoS of spam blackhole lists
On Fri, 29 Aug 2003, Andrew Thomas wrote: Considering that it appears that spammers are now resorting to DoS'ing sites that host spam lists, wouldn't now be a good time to investigate the possibilities of a distributed, or at least, load balanced blacklist provider? That's an interesting reaction to the problem. Here's a better idea: a) admit that your stupid, self-appointed-netcop blacklists and self-righteous spam projects are inherently flawed, and are generally populated by spam reports made by clueless idiots that don't realize they are reporting forged and/or incorrect addresses. The net effect is that a lot of innocent bystanders/IP-blocks/ISPs waste a lot of time dealing with your self-righteous crusader projects. b) realize that the distributed method you suggest already exists - it is called procmail(*). Please spend your sophomore year working on something besides self-appointed-spam-netcop-site-of-the-week. (*) or you could setup a dummy email account on all web-published documents, and delete any email that arrives in both mailboxes, or you could implement a challenge/response mechanism for all new senders. All three mechanisms mentioned are distributed, independent, and don't require some asshole swooping in to save us with his miraculous spews database. - John Kozubik - [EMAIL PROTECTED] - http://www.kozubik.com
Re: How can you tell if your alarm company's...
On Fri, 8 Aug 2003, Tyler Durden wrote: ...in cahoots with the authorities? Most intelligent and savvy people I know roll their own Tivo (PVR, etc.) - I think the answer to your question is that it would be reasonable (and trivial) to roll your own alarm system. - John Kozubik [EMAIL PROTECTED] - http://www.kozubik.com
Re: Tunneling through a hostile proxy?
separately, with the proxy able to observe cleartext. Could an SSH connection be made under these conditions? SSH java applets exist: http://www.appgate.com/ag.asp?template=productslevel1=product_mindterm http://javassh.org/ Therefore, you could simply publish the java ssh client of your choice on an off-site web server of your choice, then hit that web server from behind your proxy using HTTPS (on the standard port 443) using IE or Netscape, etc., and accomplish your goal. No tunneling needed - just plain old https traffic. The ssh traffic flows only between the off-site web server publishing the applet and the host you direct it to ssh into. - John Kozubik - [EMAIL PROTECTED] - http://www.kozubik.com