[Mimedefang] OT: Email web form exploits

John john at jjgb.com
Tue Sep 6 11:25:14 EDT 2005 

At 08:42 AM 9/6/2005, you wrote:
>On Tue, 2005-09-06 at 07:45, John wrote:
> > >
> > >      Contacted them for what purpose?  To tell them that you're a lousy
> > >programmer?  Or perhaps to tell them that you stick random unverified
> > >code on your system (i.e. you're a lousy sysadmin)?
> >
> > We also, are an ISP.  We, as a company, do not control content.  We 
> should,
> > I agree, but company policy says "Not"...
>
>So what is it that you expect someone else to do about it?  Shouldn't
>you be contacting the clients that do control this made-to-exploit
>content?

I don't expect them to do anything about it.  I have already contacted 
clients and shut down scripts.

I have been doing this for years.  I have seen the kiddie scripters come 
and go.  They are not an issue.  These are much different than what I have 
seen in the past.  I am going to make the Feds aware of this, just in case 
there is something here that is not apparent on the surface.  Expect them 
to shut something down?  Nada, on the contrary, I want them to see if 
something on the dark side is up (If they are interested).


> > >      If I was the Feds I would simply tell you to go away and secure
> > >your system.  And, if you are working for an organisation where your
> > >systems must be secure by law, I would sic the appropriate agency on
> > >you.
> >
> > And, you already sound like a government worker.  Totally bad attitude.  I
> > expect to speak to someone like you today.  I am sure I will find a way
> > around the front guard, then maybe not.  There are plenty of folks like 
> you
> > in the government.
>
>What would you like them to do?

Be aware.  None of us have an overall picture of the security issues of our 
Nation.  Only selected groups have that knowledge.  I am just going to feed 
them some data.  What they do with it is up to them.  The persistence of 
this issue is the key factor here.  I personally have never had a spammer 
piss around for days on end.  Too many other easy marks out there.  Maybe 
somebody in a more dense area of the world with more top site exposure is 
used to this, but here in Blgs, we are not.  Maybe it's just our turn in 
the barrel, but it is extremely unusual activity in our little pew.

Noteworthy to say the least.


>--
>   Les Mikesell
>     les at futuresource.com


John Jaeger - Billings, Montana

EMail To	: <mailto:john at jjgb.com>
Home Page	: <http://www.jjgb.com>

PGP:
RSA Key ID: 0xAAEC7751  <http://www.jjgb.com/public_files/RSA_Key.zip>

"Our liberty is protected by four boxes...
     The ballot box, the jury box, the soap box, and the cartridge box."
                                    - Anonymous

"Soap Box" didn't work, now using the "Cartridge Box" 3/20/2003

More information about the MIMEDefang mailing list