[Mimedefang] OT: Email web form exploits

Wed Sep 7 03:28:30 EDT 2005

On Jan 27,  4:00am, John wrote:
} At 08:42 AM 9/6/2005, you wrote:
} >On Tue, 2005-09-06 at 07:45, John wrote:
} > > >
} > > >      Contacted them for what purpose?  To tell them that you're a lousy
} > > >programmer?  Or perhaps to tell them that you stick random unverified
} > > >code on your system (i.e. you're a lousy sysadmin)?
} > >
} > > We also, are an ISP.  We, as a company, do not control content.  We 
} > should,
} > > I agree, but company policy says "Not"...
} >
} >So what is it that you expect someone else to do about it?  Shouldn't
} >you be contacting the clients that do control this made-to-exploit
} >content?
} 
} I don't expect them to do anything about it.  I have already contacted 
} clients and shut down scripts.
} 
} I have been doing this for years.  I have seen the kiddie scripters come 
} and go.  They are not an issue.  These are much different than what I have 
} seen in the past.  I am going to make the Feds aware of this, just in case 
} there is something here that is not apparent on the surface.  Expect them 
} to shut something down?  Nada, on the contrary, I want them to see if 
} something on the dark side is up (If they are interested).

     I've got news for you.  The people that deal with this stuff
haven't been living in caves for the last ten years.  They knew about
it along time ago.  There is nothing here that is of remote interest.

} > > >      If I was the Feds I would simply tell you to go away and secure
} > > >your system.  And, if you are working for an organisation where your
} > > >systems must be secure by law, I would sic the appropriate agency on
} > > >you.
} > >
} > > And, you already sound like a government worker.  Totally bad attitude.  I
} > > expect to speak to someone like you today.  I am sure I will find a way
} > > around the front guard, then maybe not.  There are plenty of folks like 
} > you
} > > in the government.
} >
} >What would you like them to do?
} 
} Be aware.  None of us have an overall picture of the security issues of our 
} Nation.  Only selected groups have that knowledge.  I am just going to feed 

     Guess what!  The group that you are apparently trying to reach is
one of those "selected groups".  They probably don't know everything
but they would certainly know about buggy web forms.

} them some data.  What they do with it is up to them.  The persistence of 
} this issue is the key factor here.  I personally have never had a spammer 

     No, it isn't.  It isn't even remotely of interest.

} piss around for days on end.  Too many other easy marks out there.  Maybe 
} somebody in a more dense area of the world with more top site exposure is 
} used to this, but here in Blgs, we are not.  Maybe it's just our turn in 
} the barrel, but it is extremely unusual activity in our little pew.

     Then count your lucky stars.  On the Internet being in the
backwater is determined by your connectivity and your bandwidth.  To
the spammers, etc. you are just another IP address.  They couldn't care
less about your geographical location or anything other then how much
spam they can pump through you.

} Noteworthy to say the least.

     Not even remotely.

}-- End of excerpt from John