[Dshield] Firewall spam reduction link?

Cefiar cef at optus.net
Thu May 26 00:46:51 GMT 2005


On Thursday 26 May 2005 00:58, Kenneth Coney wrote:
> What is really amazing to me is, this morning (and yesterday, and the
> day before and the day before that) when I log on instead of seeing the
> usual 200+ spam emails in my trash box, I am seeing about 40.  Instead
> of having a 120 or so pop up during the day, I get maybe 10.  Something
> major has changed.  Two choices.  1) This weekend there was a major
> crackdown world wide on Spam boxes which no one has heard about.  2)
> Something about the former firewall program attracted spam.  My machine
> is masked with both programs according to Gibson's Shields Up (I know,
> but hey, it is fast, and it is free).  My experience leads me to suspect
> a certain well known US software manufacturer has a major security issue
> of their own.  Probably in their auto update server.  Something along
> the lines of, what is the current email address of your customer, thank
> you, now sending.  Comments?

If you're running your own mailserver on said machine, then this is quite 
possibly because you were off-line for most of a day. Your machine would have 
probably got flagged as "down" so it's not getting hit as hard. Rest assured 
the spam will increase over time.

If you're picking up mail from an ISP, is it possible that the same day that 
you installed this new product, that they installed/upgraded an anti-spam 
solution on their mailservers? Remember: While things like this may seem 
likely, there are so many things going on in the chain between you and the 
spammer, that a lot of things are quite possible.

Also: Did the free software find something installed on your machine at all? 
It could be a piece of software was "calling home" and so reporting your 
address somewhere. While you may think it's the big software companies AV 
program, it may be something else entirely, and the only co-incidence is the 
timing.

As for free software: I'm a big proponent of free software (specifically open 
source), but I'm also a realist: Not all free software is created equal, and 
the incentive of getting something for free should not be the only factor in 
your choice. However, that said, it's unlikely (but not impossible) that 
something where you are supplied the source code will contain something 
deliberately malacious. Of course, to be positive of this, you'd want to 
build it yourself, or get confirmation from either one or many third parties 
(preferrably trusted in some way) that the code builds the same executable. 
This doesn't prove there isn't deliberately malacious code in the source 
(it's just compiling after all), but it does mean that if they've added 
deliberate malacious code, they're hanging all their dirty laundry out in the 
public eye, and someone could spot it by reviewing said code.

-- 
 Stuart Young - aka Cefiar - cef at optus.net



More information about the list mailing list