Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Thu, 21 Feb 2008 19:26:01 -0700
From: Vincent Danen <vdanen@...sec.ca>
To: oss-security@...ts.openwall.com
Subject: Re: first spam message on the list

* [2008-02-22 04:30:14 +0300] Solar Designer wrote:

>This was unusually quick.  S - thank you for posting the list address on
>a blog non-obfuscated. :-(
>
>http://c-skills.blogspot.com/2008/02/open-source-software-security-wiki.html

Who the... ohhhh... tsk tsk tsk.

>I've just enabled a simple spam filter for the list address (it will
>drop HTML-only messages - and more).  I will also be turning on message
>pre-moderation.  It's a pity that we have to do this so early.
>
>Anyone would like to be a moderator (and receive the undetected spam)?

I can do moderation as well.

>Meanwhile, (GalaxyMaster) has patched the Wiki to obfuscate e-mail
>addresses in more cases.  Nothing should be reported non-obfuscated now,
>not even via the RSS feed or diffs view.  In fact, we'll probably relax
>the current fix a bit to not mangle the Openwall anoncvs access shell
>command. ;-)

Good stuff.  Thanks, Solar.  Too bad, like you said, we had to do it so
soon.

I'll hit a certain somone with a clue-bat later.  =)

-- 
Vincent Danen @ http://linsec.ca/

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux