Re: TLG GREATFN - unauthorized $8.99 credit card charge

On Mon, 01 Aug 2005 14:00:44 -0700, The Real Bev
<bashley@xxxxxxxxxxxxx> wrote:

>Gordon Burditt wrote:
>>
>> >Are you kidding? All you need is a tiny piece of software to run through
>> >the different combinations of alphanumeric characters. Such a program
>> >would take no more than a second to run on a reasonably equipped PC. You
>>
>> There are 36**14 combinations of 14-character alphanumeric user
>> names. If you try one of these per picosecond, (a *LOT* faster
>> than existing 5-GHz PCs), it will take 194 years. And that's just
>> for one domain.
>>
>> >then feed the output file into your spam software and away you go! A
>> >long attention span is not required.
>>
>> The output file is much larger than all the disk storage ever
>> manufactured. But you should generate the addresses on the fly;
>> it saves a lot in disk storage.
>
>Not to mention that many systems lock the account if some number of failed
>attempts to log in are made. A nuisance to honest but clumsy users, but it
>doesn't seem like a bad protection scheme.

What helps SPAMmers are the oh-so-helpful SMTP servers which will
actually tell the SPAMmer whether the email address they just tried to
send a message to is a valid one or not. So not only can the script
kiddie SPAMmers send floods of email to every combination of n
alphanumeric characters in a given domain, but they get direct and
immediate feedback as to whether a given combination is actually a
valid email address. It's trivial to write a script that logs the
valid email addresses.

If SMTP servers were a little less "helpful" it would really help us a
lot. ;)

.

Relevant Pages

  • Re: TLG GREATFN - unauthorized $8.99 credit card charge
    ... >>> This may or may not be related, but I've noticed a resurgence of SPAM ... maybe some SPAMmers hacked a website ... the different combinations of alphanumeric characters. ... then feed the output file into your spam software and away you go! ...
    (misc.consumers)
  • Re: C-R Systems (Spam Filter)
    ... >> SPAMmers do use valid email addresses. ... spammers don't do that. ... that had my ISP's support and abuse addresses forged as the envelope ... And, yes, two of the five bounced spams had my ISP's *abuse* address ...
    (alt.os.linux)
  • Re: C-R Systems (Spam Filter)
    ... >> SPAMmers do use valid email addresses. ... spammers don't do that. ... that had my ISP's support and abuse addresses forged as the envelope ... And, yes, two of the five bounced spams had my ISP's *abuse* address ...
    (comp.unix.questions)
  • Re: C-R Systems (Spam Filter)
    ... >> SPAMmers do use valid email addresses. ... spammers don't do that. ... that had my ISP's support and abuse addresses forged as the envelope ... And, yes, two of the five bounced spams had my ISP's *abuse* address ...
    (comp.os.linux.misc)
  • Re: C-R Systems (Spam Filter)
    ... >> SPAMmers do use valid email addresses. ... spammers don't do that. ... that had my ISP's support and abuse addresses forged as the envelope ... And, yes, two of the five bounced spams had my ISP's *abuse* address ...
    (alt.linux)