Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
On 2/25/2012 7:11 AM, C. P. Ghost wrote: On Sat, Feb 25, 2012 at 12:28 PM, Daniel Feenberg wrote: An email address can be hidden from bots without violating section 508, for instance: feenberg is at nber dot org or some variant won't be picked up by a robot. Most bots use some rather sophisticated regexp pattern matching nowadays, including some primitive JavaScript parsing to defeat the most popular JS-based obfuscations. This one is very, very obvious and among the easiest ones (including the "is" variation). You couldn't hide from them this way. -cpghost. What happens if the person going to the website doesn't speak any english and uses a translating service? The username or domain name could be mangled to something different. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
On Sat, Feb 25, 2012 at 12:28 PM, Daniel Feenberg wrote: > An email address can be hidden from bots without violating section 508, for > instance: > > feenberg is at nber dot org > > or some variant won't be picked up by a robot. Most bots use some rather sophisticated regexp pattern matching nowadays, including some primitive JavaScript parsing to defeat the most popular JS-based obfuscations. This one is very, very obvious and among the easiest ones (including the "is" variation). You couldn't hide from them this way. -cpghost. -- Cordula's Web. http://www.cordula.ws/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
On Sat, 25 Feb 2012, Da Rock wrote: On 02/25/12 12:03, David Brodbeck wrote: On Fri, Feb 24, 2012 at 5:15 AM, Dave wrote: Those address links need changing to graphic's, so that most address harvesting bots won't get anything usable. Mk1 eyeball can still see what's what, but if you have to use the info, you have to re-type it manually. I really don't recommend that. Keep in mind not everyone can use the "Mk1 eyeball." Websites need to be accessible to blind people using screen reader software, too. And therein lies the problem. How do you maintain accessibility while preventing bots from harvesting? You can't have your cake and eat it too... :) Only solution lies in a security gate of good filters and blocklists. But occasionally one or two will still pass. An email address can be hidden from bots without violating section 508, for instance: feenberg is at nber dot org or some variant won't be picked up by a robot. But is it really practical to treat an email address as a secret, when it will be shared with hundreds of correspondents? I have mostly thought that was hopeless. We do it on our website because we don't want to bother arguing with people. daniel feenberg feenb...@nber.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
On 02/25/12 12:03, David Brodbeck wrote: On Fri, Feb 24, 2012 at 5:15 AM, Dave wrote: Those address links need changing to graphic's, so that most address harvesting bots won't get anything usable. Mk1 eyeball can still see what's what, but if you have to use the info, you have to re-type it manually. I really don't recommend that. Keep in mind not everyone can use the "Mk1 eyeball." Websites need to be accessible to blind people using screen reader software, too. And therein lies the problem. How do you maintain accessibility while preventing bots from harvesting? You can't have your cake and eat it too... :) Only solution lies in a security gate of good filters and blocklists. But occasionally one or two will still pass. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
On Fri, Feb 24, 2012 at 5:15 AM, Dave wrote: > Those address links need changing to graphic's, so that most address > harvesting bots won't get anything usable. > > Mk1 eyeball can still see what's what, but if you have to use the info, > you have to re-type it manually. I really don't recommend that. Keep in mind not everyone can use the "Mk1 eyeball." Websites need to be accessible to blind people using screen reader software, too. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
On 02/24/12 20:42, Dave wrote: On 24 Feb 2012 at 17:28, Erich Dollansky wrote: Hi, On Friday 24 February 2012 17:10:21 Dave wrote: Can I please request, you all check your mail client "reply to" settings. I think, some - like me too - reply here always to all. Many of the "replies" to this thread, have also been sent to the 388 (was it) addresses in the original To: field, as well as the list. Wasn't it 389? :-) Might the list settings need tweaking a bit? Also, just where did he originaly harvest all those addresses from, are they publicly available, or is there a gaping hole in some server somewhere. Just collect all addresses from the list ending with freebsd.org? Erich Indeed, so some settings might do with a tweak, to at least obfuscate posters addresses, so that at least script kiddies are flumoxed. Actually, they're all the addresses found in the committers section of the site. No scripting required. As I've mentioned before, I'm not sure this is a troll as such. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
On 24 Feb 2012 at 12:37, Dag-Erling Smørgrav wrote: > "Dave" writes: > > Also, just where did he originaly harvest all those addresses from, > > are they publicly available, or is there a gaping hole in some > > server somewhere. > > It is public information: > > http://www.freebsd. org/doc/en_ US.ISO8859-1/articles/contributors/staff > -committers.html > > DES > -- > Dag-Erling Smørgrav - d...@des.no > > Those address links need changing to graphic's, so that most address harvesting bots won't get anything usable. Mk1 eyeball can still see what's what, but if you have to use the info, you have to re-type it manually. Most other similar websites have done that sort of thing with great success. I can't believe in this day and age, info like that is still presented in a way that makes it harvister-bot friendly. Regards. Dave B. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
Hi, On Friday 24 February 2012 17:10:21 Dave wrote: > Can I please request, you all check your mail client "reply to" settings. I think, some - like me too - reply here always to all. > > Many of the "replies" to this thread, have also been sent to the 388 (was > it) addresses in the original To: field, as well as the list. Wasn't it 389? > > Might the list settings need tweaking a bit? > > Also, just where did he originaly harvest all those addresses from, are > they publicly available, or is there a gaping hole in some server > somewhere. Just collect all addresses from the list ending with freebsd.org? Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
=?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= wrote: > "Dave" writes: > > Also, just where did he originaly harvest all those addresses from, are > > they publicly available, or is there a gaping hole in some server > > somewhere. > > It is public information: > > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributors/staff-committers.html Also http://www.freebsd.org/internal/homepage.html Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
"Dave" writes: > Also, just where did he originaly harvest all those addresses from, are > they publicly available, or is there a gaping hole in some server > somewhere. It is public information: http://www.freebsd.org/doc/en_US.ISO8859-1/articles/contributors/staff-committers.html DES -- Dag-Erling Smørgrav - d...@des.no ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Security? [Re: Why is this Symbol in the front of your website. A humble request.]
On 24 Feb 2012 at 17:28, Erich Dollansky wrote: > Hi, > > On Friday 24 February 2012 17:10:21 Dave wrote: > > Can I please request, you all check your mail client "reply to" > > settings. > > I think, some - like me too - reply here always to all. > > > > Many of the "replies" to this thread, have also been sent to the 388 > > (was it) addresses in the original To: field, as well as the list. > > Wasn't it 389? :-) > > > > Might the list settings need tweaking a bit? > > > > Also, just where did he originaly harvest all those addresses from, > > are they publicly available, or is there a gaping hole in some > > server somewhere. > > Just collect all addresses from the list ending with freebsd.org? > > Erich Indeed, so some settings might do with a tweak, to at least obfuscate posters addresses, so that at least script kiddies are flumoxed. I never intentionaly use any "Reply to All" function. In fact, this mailer doesn't even have a button for that. You have to select where the reply goes, after you hit the "reply" button, from a list of available addresses in the incoming message header, that the mailer has recognised. Just a thought as this problem is not going to go away. Dave B. PS: How about a "regional Beastie" wearing a headscarf and carring an assault rifle instead of a trident? That's me targeted then ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Security? [Re: Why is this Symbol in the front of your website. A humble request.]
Can I please request, you all check your mail client "reply to" settings. Many of the "replies" to this thread, have also been sent to the 388 (was it) addresses in the original To: field, as well as the list. Might the list settings need tweaking a bit? Also, just where did he originaly harvest all those addresses from, are they publicly available, or is there a gaping hole in some server somewhere. Regards. Dave B. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"