Re: 'Spam Forensics: Reverse-Engineering Spammer Tactics'

2004-10-01 Thread jdow 
From: "Chris Santerre" <[EMAIL PROTECTED]>
> >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> >
> >My slides from the presentation I gave at Toorcon 2004, 'Spam
> >Forensics:
> >Reverse-Engineering Spammer Tactics', are now up, if anyone's
> >interested
> >in having a read ;)
> >
> >  http://spamassassin.apache.org/presentations/2004-09-Toorcon/html
> >
>
> Very nice. Page 13: Detecting Hashbusters, 2, who the hell figured that
out?
> Damn!
>
> SARE has run into the problem that there isn't much NEW in spam to tag on.
> SA, SURBL, and SARE have 99% of everything covered. Like you stated, most
of
> their tricks now end up being tagged. I'm real curious as to what they try
> nextcause I'm kind of stumped as to how to get around this. Think like
a
> spammer to catch one.

Crypto hashes rather than simple ROT-13? That way if only the sender
knew the key it'd just be a random string of characters. There are a
lot of things the spammers could do. (And there are too many hungry
"victims" of the Dot Bomb with the technical knowledge and hunger that
will swallow their ethics a little to produce the new things.)

{^_^}

Re: 'Spam Forensics: Reverse-Engineering Spammer Tactics'

2004-09-30 Thread Justin Mason 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


Chris Santerre writes:
> Very nice. Page 13: Detecting Hashbusters, 2, who the hell figured that out?
> Damn!

;)

> SARE has run into the problem that there isn't much NEW in spam to tag on.
> SA, SURBL, and SARE have 99% of everything covered. Like you stated, most of
> their tricks now end up being tagged. I'm real curious as to what they try
> nextcause I'm kind of stumped as to how to get around this. Think like a
> spammer to catch one. 

Oh, I'm sure they'll think up something

- --j.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Exmh CVS

iD8DBQFBXF/uQTcbUG5Y7woRAu0cAJ9mkkDL8vOeKUi2ScEmkfTycRnR1ACgweIB
AmylqUYqh0x5B66YxEQlewQ=
=iXJM
-END PGP SIGNATURE-

RE: 'Spam Forensics: Reverse-Engineering Spammer Tactics'

2004-09-30 Thread Chris Santerre 


>-Original Message-
>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
>Sent: Wednesday, September 29, 2004 6:37 PM
>To: users@spamassassin.apache.org
>Subject: 'Spam Forensics: Reverse-Engineering Spammer Tactics'
>
>
>My slides from the presentation I gave at Toorcon 2004, 'Spam 
>Forensics:
>Reverse-Engineering Spammer Tactics', are now up, if anyone's 
>interested
>in having a read ;)
>
>  http://spamassassin.apache.org/presentations/2004-09-Toorcon/html
>

Very nice. Page 13: Detecting Hashbusters, 2, who the hell figured that out?
Damn!

SARE has run into the problem that there isn't much NEW in spam to tag on.
SA, SURBL, and SARE have 99% of everything covered. Like you stated, most of
their tricks now end up being tagged. I'm real curious as to what they try
nextcause I'm kind of stumped as to how to get around this. Think like a
spammer to catch one. 

--Chris