Discuss February 2006

discuss@lists.surbl.org

16 participants
19 discussions

Google-based redirector
by Guy Rosen 27 Feb '06

27 Feb '06

Hi, We've been seeing some spam that uses Google as a redirection URL. The URL that makes this possible is: http://www.google.com/url?q=URL For example: http://www.google.com/url?q=http://www.bluesecurity.com This is letting spammers hide quite nicely from SURBLs. The redirector has actually been around for a few months (e.g. in the strange spam described in http://isc.sans.org/diary.php?storyid=847). Back then we notified security(a)google.com, and we sent them another email again today. Guy Rosen Lead Analyst, Operations Team Blue Security http://www.bluesecurity.com/

2 1

removal of domain from ws.surbl.org
by Costas Ioannou 24 Feb '06

24 Feb '06

Hello! Can anyone help me? I'm relatively new with surbl.org lists. Can someone instruct me how to request a domain removal from ws.surbl.org? I have sent yesterday an email at wstearns(a)pobox.com but nothing changed until now. The domain is nbg.gr and is National Bank of Greece. It is black listed by one of our products that uses surbl.org lookups. The situation has become very very messy. Also the customer has sent email to Bill Stearns but to no avail. Thank you Costas ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message has been checked for Content Security and Computer Viruses by MIMEsweeper and F-Secure Anti Virus ********************************************************************** ------------------------------------------------------------------------------------------------------------- Ask for our new Security Training Program! Inter Engineering - World of Data Security! F-Secure Certified Anti Virus Center Certified Mimesweeper Distributor Mimesweeper Authorized Training Center Anti Virus - Cryptography - Access Control - Content Security - Biometrics - Consulting - Security Training - Special Projects P.O. Box 1626, 410 02 Larissa, Greece Tel. +30.2410.670030 Fax. +30.2410.670006 Visit our website http://www.inter.gr

2 3

RE: [SURBL-Discuss] browser plugin?
by Matthew.van.Eerde＠hbinc.com 15 Feb '06

15 Feb '06

Michele Neylon:: Blacknight.ie wrote: > Jeff Chan wrote: > > IIRC someone wrote one for Firefox, but it was implemented >> brokenly. I think a browser plug in is a great idea, but I'd be >> a little concerned about the new DNS queries it would generate. >> >> How does anyone else feel, particularly operators of our public >> nameservers? >> > > What would be the goal of a browser plugin? To warn the browser's user (me, ATM) that the site they are visiting is spamvertised and/or a reported phishing site. Useful for those who do not have control over their mail server, especially if they're using webmail. Also a proof-of-concept of the "right way" to implement a phishing blacklist -- without sacrificing user privacy. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer

5 6

RE: [SURBL-Discuss] browser plugin?
by Kristopher Austin 14 Feb '06

14 Feb '06

Matthew.van.Eerde wrote: > OK, I'll develop it for private use but keep an eye out for caching > optimizations, and see how it goes. Please keep us informed of the progress and optimizations you employ. I'm very interested in this. Thanks, Kris

1 0

RE: [SURBL-Discuss] browser plugin?
by Matthew.van.Eerde＠hbinc.com 14 Feb '06

14 Feb '06

Chris Santerre wrote: > I agree with Raymond. It makes sense to use it in a company that > mirrors the SURBL/URIBL data internaly. Then the proxy could cut down > on lookups. Or an ISP, I suppose... OK, I'll develop it for private use but keep an eye out for caching optimizations, and see how it goes. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer

1 0

RE: [SURBL-Discuss] browser plugin?
by Chris Santerre 14 Feb '06

14 Feb '06

> -----Original Message----- > From: Raymond Dijkxhoorn [mailto:raymond@surbl.org] > Sent: Tuesday, February 14, 2006 2:48 AM > To: SURBL Discussion list > Subject: RE: [SURBL-Discuss] browser plugin? > > > Hi! > > >>> How does anyone else feel, particularly operators of our public > >>> nameservers? > > >> What would be the goal of a browser plugin? > > > To warn the browser's user (me, ATM) that the site they are > visiting is > > spamvertised and/or a reported phishing site. Useful for > those who do > > not have control over their mail server, especially if > they're using > > webmail. > > Any idea waht this would do to the nameservers we are > running, checking > each and every URI a user visits? Rather usefull but also > rather silly. > There are vendors allready doing this, they are free to use > the plugin, > but please dont use the public infrastructure for this goal. > Or are you > somehow distributing the data together with the plugin, dont think so? > > Thanks, > Raymond. I agree with Raymond. It makes sense to use it in a company that mirrors the SURBL/URIBL data internaly. Then the proxy could cut down on lookups. I've have actually posted the request to the Firefox people for a plugin, a long time ago. Back when I was with SURBL. They were very interested, but I honestly haven't looked back into it since going to URIBL. But using the public resources would put a strain on the mirrors. (and most likely get the abusive IPs rejected from connecting any further.) The idea has merit, but the implimintation is tricky. --Chris

1 0

Re: [SURBL-Discuss] Possible FP
by List Mail User 14 Feb '06

14 Feb '06

>Hi, > >macosxlabs*MANGLED*.org is listed in ws but the site is about some kind >of university project. FP ? > >Regards, > >-- >Herve Boulouis >... Indeed it is a CMU project, but it also was a comprimised machine that did spew a lot of spam. I'd assume it has been fixed by now, but the is just a (very likely) guess. Paul Shupak track(a)plectere.com

1 0

RE: [SURBL-Discuss] browser plugin?
by Matthew.van.Eerde＠hbinc.com 13 Feb '06

13 Feb '06

Jeff Chan wrote: > I'd be a little concerned about the new DNS queries it would generate. If load on the servers is a concern there are things that can be done: * Cache lookups for the duration of the session * Only look up the main document URL, not src= URLs * Allow a URL whitelist... bookmarked URLs * Skip lookups for HTTP servers on the local subnet or on My Computer etc. Ideas welcome. -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer

2 1

browser plugin?
by Matthew.van.Eerde＠hbinc.com 13 Feb '06

13 Feb '06

The IE7 phishing "feature" raises my privacy hackles... after trying to go through official Microsoft channels, I'm not getting anywhere. So I'm considering writing a browser plugin that checks SURBL. Has anyone already done this? -- Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902 Hispanic Business Inc./HireDiversity.com Software Engineer

3 2

Possible FP
by Herve Boulouis 13 Feb '06

13 Feb '06

Hi, macosxlabs*MANGLED*.org is listed in ws but the site is about some kind of university project. FP ? Regards, -- Herve Boulouis

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss February 2006