It's not a matter of being naive or not, but just the fact nobody hacked in yet (tfu tfu fu) :) Of course there is ALWAYS the risk, and one should ALWAYS take that into account and prepare, but in the context of this discussion it's pretty much irrelevant as they (these spammers) don't need to "hack" into the mail systems in order to spam - the methods I described are much more cost-effective for them. Regarding your last question - I have no idea.
________________________________ From: sara fink [mailto:[EMAIL PROTECTED] Date: Fri 25/07/2008 23:05 To: Imri Zvik Cc: Arik Baratz; linux-il Subject: Re: Israeli ISP and Blacklisting On 7/25/08, Imri Zvik <[EMAIL PROTECTED]> wrote: > Why do you think any system was hacked? > > It seems you do not understand how it works - they don't hack into any ISP > managed system. They don't need to. They either: > > 1. phish the username and password. > 2. get it from *your* computer using a trojan. > 3. try and guess easy passwords/usernames. > 4. actually *buy* an account, pretending to be your average Moshe from Hulon > customer. Stay naive. these are the easy cases. BTW, which ISP hosted the Bank Israel web site? > > Spammers from abroad will mostly use methods 1 to 3. > > > > ________________________________ > > From: sara fink [mailto:[EMAIL PROTECTED] > Date: Fri 25/07/2008 14:12 > To: Imri Zvik > Cc: Arik Baratz; linux-il > Subject: Re: Israeli ISP and Blacklisting > > > > > On Fri, Jul 25, 2008 at 1:58 PM, Imri Zvik <[EMAIL PROTECTED]> wrote: > > > 1. This is not a question, but a statement, and quite a stupid one if I > may. Do you really expect a serious answer? How are those related? > > > Indeed it's a statement. If you didn't understand the sarcasm, too bad. > > > > > 2. Please clarify this question. > > > The question refers to how spamming works. > > Hacking into the system-> privelege escalation-> spamming (and this is only > one aspect after the system was hacked). DDos is a much nicer effect from > the hacker standpoint of view. > > How ISP deal with the fact that their systems were hacked? > > > > > > > > ________________________________ > > From: sara fink [mailto:[EMAIL PROTECTED] > Date: Fri 25/07/2008 13:49 > To: Imri Zvik > Cc: Arik Baratz; linux-il > > > Subject: Re: Israeli ISP and Blacklisting > > > Why ISP will spend time to block spammers, when they spend their time to > block/shape/inspect p2p, voip and other protocols. After all this saves much > more money. > > I would like to ask a more general question. If spammers from abroad use > Israeli ISP, it means that their systems were already compromised. How ISP > see such a thing? > > > On Fri, Jul 25, 2008 at 11:30 AM, Imri Zvik <[EMAIL PROTECTED]> wrote: > > > I cannot discuss this further when you refuse to give ANY factual > data. You publicy trash people (the abuse@ and all the other people behind > that ISP) with quite a harsh words, and refuse to back it up with facts. > You, yet again, dismiss my attempts to help you, saying it's > won't > help (???). It seems you don't really want to be helped, but just taking > advantage of the free and cheap shot. > > I will be glad if you can also forward these complaints you say > that > have been ignored by the abuse@ - I'm also interested to know why they were > ignored. > If you have sensetive information you don't want posted on this > list > - you can always mail it to me off-list. > > I must emphasize this - almost 24 hours after the original > flametory > post, I still didn't get ANYTHING to work with. > > > > > ________________________________ > > From: [EMAIL PROTECTED] בשם Arik Baratz > > > Date: ו 25/07/2008 05:21 > To: linux-il > > > Subject: Re: Israeli ISP and Blacklisting > > > > > On Fri, Jul 25, 2008 at 8:40 AM, Imri Zvik <[EMAIL PROTECTED]> > wrote: > > > Let me get this straight - You claim you already know of a > specific user that is abusing you over and over. You complain that this ISP > is not willing to help. I'm offering to help you, and I'm in the position to > do so. > You refuse with the lame excuse I (or the company I work > for) > might sue you? COME ON. Sounds quite evasive to me. If you really care and > want something to be done, you can use my help - If you want to continue > with this trolling, please, stop wasting my time. > > > > > This doesn't become you, Imri. > > I will send the LIST OF USERS that are spamming me to the abuse > address. If hypothetically, you are the ISP discussed, you should be able to > help me then. > > Just give me some time to write a python script to download my > spam > folders and sort through the headers to find them. > > Besides, what good does it do to me that you're going to close > the > users' account this one singular time? I'm talking about years of continued > abuse by many of your users. It's not going to be a one-off, and if mail to > abuse doesn't seem to help, this one-off isn't going to do much of a > difference anyway. > > So if I automate my scripts to the level that I can trust them to > run unattended, I might be able to make it run on a regular basis and send > automated messages to abuse, complete with headers and PGP signed, and then > create a graph showing exactly how effective the abuse complaints are (i.e. > how many messages I got after the first complaint and for how long). It > might be an interesting experiment. I have however just recently relocated > and am still pretty busy in a new role, location, country and continent so > it will take some time. > > If it works out I might even do it for all Israeli ISPs and > track it > on a web page... Hmm... > > -- Arik > > > > > > > > >
