Re: spamassassin hole again?

Any chance you could provide a *clue* as to what you're seeing, eg message subject, from, etc??? Andrew Fried andrew.fr...@gmail.com On 4/13/14, 1:00 AM, Babak Farrokhi wrote: > We are not using spamasassin and only major RBLs in place and seeing the same > wave of spam. Seems like a new botnot

Re: spamassassin hole again?

On 13/04/2014 08:10, Andrew Fried wrote: Any chance you could provide a *clue* as to what you're seeing, eg message subject, from, etc??? The subjects seem to vary; but appear to involve animals, sex and cute women in various orders (apologies to anyone offended by that). Content is a one-li

Re: responding to DMARC breakage

On Sat, Apr 12, 2014 at 10:12 AM, Miles Fidelman wrote: > valdis.kletni...@vt.edu wrote: > >> On Sat, 12 Apr 2014 10:12:09 -0400, Miles Fidelman said: >> >> It occurs to me that Yahoo's deployment of DMARC p=reject, and the >>> choice of several big mail operators to honor that, has created a >>

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Matt Palmer wrote: > * The NSA found it *amazingly* quickly (they're very good at what they do, > but I don't believe them have superhuman talents); or It's quite plausible that they watch the changes in open-source projects to find bugs. They could do nice diffs and everything.

Re: responding to DMARC breakage

Matthew Petach wrote: On Sat, Apr 12, 2014 at 10:12 AM, Miles Fidelman mailto:mfidel...@meetinghouse.net>> wrote: valdis.kletni...@vt.edu wrote: On Sat, 12 Apr 2014 10:12:09 -0400, Miles Fidelman said: It occurs to me that Yahoo's d

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

> It's quite plausible that they watch the changes in open-source > projects to find bugs. They could do nice diffs and everything. the point of open source is that the community is supposed to be doing this. we failed. randy

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/13/2014 07:30 AM, Randy Bush wrote: It's quite plausible that they watch the changes in open-source projects to find bugs. They could do nice diffs and everything. the point of open source is that the community is supposed to be doing this. we failed. Versus all of the closed source b

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

>> the point of open source is that the community is supposed to be doing >> this. we failed. > Versus all of the closed source bugs that nobody can know of or do > anything about? for those you can blame the vendor. this one is owned by the community. it falls on us to try to lower the probabi

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

On 04/13/2014 07:52 AM, Randy Bush wrote: the point of open source is that the community is supposed to be doing this. we failed. Versus all of the closed source bugs that nobody can know of or do anything about? for those you can blame the vendor. Or not. this one is owned by the communit

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

* ra...@psg.com (Randy Bush) [Sun 13 Apr 2014, 16:52 CEST]: the point of open source is that the community is supposed to be doing this. we failed. Versus all of the closed source bugs that nobody can know of or do anything about? for those you can blame the vendor. BSAFE is almost worse if

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

Doesn't OpenSSL even fundraise? Based on the number of dollars they've taken in (what I could find online) most of them are better off taking side jobs as psychics to pay for audits. I know of at least one thing they could have predicted in the future. ;) Sent from my T-Mobile 4G LTE Device

Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]

>And we all know how well civic duty works as a motivator. If we really >want to do something >constructive, convince the corpro-takers to open their wallets to fund >those auditing functions. For once, I agree with Mike. (Twice in one year?) Considering how widely openssl is used, and how imp