On Sat, 19 Mar 2011 05:42:22 +0400
Hamad Ali wrote:
> Can I assume that your solution that detected a portion of the spear
> phish is 100% SA? In case not fully SA, any hints on its mechanics?
It's not fully SA. We don't use the SA Bayes implementation; we have
our own that considers both indiv
> Subject: Re: SA and Spear Phishing
> From: guent...@rudersport.de
> To: users@spamassassin.apache.org
> Date: Sat, 19 Mar 2011 06:02:31 +0100
> []
> As I mentioned earlier, spear phishing (which are highly targeted) will
>
On 2011/03/18 21:16, Karsten Bräckelmann wrote:
On Fri, 2011-03-18 at 20:58 -0700, jdow wrote:
Other obvious information to be filtered would include SSNs. For
privacy reasons filter for numbers that look like SSNs, reflect to
user with a were you sure wrapper, and if the user responds yes send
On Fri, 2011-03-18 at 20:47 -0700, jdow wrote:
> Actually it might not be all that hard. Tweak some specific rule matches
> that indicate a high probability of phishing or spearfishing to be
> artificially high numbers. That will at least get them labeled as spam.
This is a per-site approach only.
On Fri, 2011-03-18 at 19:59 -0700, John Hardin wrote:
> On Sat, 19 Mar 2011, Karsten Bräckelmann wrote:
> > Did we just drop the spear, and downgrade to general phishing?
>
> For the purposes of my phishing rules project, yes.
Oh, right -- sorry, previously saw this in the context of *targeted*
s
On Fri, 2011-03-18 at 20:58 -0700, jdow wrote:
> On 2011/03/18 19:08, Karsten Bräckelmann wrote:
> > Or, tell your users to *never* write down their password or any other
> > account details in mail -- by policy, violation warrants getting fired
> > next day.
>
> Bingo, you've hit on an outgoing a
> Date: Fri, 18 Mar 2011 20:42:25 -0700
> From: j...@earthlink.net
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
>
> Now, I bet SpamAssassin could be run "twice", one with the standard setup
> an
On Fri, 2011-03-18 at 20:25 -0700, jdow wrote:
> Interesting: (I think you have bigger problems than mere spear-phishing.
> > 1.6 RCVD_IN_NJABL_PROXYRBL: NJABL: sender is an open proxy
> > [64p79p213p206 listed in combined.njabl.org]
> > 0.8 RCVD_IN_SORBS_SOCKS
On 2011/03/18 18:38, John Hardin wrote:
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next project, and that even a well
trained naive bayes filter might not detect it. let's be on touch on
this matter then. Any progress or collaboration is highly welcomed on
my side
On 2011/03/18 18:33, Hamad Ali wrote:
Subject: Re: SA and Spear Phishing
From: guent...@rudersport.de
To: users@spamassassin.apache.org
Date: Sat, 19 Mar 2011 02:02:35 +0100
(a) Never hand out your password. Less so in mail. No administrator ever
will
To: users@spamassassin.apache.org> Subject: Re: SA and Spear Phishing
>> And for well targeted spearfishing, he's still stuck because
nothing> distinguishes
> it from his normal mail flow other than "unknown sender"> or DNS
check failures.
> The
On Sat, 19 Mar 2011, Karsten Br?ckelmann wrote:
On Sat, 2011-03-19 at 05:47 +0400, Hamad Ali wrote:
- John Hardin said: Phishing is his next project,
Have you considered the public SA ham/spam corpus,
and monkey.org/~jose phishing corpus?
Did we just drop the spear, and downgrade to genera
On Sat, 19 Mar 2011, Hamad Ali wrote:
Date: Fri, 18 Mar 2011 18:38:44 -0700
From: jhar...@impsec.org
To: users@spamassassin.apache.org
Subject: Re: SA and Spear Phishing
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next
On Sat, 2011-03-19 at 05:47 +0400, Hamad Ali wrote:
> > > - John Hardin said: Phishing is his next project, and that even a well
> > > trained naive bayes filter might not detect it. let's be on touch on
> > > this matter then. Any progress or collaboration is highly welcomed on
> > > my side
On Sat, 2011-03-19 at 05:33 +0400, Hamad Ali wrote:
> I think we have been always yelling that our users are stupid and blah,
> and the reality still shows that users (which we hope to be educated)
> are still the weakest element in the security chain. Some people still
> focus on user training pro
> Date: Fri, 18 Mar 2011 18:38:44 -0700
> From: jhar...@impsec.org
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
>
> On Thu, 17 Mar 2011, Hamad Ali wrote:
>
> > - John Hardin said: Phishing is his ne
> Date: Fri, 18 Mar 2011 21:20:53 -0400
> From: d...@roaringpenguin.com
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
>
> Spear phishing is inherently hard to detect because it's carefully
> crafted
On Thu, 17 Mar 2011, Hamad Ali wrote:
- John Hardin said: Phishing is his next project, and that even a well
trained naive bayes filter might not detect it. let's be on touch on
this matter then. Any progress or collaboration is highly welcomed on
my side
About the only thing I need fro
> Subject: Re: SA and Spear Phishing
> From: guent...@rudersport.de
> To: users@spamassassin.apache.org
> Date: Sat, 19 Mar 2011 02:02:35 +0100
> (a) Never hand out your password. Less so in mail. No administrator ever
> will ask for t
> So when it comes to spear phish, in my view, a big question mark
> arises to indicate that its risk is simply "unknow" to mankind. This
> is unknown in the public domain as far as I know, which is why I
> posted this mail to see if any of you see any spear phish within the
> load of SPAM you dete
On Sat, 2011-03-19 at 04:38 +0400, Hamad Ali wrote:
> > [...] The human mind can be a better filter against
> > such spam than any result of mass checks.
> One of the challenges behind spear phishing is that there is no single
> performance evaluation against it. And this inlcludes user-training
> Date: Fri, 18 Mar 2011 16:06:15 -0700
> From: j...@earthlink.net
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
> And for well targeted spearfishing, he's still stuck because nothing
> distinguishes it from his normal mail flow other than &q
On Fri, 2011-03-18 at 15:39 -0700, jdow wrote:
> > You replied to a previous thread by creating a new thread. And that's
> > pissing people off.
>
> Some may figure a person too dumb to use "reply" rather than creating
> a new email is too hopeless to try to work with. Is he worth the energy
> to
On 2011/03/18 15:48, dar...@chaosreigns.com wrote:
On 03/18, jdow wrote:
As far as trust for mass checks "Hamad Ali" would have to trust the
custodians of the mass check data with the raw email stream data he
submits.
No, participating in mass checks does not require sending in all your raw
ma
On 03/18, jdow wrote:
> As far as trust for mass checks "Hamad Ali" would have to trust the
> custodians of the mass check data with the raw email stream data he
> submits.
No, participating in mass checks does not require sending in all your raw
mail. It's nice when people do, but I believe most
On 2011/03/17 13:28, dar...@chaosreigns.com wrote:
On 03/18, Hamad Ali wrote:
> No. Michael doesn't want to help you and Karsten doesn't want you to
> participate in mass-checks because of your behavior on this list.
Are you referring to ban on masschecks, or ban on receiving any s
From: Hamad Ali
Date: Sat, 19 Mar 2011 00:46:08 +0400
## back on topic ##
Anyway, I would highly appreciate any help on spear phishing. A solution, a
guess, or just if you know whether you get spear phish at all is good
information for me (I started to think that 99% of mail admi
On Sat, 2011-03-19 at 00:46 +0400, Hamad Ali wrote:
> > Oh, well, the freemail address again is mostly unrelated to discussions
> > on this list -- though yeah, while hiding behind that address is not a
> > show-stopper, using your real address (especially if you provide mail
> > services) might he
> Subject: Re: SA and Spear Phishing
> From: guent...@rudersport.de
> To: users@spamassassin.apache.org
> Date: Thu, 17 Mar 2011 21:38:19 +0100
>
> Oh, well, the freemail address again is mostly unrelated to discussions
> on this list -- though yeah, while hiding behind
On Thu, 2011-03-17 at 15:58 -0400, dar...@chaosreigns.com wrote:
> On 03/17, Hamad Ali wrote:
> >- Michael Scheidell said: "Ditto. I was about to tell him how to stop
> >spear phishing"; it seems because I'm not eligible for participation in
> >nightly masschecks, Michael decided to n
On 03/18, Hamad Ali wrote:
>> No. Michael doesn't want to help you and Karsten doesn't want you to
>> participate in mass-checks because of your behavior on this list.
>Are you referring to ban on masschecks, or ban on receiving any sort of
>help what so ever?
I'm saying it's the s
> Date: Thu, 17 Mar 2011 15:58:52 -0400
> From: dar...@chaosreigns.com
> To: users@spamassassin.apache.org
> Subject: Re: SA and Spear Phishing
> No. Michael doesn't want to help you and Karsten doesn't want you to
> participate in mass-checks because of your be
On 03/17, Hamad Ali wrote:
>Alright guys, let's forget about me doing masschecks (I didn't know
>limitations as I haven't seen the trust thingy policy anywhere
>else [1]http://wiki.apache.org/spamassassin/NightlyMassCheck).
Why do you think that page needs to say that we need to be abl
33 matches
Mail list logo
