Yet Another Ninja wrote:
This is not to suggest that I ever understood the part about using
half-length MD5.
No need. I'm using full-length hashes now, plus the SURBL/chmod style
IP addresses. I must have lost the email I was composing on the topic,
but it's fully propagated by now. I've attached my code.
Note that the code still supports the old truncated string. I'll rip
that out soon. Also note that I'm not an advanced perl coder (almost
all of my perl scripts start as POSIX shell scripts, including this one)
.... so while I'm happy to get *suggestions*, I'm not so eager for the
insults and hash words this list tends to give instead.
I'm trying hard to convince myself this data is really useful.
the whole
http://anti-phishing-email-reply.googlecode.com/svn/trunk/phishing_reply_addresses
file has 4518 entries, including vintage 2008
compared to the big_boyz my trap feed is quite small and I collected
1598 entries during the last 4 hrs
hmmmmm
does anybody have any hit metrics?
The list was set up to satisfy a very specific group of users that were
being targetted by a very specific scam. Spear Phishing against Higher
Education institutions in the UK and USA. It was originally discussed on
a mailing list run by "nd.edu" which can only be subscribed to by people
who are in that particular sector. For that particular group, the list
has been useful. How useful it is for people outside of that scenario, I
don't know.
--
Mike Cardwell
(https://secure.grepular.com/) (http://perlcv.com/)
