[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 25/04/13 23:01, Martijn Grooten wrote: > > On Apr 25, 2013 10:34 PM, "Simon Waters" wrote: >> Trouble is, whilst Yahoo have more pieces of the puzzle than we do, the >> only people we know "must" know are the spammers themselves. The >> information must be coded in the software doing the spamming, although >> possibly obliquely. > > Not necessarily. Why I said obliquely. If the machine has or is being fed a list of plain text passwords we know the password is owned, likely a lot of them. If it has a stack of cookies, it is cookie theft. If it is working sequentially through a list of IDs in code it is a protocol thing. Of course if it has passwords we don't know how they got them, but the scope of the list might be a clue. e.g. if it is dense alphabetically you might be able to deduce if they have the full password file or some hint at the proportion of accounts compromised. Such a machine might also lead us closer to the perpetrators. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq