How Hackers Identify Their Targets

narramissic writes "In a recent article, security guru Brent Huston writes about research he did to get inside the minds of spammers and expose some of the processes they use to identify potential targets. Huston says that among the four common ways that spam is spread, the most common method that spammers use is via open relays. Huston's research also revealed that 'they were doing much more server analysis' than he had expected and that they take a multi-step approach: 'They scan the server for proper RFC compliance, and then they send a test message to a disposable address. Only after these are complete did they adopt the tool to dump their spam.'"

Re:Duh... It's so obvious...

[whoever57]

I really get sick of this sendmail bashing. There are problems with sendmail and they are trying to rewrite sendmail to solve them. There is no such thing as perfectly secure software.

Perfectly secure: no. But look at Secunia's reports:

Postfix 1.x:

Affected By 1 Secunia advisories

Unpatched 0% (0 of 1 Secunia advisories)

Postfix 2.x:

Affected By 0 Secunia advisories

in contrast, look at Sendmail 8:

Affected By 10 Secunia advisories

Unpatched 10% (1 of 10 Secunia advisories)

So, given that there are unpatched vulnerabilities in Sendmail, why should you wait for the team to finish re-writing the code? Now, it is possible that Sendmail has some advantages in very high volume situations (although there are some older benchmarks that show Postfix was faster), but why would you want to use an MTA that is more difficult to configure and has known vulnerabilities?

I believe the main reason that people use Sendmail is that, having gone to the trouble to learn how to configure it, they don't want to waste that effort (as well as it being the default MTA in many distributions).