You are not logged in.
Pages: 1
Topic closed
Today I got an email from the arch-announce mailing list:
Вас интересуют базы данных?
_______________________________________________
arch-announce mailing list
arch-announce@archlinux.org
https://lists.archlinux.org/listinfo/arch-announce
Did anybody else get this?
Was the mailing list system compromised?
Has data been leaked?
Last edited by schard (2019-10-25 23:37:01)
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
Hello. I came here this morning to write the same. I received that weird email as well. The 'from' address is prodawez [at] teleworm [dot] us .
PS. The Russian message says something like: 'Are you interested in databases?'
Offline
I've gotten this spam too.
Offline
There an email address to contact the owner: arch-announce-owner@archlinux.org
Do you think it is safe to contact him? Or we could expose our email addresses to the spammer?
Offline
There an email address to contact the owner: arch-announce-owner@archlinux.org
Do you think it is safe to contact him? Or we could expose our email addresses to the spammer?
If the mailing list indeed has been compromised, this is surely a possiblility.
You could write an email there from a burner address.
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
Today I got an email from the arch-announce mailing list:
Вас интересуют базы данных?
_______________________________________________
arch-announce mailing list
arch-announce@archlinux.org
https://lists.archlinux.org/listinfo/arch-announceDid anybody else get this?
Was the mailing list system compromised?
Has data been leaked?
There is nothing suprising here, this is just a regular spam. There is no point in creating forum thread and replying to spam in mailing list.
This type of spam is quite common. I am subscriber of 5-7 technical mailing lists and I received this message ("Вас интересуют базы данных") almost at each list approximately 1-2 times in a month.
Offline
Hello. I came here this morning to write the same. I received that weird email as well. The 'from' address is prodawez [at] teleworm [dot] us .
PS. The Russian message says something like: 'Are you interested in databases?'
'prodawez' is transliteration of russian world 'merchandiser'. Your translation is correct. By 'databases' he means either client (commercial) databases, or leaked databased containing personal information (Russia is bad in keeping personal information undisclosed).
If the mailing list indeed has been compromised, this is surely a possiblility.
You could write an email there from a burner address.
I don't remember whether unsubscribers are allowed to post to the list. Anyway, since list is free, such restriction can be easily circumvented.
Since there is nothing really here, this thread can be closed.
Last edited by mxfm (2019-10-25 11:43:47)
Offline
There is nothing suprising here, this is just a regular spam. There is no point in creating forum thread and replying to spam in mailing list.
The surprising thing is that sending mail via arch-announce should be restricted to selected mail addresses and it still happened.
Last edited by progandy (2019-10-25 14:03:24)
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
I don't remember whether unsubscribers are allowed to post to the list.
No, only authorized personnell can send emails to that mailing list.
Which suggests that either a security vulnerability of the mailing list system has been exploited or one of the authorized accounts has been compromised.
Anyway, since list is free, such restriction can be easily circumvented.
I call bullshit. If the email addresses are securely stored and emails can be sent only with prior authentication, either there's a security issue or credentials have been leaked.
If it is just one of those spam systems, that check the sending authorization by only checking the sender email, it should be migrated to a more secure solution in order to mitigate spam.
I did not subscribe to the mailing lists to receive spam.
Since there is nothing really here, this thread can be closed.
Let's let the moderators decide this, shall we?
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
No, only authorized personnell can send emails to that mailing list.
Which suggests that either a security vulnerability of the mailing list system has been exploited or one of the authorized accounts has been compromised.
Then spammers have found the loophole.
I call bullshit. If the email addresses are securely stored and emails can be sent only with prior authentication, either there's a security issue or credentials have been leaked.
If it is just one of those spam systems, that check the sending authorization by only checking the sender email, it should be migrated to a more secure solution in order to mitigate spam.
I did not subscribe to the mailing lists to receive spam.
Anyway, I see little sense in discussing this issue at forum.
Let's let the moderators decide this, shall we?
... which does not prohibit to ask mods to close the the thread.
Offline
I got the same message too
Offline
See dev responses on https://www.reddit.com/r/archlinux/comm … ent_email/
Offline
Well hopefully its addressed, I didn't sign up to get "spam" mail from an email that is only utilized for news alerts etc...Just got a second one titled "poster password test" It also includes a link that I would suggest no one to click
Offline
got the initial mail here as well
and just now I got another one with the following message:
poster password test
definitely there is something wrong.
Last edited by theodore (2019-10-25 19:22:09)
Offline
Its been fixed. The second email was testing the fix.
Offline
Sakura:-
Mobo: MSI MAG X570S TORPEDO MAX // Processor: AMD Ryzen 9 5950X @4.9GHz // GFX: AMD Radeon RX 5700 XT // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 6x 1TB SSD, 2x 120GB SSD, 1x 275GB M2 SSD
Making lemonade from lemons since 2015.
Online
@jasonwryan,wormzy
Thanks for the follow up.
Inofficial first vice president of the Rust Evangelism Strike Force
Offline
schard wrote:No, only authorized personnell can send emails to that mailing list.
Which suggests that either a security vulnerability of the mailing list system has been exploited or one of the authorized accounts has been compromised.Then spammers have found the loophole.
schard wrote:I call bullshit. If the email addresses are securely stored and emails can be sent only with prior authentication, either there's a security issue or credentials have been leaked.
If it is just one of those spam systems, that check the sending authorization by only checking the sender email, it should be migrated to a more secure solution in order to mitigate spam.
I did not subscribe to the mailing lists to receive spam.Anyway, I see little sense in discussing this issue at forum.
schard wrote:Let's let the moderators decide this, shall we?
... which does not prohibit to ask mods to close the the thread.
Was your issue solved?
“Talent you can bloom. Instinct you can polish.” — Haikyuu!! (adapted)
“If everybody thought alike, no one would be thinking very much.” — Walter Lippmann (adapted)
“The important thing is to be able, at any moment, to sacrifice what we are for what we could become.” — Charles Dubois
Offline
Closing this old solved topic.
Offline
Pages: 1
Topic closed