Good girls go to heaven, Spammers go to ROSKO

Well, of course you know that actually all the different spam is organized and “centralized” in a few locations, addresses, nicks or websites, almost the 80% of the spam can be resumed in no more than 200 Aliases or webs as I told before. That’s is what ROSKO does.

In the ROSKO FAQ you can find what ROSKO is:

The Register of Known Spam Operations (ROKSO) is a register of spam senders and spam services that have been thrown off Internet Service Providers 3 times or more in connection with spamming or providing spam services, and are therefore repeat offenders. Spamhaus believes that these known determined professional spam operations are responsible for approximately 80% of spam on the Internet.

The ROKSO database collates information and evidence on each gang to assist ISP Abuse Desks and Law Enforcement Agencies.

The existence of these known professional spammers, the aliases they use to obtain ISP accounts, their methods and history is vital need-to-know information for the protection of the ISP industry.

So here you are the list of the 200 most famous spammers! (Updated)


Portal, Really addictive

Back to School



Black Hat 2007 Japan

Closing soon.


BT Home hub/Speedtouch 7G vulnerability

High Critical vulnerability has been discovered in this multifunctional device, quite popular all around the UK.

The problem:

The router can be totally owned remotely (Full Admin control).


The “victim” has to visit a malicious site. That’s it, no more no less, this could be easily done with a bit of Social engineering.


Using an exploit to enable a backdoor.

What an attacker can do:

– Stealing VoIP credentials (Spying calls).

-Exposing internal hosts on the DMZ.

– Fake the DNS to steal bank credentials.

– Steal WEP/WPA key.

– Change the autoupdates to avoid this fix to be corrected.

and so on…

Here you are a little video showing it (Poor quality):

We have to thank all this information to GNUcitizen.

 More details about the vulnerability here.

Adobe vulnerability in versions 8.1 or earlier.

I know this is not brand new, but again all points to Microsoft fault, I mean it’s not only Adobe’s fault, at least this last one published a workaround to avoid the problem, you can find it here.

 Surprisingly this bug doesn’t affect to Vista machines which is a point for Microsoft and for Vista too but considering all the vulnerabilities that remains in Vista from XP it will not be a great difference in the total score.

The description you can find in FrSIRT is:

 “A vulnerability has been identified in Adobe Acrobat and Reader, which could be exploited by attackers to take complete control of an affected system with Internet Explorer 7 installed. This issue is caused by an input validation error when processing a specially crafted “mailto:” link, which could be exploited by remote attackers to inject and execute arbitrary commands by tricking a user into opening a specially crafted PDF document.”

Another PDF bug with “remote code execution” included, I think Adobe is not doing really right. (Even if no all the fault is theirs).

Security Genome

I have to thank Mark Curphey for let me link this great article called Security Genome.

 It was mented again in the Daily Dave Mailing list.

 Congratulations Mark, great article.

Here it is the link.