[GENERAL] write on screen

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

[GENERAL] write on screen

mastersail
Hi.
I have a problem - I run pl/sql script on postgresql base using command line in windows and I need to view some data in this command line, but I don't know how to send them in the script.Pleas help

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
       subscribe-nomail command to [hidden email] so that your
       message can get through to the mailing list cleanly
Reply | Threaded
Open this post in threaded view
|

[GENERAL] E-mail harvesting on PG lists?

Carlos Moreno-2

This is worrisome...

I decided to create a separate account for my subscription to PG's
mailing lists (to avoid all replies bouncing back due to my strict
whitelist anti-spam filter) -- I created the account on Dec 22, and
today I notice a phishing e-mail  ("Your PayPal account"), meaning
that it took less than two weeks for my e-mail address to go from
PG's mailing list to a spammers' database of addresses...  Needless
to say that I have not used this e-mail address (but really, really
really 100% absolute certainty that I have not used it in any single
instance), other than to post a couple messages in here.

This is truly worrisome...  I wonder if spammers today are basically
subscribing to mailing lists so that they receive the e-mails (seems
like a very obvious trick), or if they're moving to the next level
of "decrypting" the "encrypted / anti-spam" form of e-mail addresses
(the way they're displayed on the mailing list web site)

Any comments?   If it is the first option above, then it feels like
by definition there is absolutely nothing that can be done, now
or ever  :-(

Carlos
--


---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
       choose an index scan if your joining column's datatypes do not
       match
Reply | Threaded
Open this post in threaded view
|

Re: [GENERAL] E-mail harvesting on PG lists?

Bruce Momjian-2
Carlos Moreno wrote:

>
> This is worrisome...
>
> I decided to create a separate account for my subscription to PG's
> mailing lists (to avoid all replies bouncing back due to my strict
> whitelist anti-spam filter) -- I created the account on Dec 22, and
> today I notice a phishing e-mail  ("Your PayPal account"), meaning
> that it took less than two weeks for my e-mail address to go from
> PG's mailing list to a spammers' database of addresses...  Needless
> to say that I have not used this e-mail address (but really, really
> really 100% absolute certainty that I have not used it in any single
> instance), other than to post a couple messages in here.
>
> This is truly worrisome...  I wonder if spammers today are basically
> subscribing to mailing lists so that they receive the e-mails (seems
> like a very obvious trick), or if they're moving to the next level
> of "decrypting" the "encrypted / anti-spam" form of e-mail addresses
> (the way they're displayed on the mailing list web site)

Our email lists are mirrored onto web sites like Google, so I am
thinking they got it that way.

> Any comments?   If it is the first option above, then it feels like
> by definition there is absolutely nothing that can be done, now
> or ever  :-(

Yes, I came to that conclusion long ago.

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  [hidden email]               |  (610) 359-1001
  +  If your life is a hard drive,     |  13 Roberts Road
  +  Christ can be your backup.        |  Newtown Square, Pennsylvania 19073

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
Reply | Threaded
Open this post in threaded view
|

Re: [GENERAL] E-mail harvesting on PG lists?

Magnus Hagander
In reply to this post by Carlos Moreno-2
> > This is truly worrisome...  I wonder if spammers today are
> basically
> > subscribing to mailing lists so that they receive the
> e-mails (seems
> > like a very obvious trick), or if they're moving to the
> next level of
> > "decrypting" the "encrypted / anti-spam" form of e-mail
> addresses (the
> > way they're displayed on the mailing list web site)
>
> Our email lists are mirrored onto web sites like Google, so I
> am thinking they got it that way.

archives.postgresql.org properly "hides" the addresses. However, they
are mirrored to Usenet News, where anybody can pick them up. Much easier
that way, I bet that's what most use.


> > Any comments?   If it is the first option above, then it feels like
> > by definition there is absolutely nothing that can be done, now or
> > ever  :-(
>
> Yes, I came to that conclusion long ago.

That's the bottom line, though. Spamfilters help, but only part of the
way.

//Magnus

---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
       choose an index scan if your joining column's datatypes do not
       match
Reply | Threaded
Open this post in threaded view
|

Re: [GENERAL] E-mail harvesting on PG lists?

Tom Lane-2
In reply to this post by Bruce Momjian-2
Bruce Momjian <[hidden email]> writes:
> Carlos Moreno wrote:
>> Any comments?   If it is the first option above, then it feels like
>> by definition there is absolutely nothing that can be done, now
>> or ever  :-(

> Yes, I came to that conclusion long ago.

Aggressive spam filtering is about the only thing that keeps email
workable at all anymore :-(.  The idea of keeping your address hidden
is not workable and never really has been IMHO.

                        regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
Reply | Threaded
Open this post in threaded view
|

Re: [GENERAL] E-mail harvesting on PG lists?

Gregory Youngblood
In reply to this post by Bruce Momjian-2
I created an account for perl-cpan and it got hit with spam/phishing attempts in less than a week.

There's not a lot that can be done about it. It's a losing battle to try and fight. There are some things you can do, but it won't be 100% effective. The closer you get to 100% effective, the more likely you are to throw the baby out with the bathwater.

I started using dedicated addresses a few years ago. Anytime I sign up for something, I use an address dedicated for that purpose. Then, when I start seeing spam patterns, I know where the address was used. In the case of mailing lists, there's not much to hide. However, when you sign up for something with a legit store, and then 2 or 3 months later you start getting bombarded with spam having nothing to do with that store -- it's a pretty safe bet where the spammer got your address (unless you use a very easy to guess address like a simple first name or something).

The other problem is dictionary attacks. There are distributed networks of bots that do nothing except try a dictionary of names against your mailserver. You can see how coordinated they are when you are getting dictionary scans from IP addresses all over the globe, starting with A, and not overlapping words.
They are getting more devious too. I found one that had a bug in their tool so it was obvious the connections were linked and they overlapped names every so often (unless it was a single bot net running two separate lists, which is also possible).

It's ugly. No matter how you slice.

Greg
Reply | Threaded
Open this post in threaded view
|

Re: [GENERAL] E-mail harvesting on PG lists?

Peter Eisentraut-2
In reply to this post by Magnus Hagander
Magnus Hagander wrote:
> archives.postgresql.org properly "hides" the addresses.

If you think that spammers are unable to do s/ (at) /@/ you're living in
a dream world.

---------------------------(end of broadcast)---------------------------
TIP 6: explain analyze is your friend
Reply | Threaded
Open this post in threaded view
|

Re: [GENERAL] E-mail harvesting on PG lists?

Peter Eisentraut-2
In reply to this post by Carlos Moreno-2
Carlos Moreno wrote:
> today I notice a phishing e-mail  ("Your PayPal account"), meaning
> that it took less than two weeks for my e-mail address to go from
> PG's mailing list to a spammers' database of addresses...

Normally you get turnaround times of less than two hours on this, so you
got a good deal.

---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
       subscribe-nomail command to [hidden email] so that your
       message can get through to the mailing list cleanly
Reply | Threaded
Open this post in threaded view
|

Re: [GENERAL] E-mail harvesting on PG lists?

Guy Rouillier
In reply to this post by Carlos Moreno-2
Carlos Moreno wrote:

> Any comments?   If it is the first option above, then it feels like
> by definition there is absolutely nothing that can be done, now or
> ever  :-(

I got an IMAP account with BurntMail.com.  I belong to a dozen mailing
lists, and haven't received any spam since getting the email account.
They obviously do aggressive spam filtering, but as far as I know I'm
getting all the email I should.  An option to consider...

--
Guy Rouillier


---------------------------(end of broadcast)---------------------------
TIP 2: Don't 'kill -9' the postmaster
Reply | Threaded
Open this post in threaded view
|

Re: [GENERAL] E-mail harvesting on PG lists?

Ian Harding
On 1/8/06, Guy Rouillier <[hidden email]> wrote:

> Carlos Moreno wrote:
>
> > Any comments?   If it is the first option above, then it feels like
> > by definition there is absolutely nothing that can be done, now or
> > ever  :-(
>
> I got an IMAP account with BurntMail.com.  I belong to a dozen mailing
> lists, and haven't received any spam since getting the email account.
> They obviously do aggressive spam filtering, but as far as I know I'm
> getting all the email I should.  An option to consider...

I use Gmail which promises I will never run out of room, can tag
messages and bypass the inbox, and has a very good spam filter.
Searching is obviously pretty good too.

I noticed I got about 5 - 10 spam emails within MINUTES of each post
before I switched to Gmail, I'm sure I still do, I just don't see
them.

---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
Reply | Threaded
Open this post in threaded view
|

Re: [GENERAL] E-mail harvesting on PG lists?

Jim C. Nasby
In reply to this post by Peter Eisentraut-2
On Sun, Jan 08, 2006 at 12:34:25AM +0100, Peter Eisentraut wrote:
> Magnus Hagander wrote:
> > archives.postgresql.org properly "hides" the addresses.
>
> If you think that spammers are unable to do s/ (at) /@/ you're living in
> a dream world.

Agreed. I'd honesly rather we drop that nonsense so I can at least cut
and paste email addresses when needed.
--
Jim C. Nasby, Sr. Engineering Consultant      [hidden email]
Pervasive Software      http://pervasive.com    work: 512-231-6117
vcard: http://jim.nasby.net/pervasive.vcf       cell: 512-569-9461

---------------------------(end of broadcast)---------------------------
TIP 4: Have you searched our list archives?

               http://archives.postgresql.org
Reply | Threaded
Open this post in threaded view
|

Re: [GENERAL] E-mail harvesting on PG lists?

Greg Sabino Mullane

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>> If you think that spammers are unable to do s/ (at) /@/ you're living in
>> a dream world.
 
> Agreed. I'd honesly rather we drop that nonsense so I can at least cut
> and paste email addresses when needed.

I'd rather not. While obfuscation is not a surefire solution, it does help.
Quite a bit, as spammers generally go for the low hanging fruit. I've done
tests on this, and the number of spams received is far higher for
unobfuscated email addresses.

- --
Greg Sabino Mullane [hidden email]
PGP Key: 0x14964AC8 200601101538
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8

-----BEGIN PGP SIGNATURE-----

iD8DBQFDxBv6vJuQZxSWSsgRAjHTAKCS3T2o1zPaZNESrUyrL9NZyuZgYgCg/GGW
XxaU+C1A4Ol7ggUsTg9SMno=
=zuf4
-----END PGP SIGNATURE-----



---------------------------(end of broadcast)---------------------------
TIP 3: Have you checked our extensive FAQ?

               http://www.postgresql.org/docs/faq