Hello and welcome to the Tuesday, February 6, 2020,

for edition of the Sandin and Storms, Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

A quick diary today from Jesse, which is really a preview of work that he sort of started,

and that's well how does exposing an email address to the public on a website effect spam received by that email address and how various

obfuscation methods kind of work and how effective they are again this is sort of still work in progress, just having

the email as part of a web form that apparently only took two days to receive spam, having

an HTML comment with an email address that took nine days. A simple obfuscation technique

where Jesse just replaced the ad simple with the word ad in parentheses,

that actually has so far been effective in stopping spam to go to that email address.

Of course, maybe just a matter of time.

As I said, this is still somewhat work in progress.

Personally, I found it's pretty much impossible to prevent an email address from receiving

spam.

If you just wait long enough, well, we'll see how long it will take for that obvious

email address to be picked up.

And then we got a little bit more details about what exactly happened at any desk,

at least what was compromised.

Apparently the attacker did have access to source code and also was able to compromise

the signing certificate used by any deskk in software it distributes,

which means the private key was stolen.

They now have used a new signing certificate.

...