lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: ge at egotistical.reprehensible.net (Gadi Evron)
Subject: Spam Solution

> SMTP AUTH cracking and using the ISP account? Not that it can't and won't be done, but
> I'm aware of no actual examples. Could you cite one please?

I was referring to using Trojaned machines and using the user's actual 
email address. Much like you were, only I was talking of using Outlook.

> So if you have enough systems doing it you can send unauthenticated mail through servers
> that require authentication? Please explain this to me.

See above.

> No it doesn't. It's enough that MTAs can choose for a while to treat authenticated and
> unauthenticated mail differently. And before too long if the major ISPs and major
> corporations and government adopt the scheme (and there's an excellent chance they will)
> others will be forced to adopt it in order for their mail to get through reliably. Then
> one day admins can throw the switch and reject unauthenticated mail. 

I hope you are right. I don't think you are, but I hope I am wrong.

I already went through this discussion on several mailing lists.. I 
think I'll quit now while ahead. :)

	Gadi Evron.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ