lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <000701c37f8d$98081a50$550ffea9@rms>
From: rms at computerbytesman.com (Richard M. Smith)
Subject: How VeriSign's SiteFinder service breaks Outlook Express

Hello,

I discovered that VeriSign's SiteFinder service breaks Microsoft's
Outlook Express email reader.  If a user misspells a domain name in
their POP3 or SMTP server name, Outlook Express no longer provides
meaningful error messages to a user to help them to fix the problem.

Here are the expected error messages in Outlook Express for a misspelled
domain name:

   The host 'smtp.rcntypodomain.us' could not be 
   found. Please verify that you have entered the 
   server name correctly. Account: 'pop.rcn.com', 
   Server: 'smtp.rcntypodomain.us', Protocol: SMTP, 
   Port: 25, Secure(SSL): No, Socket Error: 11004, 
   Error Number: 0x800CCC0D
 
   The host 'pop.rcntypodomain.us' could not be found. 
   Please verify that you have entered the server name 
   correctly. Account: 'pop.rcn.com', Server: 
   'pop.rcntypodomain.us', Protocol: POP3, Port: 110, 
   Secure(SSL): No, Socket Error: 11004, Error Number: 
   0x800CCC0D

With SiteFinder, here are the error messages that are now produced:

   The message could not be sent because one of the 
   recipients was rejected by the server. The rejected 
   e-mail address was 'rms@...puterbytesman.com'. 
   Subject 'Testing 1 2 3', Account: 'pop.rcn.com', 
   Server: 'smtp.rcntypodomain.com', Protocol: SMTP, 
   Server Response: '550 <unknown[24.91.207.165]>: 
   Client host rejected: The domain you are trying 
   to send mail to does not exist.', Port: 25, 
   Secure(SSL): No, Server Error: 550, Error 
   Number: 0x800CCC79
 
   The connection to the server has failed. Account: 
   'pop.rcn.com', Server: 'pop.rcntypodomain.com', 
   Protocol: POP3, Port: 110, Secure(SSL): No, Socket 
   Error: 10061, Error Number: 0x800CCC0E

Similar problems may exist in other email readers and other
Internet-enabled software.  This Outlook Express problem raises
questions about what kind of testing VeriSign did to understand the
collateral damage to application software from the SiteFinder service
before the service was turned on.

Richard M. Smith
http://www.ComputerBytesMan.com
 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ