lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040129043625.GB1546@SDF.LONESTAR.ORG>
From: petard at freeshell.org (petard)
Subject: Proposal: how to notify owners of compromised PC's

On Wed, Jan 28, 2004 at 09:20:24PM +0100, Thomas Zangl - Mobil wrote:
> As I said before, the ISP _HAS_ to provide an alternative mail relay, open
> for every FROM address the user whishes to use. (If it?s legal or not thats
> another point). If you really need access to YOUR smtp server, it should
> be possible to configure your MTA to listen to an alternative port than
> 25 too. I use this kind of setup for myself as I?m "smtp firewalled" the
> way I?ve described above.
>
You don't understand. My organization (example.com) has its MTAs
configured such that we ONLY accept mail claiming to be FROM example.com
if it is relayed by MSAs which ONLY accept mail from our users, who can
only connect to those using TLS connections which are authenticated
using X.509 certificates. I cannot send mail to someone at example.com
from my example.com address using any other party's server. 
It was not *difficult* to configure the various MSAs to listen on 
alternate ports as well, nor to open the firewalls such that the clients 
could connect there. But it had to clear a change control process which 
has some lead time to it.

And I had to waste my time and my admin's time working around my ISP.

> The benefit (in my opinion) would be greater, in my enviroment, then the
> loss of freedom individual users will suffer. In case of static IP?s ISPs might
> be able to offer exceptions.
Unless we fix the clients, the benefit will not be there long term. You
*might* see spam confined to spam-friendly ISPs and therefore more
easily filtered, but you will not see less malware. There are too many
other vectors, and ISPs may not legally be able to virus-check every 
message they transmit. (They'd certainly *risk* their common carrier 
status by performing this filtering.) We'll just have malware going 
through ISP servers, proxies, kazaa, etc.  as so much of it already does.

regards,
petard

-- 
If your message really might be confidential, download my PGP key here:
http://petard.freeshell.org/petard.asc
and encrypt it. Otherwise, save bandwidth and lose the disclaimer.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ