lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <00a301c401dc$7d91b330$5b00005a@moregarlic.com>
From: larry at larryseltzer.com (Larry Seltzer)
Subject: Backdoor not recognized by Kaspersky

>>SMTP auth does not help at all. A virus that delivers email via it's own SMTP engine
completely bypasses the end users ISP server(s). And if the recipient server does not
allow incoming mail from wherever it is presented from, then incoming mail will simply
be broken unless there is some sort of SPF. 

Yeah, exactly, that's the point. SMTP AUTH plus something like SPF/CID/DK would stop all
the existing worms from operating. Mail sent through their own engines would be rejected
by SPF/CID/DK. 

>>But, SPF, caller-ID, and Domain keys all have major unsolved issues with forwards,
aliases, corporate employees checking their work mail and needing to reply through their
home connection ISP, but with their company 'From: ' address and several other common
scenarios. Until their is universal adoption of some add on to SMTP, nobody can reject
all non-conforming mail safely. 

It's not hard to imagine the largest ISPs and large corps accepting it, at which point
it would become necessary for others to accept it or risk having their mail shut out. 

>>All implementations create a much greater load on DNS. 

Greater, yes. Much greater, I'm not so sure. Verisign doesn't think it's a substantial
extra load. The DNS data could very reasonably be cached.

>>The real issue is that their is no possible algorithmic solution to rejecting email
reliably based on any of its source, its content, or any combination. 

So SPF/CID/DK don't work? They reject based on domain

>>If the mail is not accepted, laws prohibit silently discarding it. 

I've never heard this before. What law?

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
larryseltzer@...fdavis.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ