lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <23491.1334704236@turing-police.cc.vt.edu>
Date: Tue, 17 Apr 2012 19:10:36 -0400
From: Valdis.Kletnieks@...edu
To: "Elazar Broad" <elazar@...hmail.com>
Cc: full-disclosure@...ts.grok.org.uk, adam@...osecinstitute.com
Subject: Re: Windows XP denial of service 0day found in
	CTF exercise

On Tue, 17 Apr 2012 17:48:47 -0400, "Elazar Broad" said:

> At least configure your SPF record policy to hard fail, and consider Domain Keys and/or DMARC.

Given where his MX's point, and the fact that the SPF includes a :include that
points at another domain, simply setting it to "hard fail" without breaking his
e-mail may or may not be easy to do.  Similarly, if he sets it to hard fail, he
probably can't turn on DKIM without the cooperation of the domain listed in the
:include

(A *lot* of sites that do SPF only code 'soft fail' so that other tools like
spamassassin can add a few points if the mail comes from an "unexpected" place,
but don't want to have hard-fail because that can break users.  For instance,
we don't publish a hard-fail because that results in a support headache if one
of our professors goes to a conference and sends e-mail from his hotel room -
and the hotel network hijacks the connection.  *loads* of fun to sort that out
when the professor calls our help desk from Seattle or Tokyo.  And of course,
he's a chemical engineering professor, so has zero network debugging tools on
the laptop...)


Content of type "application/pgp-signature" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ