[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SMTP, PINE, and security
- To: [email protected]
- Subject: SMTP, PINE, and security
- From: [email protected] (Greg Broiles)
- Date: Sun, 11 Jul 93 23:46:22 PDT
- Organization: iDeath / Golden Bear Consulting
-----BEGIN PGP SIGNED MESSAGE-----
me <uunet!Cloud.Cuckoo.Land!root> writes:
> One of the many neat features of PINE is that it allows one to talk
> to the SMTP server _directly_, bypassing sendmail (and its security checks).
> What this means is that instead of doing a "telnet xxxx smtp", you can
> build and configure a PINE client to do it for you, and retain all the
> nice features. PINE source code is freely available, and does not require
> root privs to run (any more than it requires root privs to "telnet xxx smtp")
[stuff deleted]
> If that happens, the days of EZ phreaking are over.....
I dunno; if things change such that it's considered normal for users to
connect to local or outside SMTP and NNTP ports, that would seem to create
an convenient smokescreen/excuse for folks who use those ports for their
own (non-approved) ends. It'll be a lot harder to look through a log for
unknown connections.
See the discussion on comp.dcom.telecom about how difficult it is to
provide authentication of cellular phones and fraud prevention, while
allowing people to buy new phones easily, roam, and do all of that
other stuff that people do. I think the SMTP/NNTP/PINE/whatever stuff
is very similar - I think it may prove so difficult to truly authenticate
unknown and untraceable users that people will turn to other means for
identifying a few trusted machines/people/processes. Public-key crypto,
perhaps? :) Security and convenience are basically incompatible; I'm hoping
that we opt for convenience.
-----BEGIN PGP SIGNATURE-----
Version: 2.3
iQCVAgUBLEEIfn3YhjZY3fMNAQGVfwQAoestrAnd168C061KVqb+znRBFNoAIS1k
Ic7JtsVxzj9xaFc5v5nKDUgHD4g47ulTyc1jqEFKmUjfqfal5xZVhN+/4wHFaN0v
2gNbYByvd7/QL685+lkGGkFr1ff7qTdWqVk5LV6b4fRyhJcTHIH48x/55QO0Oo3y
DYdA6GDuChk=
=SOFw
-----END PGP SIGNATURE-----
--
Greg Broiles [email protected]
Golden Bear Computer Consulting +1 503 465 0325
Box 12005 Eugene OR 97440 BBS: +1 503 687 7764