[130643] in North American Network Operators' Group
Re: New hijacking - Done via via good old-fashioned Identity Theft
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Thu Oct 7 09:45:33 2010
To: Sven Olaf Kamphuis <sven@cb3rob.net>
In-Reply-To: Your message of "Thu, 07 Oct 2010 12:10:37 -0000."
<Pine.LNX.4.64.1010071156310.30620@a84-22-97-10.cb3rob.net>
From: Valdis.Kletnieks@vt.edu
Date: Thu, 07 Oct 2010 09:44:29 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1286459069_11094P
Content-Type: text/plain; charset=us-ascii
On Thu, 07 Oct 2010 12:10:37 -0000, Sven Olaf Kamphuis said:
> If what you're asking under point c is "what happens if a system that
> contains such a password for your email address gets compromised" the
> answer is simple, you remove that specific password from your approved
> passwords list
140 million or so compromised systems. You may be spending a lot of time
removing compromised passwords from your list - and even more problematic,
notifying everybody of the *new* password(s) they should use to e-mail to you.
So far this month, I've seen 4,964 mails from 1,090 different From: lines
(mostly due to a subscription to the linux-kernel list, which is a true fire
hose), and some 250 different SMTP MAIL FROM: sources.
> (note that on the receiver side, the password is not linked
> to the source email address, senders can use any source email address they
> want, as long as one of the currently active/accepted passwords is in the
> email)
We'll overlook the fact that if the password isn't linked to the source
address, then *any* sender can use any source they want, as long as as it's
known that *some* sender used '97%-chicken-teriyaki' as a password. And with
140 million compromised boxes, there's a basically never-ending supply of
credentials to be stolen and used.
> remaining problems with this system are:
> by lack of a standard header for Password: which should be supported by
> all clients, address books, online shops, mailinglists, we put the
> password in the email, which means, that on Cc:'s and forwards etc
> the password got forwarded along with the email, potentially giving other
> people the password too.
And you recognize that your scheme leaks said passwords, but that's not a fatal
problem.
> Now, this is -100%- spam stopping, smtp can be as open relay and you want,
> the internet can be full of compromised windows boxes chunking out tons of
> crap, but you won't get any spam, just mail from people YOU choose to deal
> with, by actively -giving- them a password yourself, which you can also
> -revoke-.
So explain to me in *detail* - you're in the To: line of this mail. I don't
believe I've sent to you in the past. I acquire a password valid to send you
this e-mail, how, exactly? After all, I can't e-mail you and ask for one...
After that, explain how a Hotmail user migrates to GMail (or vice versa) and
retains their ability to contact everybody they used to contact.
You might want to look at this:
http://www.rhyolite.com/anti-spam/you-might-be.html
and see how many of the entries in the list apply to your proposal. (Nothing
personal - I don't think *any* realistic anti-spam proposal can get much
traction unless they've at least *thought* about every single bullet point on
that list).
Further discussion is probably best on SPAM-L.
--==_Exmh_1286459069_11094P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFMrc69cC3lWbTT17ARAhi/AJ0ZgfcIFeuFAKzGUQ35FLQmClL00gCg8srD
kxskT4b70O24Zcc1IyDsxF4=
=dkz2
-----END PGP SIGNATURE-----
--==_Exmh_1286459069_11094P--
