[170362] in North American Network Operators' Group
Re: why IPv6 isn't ready for prime time, SMTP edition
daemon@ATHENA.MIT.EDU (Lamar Owen)
Wed Mar 26 15:59:32 2014
Date: Wed, 26 Mar 2014 15:56:23 -0400
From: Lamar Owen <lowen@pari.edu>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <9370.1395860387@turing-police.cc.vt.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 03/26/2014 02:59 PM, Valdis.Kletnieks@vt.edu wrote:
> You *do* realize that the OS vendor can't really do much about users
> who click on stuff they shouldn't, or reply to phishing emails, or
> most of the other ways people *actually* get pwned these days? Hint:
> Microsoft *tried* to fix this with UAC. The users rioted.
Yep, I do realize that and I do remember the UAC 'riots.' But the OS
vendor can make links that are clicked run in a sandbox and make said
sandbox robust. A user clicking on an e-mail link should not be able to
pwn the system. Period.
Most of the phishing e-mails I've sent don't have a valid reply-to,
from, or return-path; replying to them is effectively impossible, and
the linked/attached/inlined payload is the attack vector.
