On 28-mei-04, at 15:06, John Stracke wrote:

(I've yet to see a proposal that works if the spammers start
utilizing zombie machines that snarf the already-stored credentials of the user to send mail)....

The question is whether spammers can obtain new credentials (stolen or otherwise) faster than others can blacklist them.

And, if you had actually read the message you replied to, you would have realized that the answer is yes.

I don't see why.

Send out a worm that makes N zombies, have each zombie send one message under the local user's credentials, and none of them will get blacklisted.

That makes the number of spam messages received by an email user (on average) equal to the number of email users divided by the number of systems vulnerable to becoming a zombie. So one spam a day/week/month or so = a lot better than the current situation.


Don't assume that the high level of vulnerability we're seeing today will remain the same in the future. (It will remain > 0 though.) There was a time when desktop systems would completely crash regularly because badly written software would take down the whole system. Software quality isn't beter these days, but desktop operating systems are now able to protect the system against most software errors. I'm sure we'll see similar developments in the area of security. Zone Alarm (network access restricted on a per-application basis) and the MacOS keychain system (access to passwords and certificates restricted on a per-application basis) are the way of the future.

--
"Every computer sold in the US is safe by default.  It is powered off,
disconnected, in a factory sealed box" - Sean Donelan, on NANOG


_______________________________________________ Ietf mailing list [EMAIL PROTECTED] https://www1.ietf.org/mailman/listinfo/ietf

Reply via email to