On 17/10/09 07:41 -0700, ch...@blask.org wrote:
>An outright replacement system for SMTP as a whole strikes me as extremely
>unlikely. The amount of inertia to push against dictates that the
>alternative would have to be outrageously beneficial and that benefit
>would have to be overwhelmingly dem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, Oct 19, 2009 at 12:05 AM, Dan White wrote:
> If email isn't fixed (by replacing SMTP), then I'm afraid it'll wane
> through attrition, and be relegated to a corporate messaging system.
>
I'm wondering -- through watching this thread -- if pe
> On Oct 17, 2009, at 8:11 AM, Remo Cornali wrote:
>
> > Doh, I didn't know he is an Arab Sheikh. ;-)
o/` Sheik it, sheik it, baby! o/`
___
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funs
--- On Mon, 10/19/09, Paul Ferguson wrote:
> I'm wondering -- through watching this thread -- if people
> actually think spam is the biggest threat we face on the
> Internet?
Oh, I doubt it. Spam's appeal as a topic of debate is that it is ubiquitous
and intractable. You can opine about it a
> I'm wondering -- through watching this thread -- if people actually
> think spam is the biggest threat we face on the Internet?
It's not nothing, although it has become a boring subject.
It's closely related though to the subject of this thread, the botnet
problem. That is a big threat.
Larr
> If email isn't fixed (by replacing SMTP), then I'm afraid it'll wane
> through attrition, and be relegated to a corporate messaging system.
> 16 year olds today tend to use SMS and social applications, [...]
> HTTP will probably replace SMTP, and when that happens Google,
> Hotmail and Yahoo wi
On Mon, Oct 19, 2009 at 12:25:02AM -0700, Paul Ferguson wrote:
> I'm wondering -- through watching this thread -- if people actually think
> spam is the biggest threat we face on the Internet?
Precisely. I'm appalled the most of a decade after the zombie problem
was reasonably well-understood, th
On Sat, Oct 17, 2009 at 07:41:46AM -0700, ch...@blask.org wrote:
> IMHO, a sender-authentication system that runs over SMTP and allows at
> least *some* mail to be highly-verifiable as known-good - and that was
> easy to adopt at the user level - could spread like wild fire and drive
> adoption and
Problem solved.
http://blogs.pcmag.com/securitywatch/2009/10/president_obama_speaks_of_t
he.php
President Obama has recorded a video encouraging everyone to take
reasonable security precautions with respect to their computers and the
Internet. Surely we will all be inspired, as was the Nobel Peac
>> All such [sender-authentication] systems have *already* been defeated
by The Bad Guys
When was DKIM defeated? It's more fair to say that it never was, and
never will be widely implemented enough to be effective. And by design
it can only be effective in conjunction with reputation and
accre
On Mon, 19 Oct 2009 03:19:57 PDT, ch...@blask.org said:
> Oh, I doubt it. Spam's appeal as a topic of debate is that it is ubiquitous
> and intractable.
Oddly enough, for an "intractable" problem, most sites are managing to deliver
a reasonably acceptable user experience. I have firmly conclud
> Equally appalling (to me, at least) has been the sharp decline in the
> sense of responsibility among network and system operators. [...]
> It is this utter failure of responsibility, this profound negligence,
> that I think is every bit as much a threat as The Bad Guys. [...]
I entirely agre
On 19/10/09 09:00 -0400, der Mouse wrote:
>I now fear that it will take the collapse of the current Internet
>governance structure to do any good; fixing it is looking less and less
>likely - less likely for every day that passes with total apparent
>inaction (total lack of effect, that is, as far
> --
>
> Message: 10
> Date: Mon, 19 Oct 2009 08:41:46 -0400
> From: "Larry Seltzer"
> Subject: Re: [funsec] Public Policy and Consumer ISP Hygiene(was
> Comcastpop-ups)
> To:
> Message-ID:
> <9b9e7ea67e1b1342b2d25f3fd1b3293002d43...@be35.exg3.exghost.
-- On Mon, 10/19/09, valdis.kletni...@vt.edu wrote:
> Oddly enough, for an "intractable" problem, most sites are
> managing to deliver a reasonably acceptable user experience.
By the definition "not easily relieved or cured" it remains intractable for
providers, though most users can mostly i
On Mon, 19 Oct 2009 10:51:10 PDT, ch...@blask.org said:
> -- On Mon, 10/19/09, valdis.kletni...@vt.edu wrote:
>
> > Oddly enough, for an "intractable" problem, most sites are
> > managing to deliver a reasonably acceptable user experience.
>
> By the definition "not easily relieved or cured" i
>> I now fear that it will take the collapse of the current Internet
>> governance structure to do any good; fixing it is looking less and
>> less likely - less likely for every day that passes with total
>> apparent inaction (total lack of effect, that is, as far as I can
>> see) by the current to
On Mon, 19 Oct 2009 15:03:24 EDT, der Mouse said:
> I don't really know the structure of the top of the pyramid. My
> impression is that the IANA and/or IAB would have to be the entity to
> impose responsibility when it delegates authority, but ICBW - whom is
> it the RIRs and domain registrars c
On Oct 19, 2009, at 12:25 AM, Paul Ferguson wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On Mon, Oct 19, 2009 at 12:05 AM, Dan White wrote:
>
>> If email isn't fixed (by replacing SMTP), then I'm afraid it'll wane
>> through attrition, and be relegated to a corporate messaging sys
--- On Mon, 10/19/09, Rich Kulawiec wrote:
> You're not getting it.
As far as dealing with pre-infected machines, a strong-auth that required the
user to do something (like swipe a finger) prior to using email could stamp a
message as being highly likely as having come from a human and therefo
Thanks, I think many of the list readers were not aware.
The first one is registered to ThePlanet.com.
Maybe these are campaign sites etc.
Juha-Matti
Kane Lightowler [kaneli...@gmail.com] kirjoitti:
> Also http://www.kasperskykb.com on 30th September
>
> http://www.zone-h.org/mirror/id/9705246
> Address space assignments start at the IANA, but they basically farm
> out an entire /8 at a time to the regional RIR authorities (RIPE in
> Europe, APNIC in the Pacific Rim, and ARIN in US/North America), who
> then give out /16's or so to companies. However, they do *NOT*,
> repeat *NOT* do an
+1
Would you resend this peace on a regular basis.
-rick
valdis.kletni...@vt.edu wrote:
> On Mon, 19 Oct 2009 10:51:10 PDT, ch...@blask.org said:
>> -- On Mon, 10/19/09, valdis.kletni...@vt.edu wrote:
>>
>>> Oddly enough, for an "intractable" problem, most sites are
>>> managing to deliver a r
On Mon, Oct 19, 2009 at 01:07:16PM -0700, ch...@blask.org wrote:
> As far as dealing with pre-infected machines, a strong-auth that
> required the user to do something (like swipe a finger) prior to using
> email could stamp a message as being highly likely as having come from
> a human and therefo
Larry Seltzer to Rich Kulawiec:
> >> All such [sender-authentication] systems have *already* been defeated
> by The Bad Guys
>
> When was DKIM defeated? It's more fair to say that it never was, and
> never will be widely implemented enough to be effective. And by design
> it can only be effec
Rich Kulawiec wrote:
[lots of good stuff snipped]
> It is this utter failure of responsibility, this profound negligence,
> that I think is every bit as much a threat as The Bad Guys. It allows
> them to operate with impunity, since they know that any action will
> very likely be slow, ineffectiv
ch...@blask.org wrote:
<<..>>
> IMHO, a sender-authentication system that runs over SMTP and allows at
> least *some* mail to be highly-verifiable as known-good - and that was
> easy to adopt at the user level - could spread like wild fire and drive
> adoption and refinement thereby reducing the v
In my more cynical moods, I tell people it's a good thing that our
irrelevance largely matches our incompetence.
On Oct 19, 2009, at 3:29 PM, Paul M. Moriarty wrote:
> On Oct 19, 2009, at 12:25 AM, Paul Ferguson wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA1
>>
>> On Mon, Oct 19,
--- On Mon, 10/19/09, Nick FitzGerald wrote:
> U -- given the huge number of compromised client machines out
> there, and the multiplier of each such machine giving up N email
> account details (ISP, work or school, free webmail, one for most IM
> services the user is registered with, etc,
29 matches
Mail list logo
