Jargons of Info Tech industry
Tim Tyler
tim at tt1lock.org
Wed Oct 12 17:46:12 EDT 2005
More information about the Python-list mailing list
Wed Oct 12 17:46:12 EDT 2005
- Previous message (by thread): Jargons of Info Tech industry
- Next message (by thread): Jargons of Info Tech industry
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In comp.lang.java.programmer Mike Meyer <mwm at mired.org> wrote or quoted: > Tim Tyler <tim at tt1lock.org> writes: > > In comp.lang.java.programmer Mike Meyer <mwm at mired.org> wrote or quoted: > >> Roedy Green <my_email_is_posted_on_my_website at munged.invalid> writes: > >> > Read my essay. > >> > http://mindprod.com/projects.html/mailreadernewsreader.html > >> > > >> > I talk around those problems. > >> > >> Virus writers will love the ability to change peoples address books > >> remotely. > > > > Since - in Roedy's essay - messages are digitally signed, authority > > to advise about any email address updates would presumably be confined > > to those people with access to the sender's private key. > > It's not confined to just people - software can do this as well. In > particular, you should expect that the users mail agent will have to > have access to the key, so it can automatically send out the change of > address notice when the user changes their address (it actually needs > it to send any mail). Viruses regularly make users mail agents do > thing. "Change my address" becomes much more entertaining when that > triggers sending out change of addresses notices to everyone in the > address book. More likely, though, there'll be an API for getting the > key so that users can change mail agents without invalidating the > public key that everyone they correspond with has for them, and the > virus will just use that API. Viruses can mail out change of address messages to everyone in the compromised machine's address book today. Of course, viruses don't bother doing that - since it's stupid and pointless. If you've compromised someone's machine there are typically lots more rewarding things to do with it than spoof change-of-address notices. Top of the cracker's list seems to be: * Attack organisations; * Relay spam; * Attempt to compromise other machines; -- __________ |im |yler http://timtyler.org/ tim at tt1lock.org Remove lock to reply.
- Previous message (by thread): Jargons of Info Tech industry
- Next message (by thread): Jargons of Info Tech industry
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-list mailing list