[Subject changed as per posting guidelines, was "Exploits for identity".
Mod.]
Tom Bartel wrote:
What does the group think about formmail (cgi script) exploits relative
to new/modified technology to stem spam.
I just worked with someone whose simple "contact us" web form was
exploited in a slightly more advanced way than the classic formmail.pl
exploit.
Bottom line is, spammer had unfettered access, sending mail from a
machine whose identity would have passed "authorization" or "identity"
verification.
I think the solutions that are evolving here have great merit, and
progress is evident - but this event reminded me about the scourge of
spammers out there and their willingness to misuse any system or
available component.
Is this type of misuse appropriate to consider in a technology change,
or is it better left to legal enforcement under unauthorized
use/access/etc. laws?
Thx.
Tom Bartel
303.642.4104
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.555 / Virus Database: 347 - Release Date: 12/23/2003
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
-------
Yakov Shafranovich / asrg <at> shaftek.org
SolidMatrix Technologies, Inc. / research <at> solidmatrix.com
"Power tends to corrupt, and absolute power corrupts absolutely" (Lord
Acton)
-------
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg