On Sat, 27 Nov 2004 14:14:59 -0500, Larry Seltzer
<larry(_at_)larryseltzer(_dot_)com> wrote:
Here was the specific context to which I was responding:
they might even send out email using the user's own email
account and/or email client.
Swen does that. Really.
No, it doesn't.
[snip]
tml) Swen uses the username and password to check the POP3 account for
copies of itself.
There it goes, POP-before-SMTP (PBS) defeated. Those who are still
sticking to PBS, guess it's about time they switch to SMTP AUTH.
How would a worm work if everyone had SMTP AUTH? It would either have to
use a social engineering trick like Swen does with the MAPI32 dialog -
and there's no evidence that there's a big problem with people filling
out that form - or it would have to find the cached account credentials
in the registry and use them.
It could sniff the outgoing traffic to get the SMTP AUTH pass (not
sure how though??) as almost nobody uses TLS/SSL to encrypt SMTP
traffic.
Regards,
Zia
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg