On 28-mei-04, at 15:06, John Stracke wrote:
(I've yet to see a proposal that works if the spammers start
utilizing zombie machines that snarf the already-stored credentials
of the user to send mail)....
The question is whether spammers can obtain new credentials (stolen
or otherwise) faster than others can blacklist them.
And, if you had actually read the message you replied to, you would
have realized that the answer is yes.
I don't see why.
Send out a worm that makes N zombies, have each zombie send one
message under the local user's credentials, and none of them will get
blacklisted.
That makes the number of spam messages received by an email user (on
average) equal to the number of email users divided by the number of
systems vulnerable to becoming a zombie. So one spam a day/week/month
or so = a lot better than the current situation.
Don't assume that the high level of vulnerability we're seeing today
will remain the same in the future. (It will remain > 0 though.) There
was a time when desktop systems would completely crash regularly
because badly written software would take down the whole system.
Software quality isn't beter these days, but desktop operating systems
are now able to protect the system against most software errors. I'm
sure we'll see similar developments in the area of security. Zone Alarm
(network access restricted on a per-application basis) and the MacOS
keychain system (access to passwords and certificates restricted on a
per-application basis) are the way of the future.
--
"Every computer sold in the US is safe by default. It is powered off,
disconnected, in a factory sealed box" - Sean Donelan, on NANOG
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf