personally, I'm glad SOMEONE can go on vacation. have a nice trip cbradley, we'll miss
you. we'll be reminided of you everytime someone posts, I imagine. thanks!
probaly more annoying than anything else, Mike. stuff like this will happen, without a
moderator. and theres that pesky subject, again...
On Sat, Aug 07, 1999 at 12:55:42PM -0400, Michael H. Warfield wrote:
> Is it just me or does this seem to be a really BAD security problem?
>
> I've added postmasters at da001-srvmal01.arcommunications.net,
> arcommunications.net, and arcmail.com just in case...
>
> [EMAIL PROTECTED] enscribed thusly:
> > ----- The following is an automated response to your message
> > ----- generated on behalf of [EMAIL PROTECTED]
> >
> > Thanks for the mail. I'm on vacation until Monday, August 16, 1999.
> > --Chris
>
> Well thanks for letting a major security list (probably inhabited
> by more than a few with less than your best interest in mind) know that you
> are going to be away from your account for over a week.
>
> Let's see now. We know what your account name is likely to be.
> We know the system you expect mail to come into. We know the system
> the mail appears to have originated on (and the Received-By headers gives
> us a clue as to what kind of system as well as it's name and IP address).
> Plus we know the next major mail server, which is likely to be your
> outgoing mail hub. With a little digging, a real enterprising individual
> might track down a real address to go with that name.
>
> If you are lame enough to hit a mailing list and announce that your
> account will be unmonitored and vulnerable for the next week, you are
> probably lame enough to use some poor password, so it may even be possible
> to brute force your account on one or more of those system.
>
> Tell you what... Next time you are on vacation, be sure to put the
> fact on your answering system "my house will be vacant for the next week"
> and maybe take out an add in a few newsletters somewhere to insure really
> good coverage for the fact that you accounts and premises are wide open
> and unwatched...
>
> Mike
> --
> Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
> (The Mad Wizard) | (770) 925-8248 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
--
"Death to the demon Mark Luntzel! Death to the evil vi!" -fn
<sax> ./configure --work-or-i-keel-you
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
