RE: [IMail Forum] Supposed imail vulnerabilities detected.

Dave Marchette citcomm Tue, 18 Jul 2000 16:24:32 -0700
Ya!!He might have done the other clever thing and renamed all of the
services so that the  scanner(or hacker) goes through and wrongly id's them.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of NetQuick Email
Admin
Sent: Tuesday, July 18, 2000 4:02 PM
To: [EMAIL PROTECTED]
Subject: Re: [IMail Forum] Supposed imail vulnerabilities detected.


It would seem to me that as far as the security company that scanned your
system goes;

    If it looks like a duck,
    quacks like a duck,
    and it walks like a duck,
    It may be a dog(?)

Not a good sign for a security company.

----- Original Message -----
From: "Len Conrad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 18, 2000 7:54 AM
Subject: RE: [IMail Forum] Supposed imail vulnerabilities detected.


>
> >Sorry the bit about ftp was wrt a different server (running serv-u)......
>
> which has no reports of compromises, afaik, and Rob seems to respond
> quickly to reports, plus it seems his ftp success for NT4 will carry over
> to W2K, whose ftp isn't reported to be much better than earlier MS ftp
> "innovations".
>
> >To be honest because of their incorrect assumptions it clouds my
judgement
> >on their other recommendations.
>
> They are now assumed incorrect until they prove themselves correct.
>
> >The only thing they have said (which I agree with) is that machines
> >shouldn't announce software versions etc upon user connection i.e. pop3
> >servers should just say +OK and not:
> >+OK X1 NT-POP3 Server myserver.com (IMail 5.08 109091-1)
>
> As you know, there is a big debate about "security through obscurity is no
> security", but that debate's not for here.  If software doesn't announce
> its name/version, it only means the attackers have to take more shots in
> the dark, which could trip a wire.  But obscurity really doesn't stop
them,
> is the assumption.
>
> Sounds like you run a pretty tight ship.
>
> Len
>
>
> http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5  installable binary for NT4
> http://IMGate.MEIway.com:  Build free, hi-perf, anti-spam mail gateways
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
> An Archive of this list is available at:
> http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
>

Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/


Please visit http://www.ipswitch.com/support/mailing-lists.html 
to be removed from this list.

An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
RE: [IMail Forum] Supposed imail vulnerabilities detected.

Reply via email to
