On Thursday, February 3, 2005, 12:15:20 AM, Len wrote: <snip/>
LC> ... only for this kind of attack. RBL will still be useful for everything LC> they are useful for now. LC> This new criminality could have the very beneficial side effect of forcing LC> ISPs to require that msg submission proceed only after SMTP AUTH, which LC> should have been the mode from day one, and as has been recommended in this LC> forum many time over the years. Though it's not yet been seen broadly, it's only a matter of time before infected machines authenticate. Once hacked, the plaintext of passwords and other security information is only one or two steps away, and often there is a very standard place to look for this data. Don't get me wrong, authentication is a big deal and we should move in that direction IMO, but it's not going to "solve" the problem. For that we still need a broadly deployed, automated means of disconnecting infected systems until their problems are solved. That system will likely be more important than authentication in the end. _M To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
