Owen DeLong wrote:
The issue is the increasingly high percentage of internet connections
which are
becoming broken. So far, the only "justification" for this behavior
posted is the
inability of the folks in Redmond to deliver non-broken software such
that a large
enough fraction of portable machines are able to "credential hijack"
from stored
credentials on the machine and impersonate the operator while botted.
I really don't get it. While I understand with tcp/25 blocking, there is
absolutely no reason to block tcp/587. If credential's are being hijacked, it is
the responsiblity of the MSA server to close the door. There's nothing to say
those credentials weren't blasted to an irc server or a web script somewhere and
the actual usage of them will be from some other random location on the net.
Jack Bates
