On 08/26/2014 07:53 AM, Dan McAllister wrote:
The _SMTP AUTH credential provided_ was *mrb...@theppjgroup.com* -- so
if someone's been hacked, it's Mr. Blue himself!
I thought I looked for this, but I obviously missed it. Indeed, the
account as being abused.
<rant>
Having this information (the full login ID) in the message headers is a
security vulnerability in my mind. While convenient for tracking this
sort of thing down, it also provides a valid account name for anyone who
is interested in cracking accounts. While many if not most email users
use the same string for their account name email address, this is by
convention more so than any sort of requirement. I'd like to see this
practice change, so the originating account ID is not so public. That
way email practices can be made even more secure. Not only would
crackers need to obtain the password for the account, they would also
need to work at obtaining the account ID. If an administrator needed to
see which account was used to originate an email, it'd be simple enough
to use the message ID to interrogate the logs, which would still have
the detail of the account used to authenticate. What I don't know is
what the RFC(s) have to say regarding this bit of data. Anyone care to
look it up? (I need to get to my full time gig now, otherwise I would.)
</rant>
Thanks Dan (and everyone else)!
--
-Eric 'shubes'
---------------------------------------------------------------------
To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com