Archive of UserLand's first discussion group, started October 5, 1998.
Re: Network Solutions: Big Security Goof!
Author: Fredrik Lundh Posted: 9/17/1999; 1:34:26 AM Topic: Network Solutions: Big Security Goof! Msg #: 11202 (In response to 11145) Prev/Next: 11201 / 11204
Here's the scary part -- someone who has recognized this pattern and tried it can now masquerade as YOU.
as slashdot has already realized, if this scares you, you're in for a big surprise. a few observations:
1) this is just another mail provider, so these accounts have names like 'firstname.lastname@example.org'. and note that if they hadn't made you this offer, anyone could have grabbed a similar mail address.
2) there are thousands of free mail providers out there. anyone can get himself a 'email@example.com' address and read mail sent to that address. if this can cause trouble for you, you should either start using PGP or something similar, or stay off the net.
3) anyone with his own domain can of course do the same.
4) and finally anyone can masquerade as YOU simply by reconfiguring their mailer -- sendmail doesn't care, and according to the spec, it shouldn't.
the NSI folks have surely goofed, but calling this a "big security problem" is to cry wolf. if it was, the net would have broken down years ago.
This page was archived on 6/13/2001; 4:52:42 PM.
© Copyright 1998-2001 UserLand Software, Inc.