Suresh Ramasubramanian wrote:
> On Fri, Nov 05, 2004 at 09:07:31PM +0530, Ramanraj K wrote:
>
>>Looks like a case of having shot one's bolt. Is the Internet & WWW still
>>largely beta? If "security" of machines depends on short strings that
>
>
> 1. Trojaned windows machines
Could be banned :) or, they could migrate to other more secure systems.
> 2. Mailservers with smtp auth enabled, and default passwords like
demo/demo,
> guest/guest, admin/admin, etc (you'll be surprised how many there are)
> 3. Open proxies (proxy servers that can use http/connect, ftp put,
socks etc
> to proxy smtp requests, and so anonymously proxy spam)
In cases 2 & 3, the sysadmin is more culpable.
> 4. Hijacked ARIN / APNIC etc netblocks (like a company has a large IP
block
> assigned to it, goes out of business but does not return the IPs to
ARIN,
> APNIC or other RIR... so the spammer simply creates a fake letterhead
in the
> name of that company, registers the company's domain which has
expired, and
> thus gains control of that IP space).
Tighter audits and more regular reporting about usage [probably
automated] should avoid any reliance upon fake letterheads and prevent
other kinds of frauds.
-- see http://www.completewhois.com
>
> [etc etc etc]
Thanks for this.
>
>
>>guessing passwords. Imagine bank managers claiming: "Our bank walls and
>>safe vaults are made of straw! By law, it is an offence to touch the
>>straw! Our bank is highly secure". If infallible security is not yet
>
>
> Bah. So if you accidentally leave your keys in your car, and somebody
drives
> off with the car, you wont be able to complain to the police and get
the car
> thief punished? Or if your house door is unlocked, I can just walk
in, help
> myself to beer from your fridge, and then walk out with your TV and
stereo
> deck?
Basically, a fortress needs to be strong on its own strength. If a
fortress falls, it is as much as losing the kingdom, and a new ruler
enters into the picture, and he will make and enforce his own rules.
While a fortess may fall, a car may be stolen, there are no reasons why
these material world metaphors should be carried on to the electronic
medium where it is possible to build fortresses that can never fall, and
cars that can never be stolen. It is a pain to see people being charged
and convicted, and there should be no scope for that atleast on the
Internet and WWW.
