[Asrg] Email Postage (was Re: FeedBack loops)
Barry Shein
bzs at world.std.com
Sun Nov 16 14:14:38 PST 2008
On November 15, 2008 at 21:40 rsk at gsp.org (Rich Kulawiec) wrote:
> On Sat, Nov 15, 2008 at 08:07:34PM -0500, Barry Shein wrote:
> > I see. You haven't the slightest idea how such a system might work
> > (first paragraph), but you're very certain about its flaws (second
> > paragraph).
>
> Yes, I'm quite certain. I don't *need* to know the details of how such
> a system might work in order to recognize that the current security
> situation will allow it to be undercut the moment abusers decide
> it's worth their time and trouble.
Wow, what a globally negative attitude. Maybe this needs addressing?
As far as I know SSL hasn't been cracked directly. There's been quite
a bit of social engineering (e.g., phishing) but that's not quite what
I'd call "cracked" and although some progress can and will be made on
that it's still kinda like letting someone in your house because they
claim they're from the gas company w/o checking credentials carefully.
So anything as hardened as web SSL certs is probably a
counter-example, no?
I suppose it leads to what level of success can be considered
reasonable progress?
For example, a lot of spam is designed to get by spamassassin and its
bayesian filters, but that does that mean spamassassin and bayesian
filters should be abandoned, or should never have happened?
--
-Barry Shein
The World | bzs at TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD | Login: Nationwide
Software Tool & Die | Public Access Internet | SINCE 1989 *oo*
More information about the Asrg
mailing list