Re: Some security-related suggestions
Michael D'Errico <Mike@software.com> Wed, 08 June 1994 22:04 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa07876; 8 Jun 94 18:04 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa07872; 8 Jun 94 18:04 EDT
Received: from PO2.ANDREW.CMU.EDU by CNRI.Reston.VA.US id aa15994; 8 Jun 94 18:04 EDT
Received: (from postman@localhost) by po2.andrew.cmu.edu (8.6.7/8.6.6) id SAA22880; Wed, 8 Jun 1994 18:01:18 -0400
Received: via switchmail for ietf-pop3+@andrew.cmu.edu; Wed, 8 Jun 1994 18:01:16 -0400 (EDT)
Received: from po3.andrew.cmu.edu via qmail ID </afs/andrew.cmu.edu/service/mailqs/q003/QF.YhxXxQy00UdbAHZk4U>; Wed, 8 Jun 1994 18:00:00 -0400 (EDT)
Received: from rome.software.com (rome.software.com [198.17.234.2]) by po3.andrew.cmu.edu (8.6.7/8.6.6) with ESMTP id RAA05010 for <ietf-pop3+@andrew.cmu.edu>; Wed, 8 Jun 1994 17:59:50 -0400
Received: from rome (rome.software.com [127.0.0.1]) by rome.software.com with ESMTP id AAA8960 for <ietf-pop3+@andrew.cmu.edu>; Wed, 8 Jun 1994 14:59:47 -0700
To: POP3 IETF Mailing List <ietf-pop3+@andrew.cmu.edu>
Subject: Re: Some security-related suggestions
Date: Wed, 08 Jun 1994 14:59:46 -0700
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Michael D'Errico <Mike@software.com>
Message-ID: <19940608225946.AAA8960@rome.software.com>
John Gardiner Myers <jgm+@CMU.EDU> writes: >Ned Freed <NED@SIGURD.INNOSOFT.COM> writes: >> "Providing an indication of the existence of an account in the absence of >> a proper password lets attackers narrow the search to known accounts, and >> thus represents an increased security risk." > >There are people who still believe this? Attackers can narrow the >search to known accounts by examining the local-parts of addresses in >messages sent from the site. Actually with my POP server, you can have a USER login name that is not related to any of your addresses/aliases. All of my mail goes out as "mike" but I can set up a POP account for me as "2Yhd%0_" if I want.... Michael D'Errico mike@software.com
- Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Ned Freed
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Steve Dorner
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Ned Freed
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Steve Dorner