To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.nntpOpen lugnet.admin.nntp in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / NNTP / 844
843  |  845
Subject: 
Re: Email Authentication - Why not make it optional?
Newsgroups: 
lugnet.admin.nntp, lugnet.general
Date: 
Wed, 20 Jun 2001 05:46:39 GMT
Viewed: 
1252 times
  
In lugnet.admin.nntp, Larry Pieniazek writes:
In lugnet.admin.nntp, Ross Crawford writes:
In lugnet.admin.nntp, Lindsay Frederick Braun writes:
  Right.  And it's not isolated--ask any of the few people who
  actually frequent the entire server, and they'll tell you.
  Best not to wait for a full-blown hurricane before installing
  seawalls.

But a seawall's not gonna help you against an earthquake...

It was hurricane season so a seawall was what was needed. If and when there
is an earthquake likely that would be the time to do things to earthquake proof.


8?) But life will be miserable if the earthquake hits with little or no warning.

  Anyways, I'm happy about the development.  The circumstances
  of its implementation are less than pleasant, but it's no big
  hassle and a welcome sense of security.  (And another reason to
  register--log in and authentication isn't necessary!)

...if you use the web to post. Most of the people complaining use email or a
newsreader to post, for which there's no way to "log on".

They should consider switching to the web mechanism or putting up with the
inconvenience, while Todd, who I feel is extremely clever, and who said he
was thinking about ways to help, comes up with mechanisms to ameliorate
their plight. Not that I think it's much of a plight, actually, but then I
use the web interface exclusively now, while I am logged in, so for me it is
zero impact except perhaps a slightly longer time to post (not that I have
actually seen it, I suspect it adds milliseconds at most).

So in other words, one annoying person has effectively forced many others to
put up with an unnecessary (until now) inconvenience.

I also use the web, and so am unaffected. And I know Todd is looking for
ways to ameliorate the plight of those who don't. I just can't help but feel
that anything which makes it easier for legitimate users also makes it
easier for others, and reduces the effectiveness of the solution.

And the current method seems quite hard to break. I don't want to kick off a
lot of speculation about how to defeat it but I'm pretty satisfied that it
would be very difficult to defeat unless the spoofer has access to the email
account of the person he is spoofing, or unless the spoofer has access to
the password of a member. (and you may recall now that I complained
vociferously that the password algorithm was rejecting all my easy passwords
and only allowing hard to crack ones. Guess what? I was wrong about that. I
am glad the password algorithm that filters out new passwords as insecure is
as picky as it is... )

I think you underestimate the ingenuity of these people, and the amount of
free time they have on their hands.

Regards

ROSCO



Message has 2 Replies:
  Re: Email Authentication - Why not make it optional?
 
(...) Maybe we should take this offline to dig in further on cracking but I see this as really hard to crack. If you have some ideas on how to crack it, I suggest you send them directly to Todd so he can see if there's some angle he overlooked. I (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
  Re: Email Authentication - Why not make it optional?
 
Hello Ross, hello everybody, (...) Yes, even if you may not like this concept. It has always been that way. Look at how many regulations you have to follow in your life outside the 'net. Most of those are only necessary, because there are also some (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp)

Message is in Reply To:
  Re: Email Authentication - Why not make it optional?
 
(...) It was hurricane season so a seawall was what was needed. If and when there is an earthquake likely that would be the time to do things to earthquake proof. (...) They should consider switching to the web mechanism or putting up with the (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)

42 Messages in This Thread:



















Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR