To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.nntpOpen lugnet.admin.nntp in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / NNTP / 846 (-20)
  Re: E-mail authentication during posting
 
Hello Ross, hello everybody, (...) Can one of you set me straight: I assume the attacker has no access to my email account. How could he, then, automate an email reply I have to send in order to make my post valid? As for a minimum amount of (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
 
  Re: Email Authentication - Why not make it optional?
 
(...) Maybe we should take this offline to dig in further on cracking but I see this as really hard to crack. If you have some ideas on how to crack it, I suggest you send them directly to Todd so he can see if there's some angle he overlooked. I (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: Email Authentication - Why not make it optional?
 
(...) 8?) But life will be miserable if the earthquake hits with little or no warning. (...) So in other words, one annoying person has effectively forced many others to put up with an unnecessary (until now) inconvenience. I also use the web, and (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: Email Authentication - Why not make it optional?
 
(...) It was hurricane season so a seawall was what was needed. If and when there is an earthquake likely that would be the time to do things to earthquake proof. (...) They should consider switching to the web mechanism or putting up with the (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: Email Authentication - Why not make it optional?
 
(...) I hate to say it, but... me too. I was very happy to see Todd put the new security features in place. Obviously no change will please everyone, but I think some action had to be taken. Thanks, Todd! -Marc Nelson Jr. (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: Email Authentication - Why not make it optional?
 
(...) Shiri, This *doesn't* solve the problem for people who don't have access to a browser to authenticate their posts. It also doesn't solve the problem of people who compose a bunch of posts off-line, then dial-up to send them. These people now (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: Email Authentication - Why not make it optional?
 
Well, It sounds like the problem was a lot more widespread than I thought. Perhaps these "bad" people weren't posting in groups I frequented. Anyhow, it sounds like the security stuff is here to stay and will probably get more intrusive rather than (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: Email Authentication - Why not make it optional?
 
Brad, Please note that most people here don't like to post "me too" posts. Usually the people who agree to what a post says will remain silent, while the objecting parties will be a lot more vocal. I think that a great number of people are (...) (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: Email Authentication - Why not make it optional?
 
(...) But a seawall's not gonna help you against an earthquake... (...) ...if you use the web to post. Most of the people complaining use email or a newsreader to post, for which there's no way to "log on". ROSCO (23 years ago, 20-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: Email Authentication - Why not make it optional?
 
(...) Until said clone (or someone else) finds another way around it. (...) I enjoyed my time on Lugnet even when the clone was having fun - I just ignored the posts (mostly). (...) I also use the web to post 99% of the time, but I'm still not (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: Email Authentication - Why not make it optional?
 
Amen to you Brad. I've just gotten onto LUGNET, and it's an absolute hassle to post because of the e-mail authentication. As to how anybody could like this is absolutely bizarre to me, it is time consuming and for the most part unecessary to 99% of (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: E-mail authentication during posting
 
I'm agreeing too.. This kind of authentication is bothering me.... ---> Less messages... "r2" <lego@r2eng.com> schrieb im Newsbeitrag news:GF5CCF.9vH@lugnet.com... (...) and (...) in (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
 
  Re: Email Authentication - Why not make it optional?
 
(...) Likewise. I'm happy to see the authentication system implemented. It's been one of my longest-standing concerns about LUGNET's security, and frankly, I'm surprised we've gone as long as we have without it. (...) Yeah, that. I'm not sure what (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: Email Authentication - Why not make it optional?
 
(...) Well allow me to say that I am glad that Todd implemented this measure. Mostly because since it has been implemented, we have gotten rid of the annoying clone. And it will continue to help LUGNET remain a very nice friendly place that I (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Email Authentication - Why not make it optional?
 
This email authentication is driving me nuts! A lot of people were already timid about posting and now its going to be worse. Since this has happened, I've seen one reply of the nature "Great - I'm so happy you did this!" post and a huge number of (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp, lugnet.general)
 
  Re: E-mail authentication during posting
 
(...) I'm not either -- at least not as something that can be relied upon for everyone. (...) Ya, it's fine for short-term login things when mixed with a password, but HTTP proxy servers really complicate the equation. Basically you can't trust the (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
 
  Re: E-mail authentication during posting
 
(...) Inline authentication is used with success in some mailing list packages for moderating lists, but what worries me most about inline authentication is how easy it would be to accidentally cc someone when posting via e-mail (for example, if you (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
 
  Re: E-mail authentication during posting
 
(...) you can't have the server scan for the users password in the message, since passwords arn't usually saved anywhere on the server at all. So to check for the password, each word, or combination of chars actually (since space can be part of the (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
 
  Re: E-mail authentication during posting
 
(...) Some tricks could be played to make it more secure. One would be to scan the message for the user's password and if it found it, but it didn't seem to be part of an authenticator, bounce the message. It could also use a fuzzy match for the (...) (23 years ago, 19-Jun-01, to lugnet.admin.nntp)
 
  Re: E-mail authentication during posting
 
(...) Not to mention the fact that many businesses and ISP's (Roadrunner for one) use DHCP so peoples IP's can and do change from day to day. I agree with Jake in his view that IP based authentication just won't work. Eric Kingsley (23 years ago, 19-Jun-01, to lugnet.admin.nntp)


Next Page:  5 more | 10 more | 20 more

Redisplay Messages:  All | Compact

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR