In comp.lang.java.programmer Mike Meyer <[EMAIL PROTECTED]> wrote or quoted: > Tim Tyler <[EMAIL PROTECTED]> writes: > > In comp.lang.java.programmer Mike Meyer <[EMAIL PROTECTED]> wrote or quoted: > >> Roedy Green <[EMAIL PROTECTED]> writes:
> >> > Read my essay. > >> > http://mindprod.com/projects.html/mailreadernewsreader.html > >> > > >> > I talk around those problems. > >> > >> Virus writers will love the ability to change peoples address books > >> remotely. > > > > Since - in Roedy's essay - messages are digitally signed, authority > > to advise about any email address updates would presumably be confined > > to those people with access to the sender's private key. > > It's not confined to just people - software can do this as well. In > particular, you should expect that the users mail agent will have to > have access to the key, so it can automatically send out the change of > address notice when the user changes their address (it actually needs > it to send any mail). Viruses regularly make users mail agents do > thing. "Change my address" becomes much more entertaining when that > triggers sending out change of addresses notices to everyone in the > address book. More likely, though, there'll be an API for getting the > key so that users can change mail agents without invalidating the > public key that everyone they correspond with has for them, and the > virus will just use that API. Viruses can mail out change of address messages to everyone in the compromised machine's address book today. Of course, viruses don't bother doing that - since it's stupid and pointless. If you've compromised someone's machine there are typically lots more rewarding things to do with it than spoof change-of-address notices. Top of the cracker's list seems to be: * Attack organisations; * Relay spam; * Attempt to compromise other machines; -- __________ |im |yler http://timtyler.org/ [EMAIL PROTECTED] Remove lock to reply. -- http://mail.python.org/mailman/listinfo/python-list
