[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

why IPv6 isn't ready for prime time, SMTP edition

Subject: why IPv6 isn't ready for prime time, SMTP edition
From: lowen at pari.edu (Lamar Owen)
Date: Wed, 26 Mar 2014 15:56:23 -0400
In-reply-to: <[email protected]>
References: <[email protected]>

On 03/26/2014 02:59 PM, Valdis.Kletnieks at vt.edu wrote:
> You *do* realize that the OS vendor can't really do much about users 
> who click on stuff they shouldn't, or reply to phishing emails, or 
> most of the other ways people *actually* get pwned these days? Hint: 
> Microsoft *tried* to fix this with UAC. The users rioted. 
Yep, I do realize that and I do remember the UAC 'riots.'  But the OS 
vendor can make links that are clicked run in a sandbox and make said 
sandbox robust.  A user clicking on an e-mail link should not be able to 
pwn the system.  Period.

Most of the phishing e-mails I've sent don't have a valid reply-to, 
from, or return-path; replying to them is effectively impossible, and 
the linked/attached/inlined payload is the attack vector.

Follow-Ups:
- why IPv6 isn't ready for prime time, SMTP edition
  - From: lowen at pari.edu (Lamar Owen)

References:
- why IPv6 isn't ready for prime time, SMTP edition
  - From: johnl at iecc.com (John Levine)
- why IPv6 isn't ready for prime time, SMTP edition
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)

Prev by Date: why IPv6 isn't ready for prime time, SMTP edition
Next by Date: why IPv6 isn't ready for prime time, SMTP edition
Previous by thread: why IPv6 isn't ready for prime time, SMTP edition
Next by thread: why IPv6 isn't ready for prime time, SMTP edition
Index(es):
- Date
- Thread