use Perl

• Auth won't work (Score:2)

  by Matts (1087) on 2003.10.16 9:23 (#24922) Journal

  Two reasons auth won't work. Firstly that Ralsky is going around cracking SMTP AUTH servers because of weak passwords - you can enforce AUTH all you like but you can't enforce strong passwords.
  
  So you switch to keys, right? Well no, in the long term that won't work either. Witness the Swem virus - it prompts users for their username, password and SMTP servers and users *gladly* put that info in!

  Reply to This

  • Re:Auth won't work (Score:1)

    by iburrell (4155)

    Bad security on user computers is one reason I think authenticating the servers is more important than clients.

    Not to mention that is easier to deploy to the servers instead of forcing every client to upgrade their software.

    When money is involved, the users would have an incentive to keep their accounts secure. If a breakin into an account results in a $100 charge and email being disabled for the rest of the month, then people might take the security seriously.

    The involvement of money and more rob
    • Re:Auth won't work (Score:2)

      by Matts (1087)

      It all comes down to cost at the end of the day.
      
      Make sure all servers are authenticated. Great. No problem.
      
      Make sure all clients are neither spammers, nor insecure. Not an easy problem.
      
      It takes large amounts of resources in terms of abuse desk costs, and support costs (if you shut down 200,000 users at an ISP because they run infected versions of windows, how much do you think that will cost in terms of support? Think 1 hour on the phone to each customer). And you have to offer that support because peopl