Comments on: The Old Dog and his Old Tricks (Part I) http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/ Thoughts on Security in an Uncivilized World… Wed, 08 Sep 2010 02:39:08 -0700 hourly 1 http://wordpress.org/?v=3.0.1 By: sjovan http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/comment-page-1/#comment-165 sjovan Tue, 25 Sep 2007 23:14:12 +0000 http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/#comment-165 wow.. and that's how i got that funky mail from @google.com about my banking was insecure and i had to click a realy strange link and stuff. no, i didn't bother clicking the link. realy good articel and you did make a lot of good points :) wow.. and that’s how i got that funky mail from @google.com about my banking was insecure and i had to click a realy strange link and stuff.

no, i didn’t bother clicking the link.

realy good articel and you did make a lot of good points :)

]]> By: Awesome AnDrEw http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/comment-page-1/#comment-153 Awesome AnDrEw Thu, 20 Sep 2007 18:38:56 +0000 http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/#comment-153 EXPN, VRFY, and RCPT TO (as well as the other commands) are classic examples of "questionable" features that exist within the Simple Mail Transfer Protocol. I agree that it's insecure by design, but it is one of those cases where it's both a feature and a bug. 99% of the servers I've tested for relays have them disabled anyway. EXPN, VRFY, and RCPT TO (as well as the other commands) are classic examples of “questionable” features that exist within the Simple Mail Transfer Protocol. I agree that it’s insecure by design, but it is one of those cases where it’s both a feature and a bug. 99% of the servers I’ve tested for relays have them disabled anyway.

]]> By: Nathan McFeters http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/comment-page-1/#comment-152 Nathan McFeters Thu, 20 Sep 2007 16:57:30 +0000 http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/#comment-152 It's funny... we've gotten so into spam filters and layer 7 firewalls and blah blah, blah blah, blah blah that we've forgotten some of these crazy week protocols. It’s funny… we’ve gotten so into spam filters and layer 7 firewalls and blah blah, blah blah, blah blah that we’ve forgotten some of these crazy week protocols.

]]> By: xssniper http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/comment-page-1/#comment-151 xssniper Thu, 20 Sep 2007 01:35:13 +0000 http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/#comment-151 @ /trash I couldn't agree with you more! This isn't relay or a vulnerability with Googles SMTP servers, it's simply the way SMTP was DESIGNED to work. The whole point of the post was to talk about how SMTP and other protocols are inherently insecure by design... BK @ /trash

I couldn’t agree with you more! This isn’t relay or a vulnerability with Googles SMTP servers, it’s simply the way SMTP was DESIGNED to work. The whole point of the post was to talk about how SMTP and other protocols are inherently insecure by design…

BK

]]> By: /trash http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/comment-page-1/#comment-150 /trash Wed, 19 Sep 2007 19:53:30 +0000 http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/#comment-150 Some Google system with MTA is configured to believe form source address. In fact, they don't care if the sender address comes from the sender domain. This is not a relaying. This situation is acceptable by new RFCs about SMTP. SMTP protocol MUST be "reviewed" but that is another problem. Some Google system with MTA is configured to believe form source address. In fact, they don’t care if the sender address comes from the sender domain. This is not a relaying. This situation is acceptable by new RFCs about SMTP. SMTP protocol MUST be “reviewed” but that is another problem.

]]> By: /nul http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/comment-page-1/#comment-149 /nul Tue, 18 Sep 2007 19:42:47 +0000 http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/#comment-149 Billy, I'm *not* begging for the SMTP address at all. It's just that I thought Google already disabled relaying (since it got public) and then just to make clear not all Google SMTP servers are affected. On a side note: it's always nice to watch "old school" stuff rising again :) Billy, I’m *not* begging for the SMTP address at all. It’s just that I thought Google already disabled relaying (since it got public) and then just to make clear not all Google SMTP servers are affected. On a side note: it’s always nice to watch “old school” stuff rising again :)

]]> By: xssniper http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/comment-page-1/#comment-148 xssniper Tue, 18 Sep 2007 19:16:46 +0000 http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/#comment-148 @ /nul - I'm not going to give you the address of the SMTP server I used... but smtp.google.com is NOT it..... @ /nul – I’m not going to give you the address of the SMTP server I used… but smtp.google.com is NOT it…..

]]> By: rcarter http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/comment-page-1/#comment-147 rcarter Tue, 18 Sep 2007 18:27:51 +0000 http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/#comment-147 I guess we always need to keep in mind how protocols work and the "features" they have. Nice find. I guess we always need to keep in mind how protocols work and the “features” they have. Nice find.

]]> By: /nul http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/comment-page-1/#comment-146 /nul Tue, 18 Sep 2007 18:09:54 +0000 http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/#comment-146 I've tried smtp.google.com. Relaying disabled: http://shrani.si/f/2T/o2/RggjRFa/smtp.png I’ve tried smtp.google.com. Relaying disabled:

http://shrani.si/f/2T/o2/RggjRFa/smtp.png

]]> By: xssniper http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/comment-page-1/#comment-145 xssniper Tue, 18 Sep 2007 17:49:49 +0000 http://xs-sniper.com/blog/2007/09/18/the-old-dog-and-his-old-tricks-part-i/#comment-145 Actually... the SMTP server I used in the example still works.... Actually… the SMTP server I used in the example still works….

]]>