-----BEGIN PGP SIGNED MESSAGE----- me <uunet!Cloud.Cuckoo.Land!root> writes:
One of the many neat features of PINE is that it allows one to talk to the SMTP server _directly_, bypassing sendmail (and its security checks). What this means is that instead of doing a "telnet xxxx smtp", you can build and configure a PINE client to do it for you, and retain all the nice features. PINE source code is freely available, and does not require root privs to run (any more than it requires root privs to "telnet xxx smtp") [stuff deleted] If that happens, the days of EZ phreaking are over.....
I dunno; if things change such that it's considered normal for users to connect to local or outside SMTP and NNTP ports, that would seem to create an convenient smokescreen/excuse for folks who use those ports for their own (non-approved) ends. It'll be a lot harder to look through a log for unknown connections. See the discussion on comp.dcom.telecom about how difficult it is to provide authentication of cellular phones and fraud prevention, while allowing people to buy new phones easily, roam, and do all of that other stuff that people do. I think the SMTP/NNTP/PINE/whatever stuff is very similar - I think it may prove so difficult to truly authenticate unknown and untraceable users that people will turn to other means for identifying a few trusted machines/people/processes. Public-key crypto, perhaps? :) Security and convenience are basically incompatible; I'm hoping that we opt for convenience. -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLEEIfn3YhjZY3fMNAQGVfwQAoestrAnd168C061KVqb+znRBFNoAIS1k Ic7JtsVxzj9xaFc5v5nKDUgHD4g47ulTyc1jqEFKmUjfqfal5xZVhN+/4wHFaN0v 2gNbYByvd7/QL685+lkGGkFr1ff7qTdWqVk5LV6b4fRyhJcTHIH48x/55QO0Oo3y DYdA6GDuChk= =SOFw -----END PGP SIGNATURE----- -- Greg Broiles greg@goldenbear.com Golden Bear Computer Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764