Autor: Ian A B Eiloart Data: A: David Wilson CC: Exim Users List Assumpte: Re: [Exim] Yahoo DomainKeys...
--On Sunday, May 23, 2004 1:02 am +0100 David Wilson <dw@???>
wrote:
> On Wed, May 19, 2004 at 11:54:12AM +0100, Ian A B Eiloart wrote:
>
>> > I had a closer look at it this morning. I assume spammers will be
>> > able to factorize RSA384 in less than a week. (Let's assume 1000 MIPS
>> > years being necessary, a modern PC CPU does about 8000 MIPS, 20 PCs
>> > -- this is today and a rather conservative calculation). This would
>> > require daily rekeying, which is impracticle.
>
>> Of course, if they just go out and hijack a couple of thousand third
>> party PCs, they should be able to do this in minutes.
>
> I think a fairly major point could be added to the topic of all these
> hijacked computers - if a spammer has access to a few thousand client
> PCs, operating through a "next generation" Internet worm, what is to
> stop them from just sending their e-mail using any detected e-mail
> accounts accessible using that client PC?
Just that they'd need a password to access the account, I suppose.
On a mac, that would mean the program would need to be granted access to
the keychain - and the user would have to be asked about that. Still, lots
might just click "yes".
I don't know about PCs.
> That wouldn't be difficult to do - even for webmail accounts accessed
> via the computer. It completely bypasses DomainKeys (by operating
> 'legitimately' within it), and takes the battleground right back to
> where we started.
>
>
> David.
