Re: Student Charged with Breaking Into Roommate's E-Mail Account (26 February 2004)

["Bruhn, Mark S." <mbruhn () INDIANA EDU>]

Gotcha.  I didn't read that carefully enough.  I was thinking of users
logging into their email accounts.

We are now blocking outbound smtp at our network borders, and requiring
authenticated smtp to our external relays for many of our subnets with
the rest coming under this requirement on March 9th.  (I think I got
that description  right...)

M.

-- 
Mark S. Bruhn, CISSP, CISM

Chief IT Security and Policy Officer
Associate Director, Center for Applied Cybersecurity Research
(http://cacr.iu.edu)

Office of the Vice President for Information Technology and CIO
Indiana University
812-855-0326

Incidents involving IU IT resources: it-incident () iu edu
Complaints/kudos about OVPIT/UITS services: itombuds () iu edu




-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of David L. Wasley
Sent: Thursday, March 04, 2004 5:11 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Student Charged with Breaking Into Roommate's
E-Mail Account (26 February 2004)


"... the majority of mail servers still do not require authentication
      of users sending mail ..."
      ^^^^^^^^^^^^^^^^^^^^^
      | | | | | | | | | | |

We don't.  Some sites use SMTP-Auth or the like...

        David

-----
At 4:25 PM -0500 on 3/4/04, Bruhn, Mark S. wrote:

> "...the majority of mail servers still do not require
authentication..."
> Where??

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.