Re: heads up ... another imapd attack source

[Dave Crocker <dcrocker () brandenburg com>]

At 11:09 AM 12/15/98 -0800, Roeland M.J. Meyer wrote:
> > this means that any user who is traveling, and happens to try to get their
> > mail while accessing from a .edu site won't be able to pick it up.
>
> Only if they are accessing mail on MHSC systems, from an *.EDU dial-up.

That's right.  Only an MHSC customer.

> There are other dial-up options and MHSC has direct dial-up ports
> available. Also, we do allow VPN tunnels from *.EDU, but only to directed
> hosts with no routing and on advanced arrangement. The user that does so,
> does it under our TOS and AUP.

If they know enough detail "ahead of time".  Hence they are prevented from
the benefit of opportunistic access.

> > since imap popularity is growing, lack of imap service is also problematic.
>
> It's balance of problems. We consider the rootkit risk more severe than the
> loss of business from *.EDU sites. We have secure POP3 and Web-based (SSL)

It isn't a question of loss of business from a .edu site.  It is a question
of loss of business from an MHSC customer who is traveling.

d/

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Dave Crocker                                       Tel: +60 (19) 3299 445
<mailto:dcrocker () brandenburg com>             Post Office Box 296, U.P.M.
                                         Serdang, Selangor 43400 MALAYSIA
Brandenburg Consulting                                          
<http://www.brandenburg.com>                       Tel: +1 (408) 246 8253
Fax: +1(408)273 6464              675 Spruce Dr., Sunnyvale, CA 94086 USA