|
|
BugTraq
Privacy leak in VeriSign's SiteFinder service Sep 23 2003 09:04PM Richard M. Smith (rms computerbytesman com) (2 replies) Privacy leak in VeriSign's SiteFinder service #2 Sep 24 2003 06:00PM Mark Coleman (markc uniontown com) (3 replies) Re: Privacy leak in VeriSign's SiteFinder service #2 Sep 24 2003 07:45PM der Mouse (mouse Rodents Montreal QC CA) (1 replies) Re: Privacy leak in VeriSign's SiteFinder service #2 Sep 24 2003 08:58PM Jay D. Dyson (jdyson treachery net) Re: Privacy leak in VeriSign's SiteFinder service #2 Sep 24 2003 07:26PM Hugo van der Kooij (hvdkooij vanderkooij org) |
|
Privacy Statement |
> TELNET YYAAHHOO.COM 25
>
> 220 sitefinder.verisign.com VeriSign mail rejector (Postfix)
> mail from:source (at) yahoo (dot) com [email concealed]
> 250 Ok
> rcpt to:user (at) yyaahhoo (dot) com [email concealed]
> 550 <unknown[198.252.172.254]>: Client host rejected: The domain you are
> trying
> to send mail to does not exist.
>
> They could (AND SHOULD) REJECT from the initial connection, but instead
> ALLOW the TO and FROM fields of the SMTP negotiation to happen.
Moreover, they're still working on this SMTP server. Just one week ago,
they were running another Postfix-like MTA, with completely different
behaviour:
root@anarch0:~# telnet kjashfjhshghgfddg.com 25
Trying 64.94.110.11...
Connected to kjashfjhshghgfddg.com.
Escape character is '^]'.
220 snubby1-wcwest Snubby Mail Rejector Daemon v1.3 ready
helo foo
250 OK
mail from:test (at) test (dot) com [email concealed]
250 OK
rcpt to:nospam (at) 0xdeadbeef (dot) info [email concealed]
250 OK
data
221 snubby1-wcwest Snubby Mail Rejector Daemon v1.3 closing transmission
channelConnection closed by foreign host.
What if Verisign is planning to open more similar TCP/IP services on that
host? What if they're going to further modify the existing ones, to better
invade individuals' privacy?
:raptor
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
[ reply ]