RE: Privacy leak in VeriSign's SiteFinder service #2
What's more, the old MTA was just a dupe - it would return set responses
regardless of what was passed to it. As can be seen from the following
example posted to the IETF list:
----------snip---------
220 snubby2-wceast Snubby Mail Rejector Daemon v1.3 ready
blah
250 OK
blah
250 OK
blah
550 User domain does not exist.
blh
250 OK
blah
221 snubby2-wceast Snubby Mail Rejector Daemon v1.3 closing transmission
channel
----------snip---------
As of Tuesday 16th September the MTA was replaced for a more RFC-compliant
one.
There's been an interesting discussion on this subject on the IETF list for
the last couple of weeks, based around Verisign initiating a wildcard A
record for the .com and .net zones. I don't want to repeat the discussion
here, but it makes interesting reading for some background on this issue.
Regards
Matt Rudge
Technical Director
Hegarty Computer Services
http://www.hcs.ie
-----Original Message-----
From: Marco Ivaldi [mailto:raptor@xxxxxxxxxxxxxxx]
Sent: 24 September 2003 20:01
To: Mark Coleman
Cc: Richard M. Smith; BUGTRAQ@SECURITYFOCUS. COM;
incidents@xxxxxxxxxxxxxxxxx
Subject: Re: Privacy leak in VeriSign's SiteFinder service #2
Moreover, they're still working on this SMTP server. Just one week ago,
they were running another Postfix-like MTA, with completely different
behaviour:
8< snip >8
What if Verisign is planning to open more similar TCP/IP services on that
host? What if they're going to further modify the existing ones, to better
invade individuals' privacy?
:raptor
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707