[unisog] Phishing targeting University Admissions

Eric Pancer epancer at security.depaul.edu
Thu Jun 17 01:20:54 GMT 2004


Valdis.Kletnieks at vt.edu wrote on Wed, 2004-06-16 at 11:02:12 -0400...

> which is going to trigger so many spam and malware filters it isn't funny.
> 
> Also, you get into all the mess of actually putting the file on a web server -
> until such time as "copy the file to the server, set an expiration date, get
> the URL, put that URL into the mail" is as easy as "CLick to attach a file",
> users will NOT use it.
> 
> It's also sub-optimal for power users and road warriors - currently, I run some
> 900 pieces of mail a day, and they all basically get POP'ed off our mail
> server.  If I had to go contact the *original* servers for everything, I'd be
> waiting a LOT longer for it all to come down (think timeouts here).  Also, it
> *really* sucks when you download your mail just before you get on the plane -
> and discover 15 mins into the flight that you got a URL not an attachment...
> 
> Other than all THOSE, there's nothing wrong with it. :)
> 

An effort has been in place for a number of years to get this type
of system in place, for ALL mail.

Check out the Internet Mail 2000 project page. The project seems
rather defunct, but it addresses the requirements that folks have
been discussing in this thread, and isn't all too bad (given the
direction we are going with filters filtering so much mail, etc).

<http://cr.yp.to/im2000.html>

-- 
Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer at security.depaul.edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3




More information about the unisog mailing list