Bugtraq mailing list archives
Re: Privacy leak in VeriSign's SiteFinder service #2
From: "Diego Bitencourt Contezini" <diego () redesul net>
Date: Wed, 24 Sep 2003 17:05:55 -0300
And if someone try to ddos/attack some host that is not really, for example wlfkqspfqwekalsdkfsdfal.com . They will not can send a judicial process, will? After all, would not be sent to their just to some idiot host that they got.. And, its legally, they match all the hostnames? For example, if cocacola.com, have there cokacola.com, the same sounds equal.. they could to process verysign, no? Any lawyer on the list? On my point of view its not right. Diego B. Contezini (Sorry for my bad english..) ----- Original Message ----- From: "Marco Ivaldi" <raptor () 0xdeadbeef info> To: "Mark Coleman" <markc () uniontown com> Cc: "Richard M. Smith" <rms () computerbytesman com>; "BUGTRAQ@SECURITYFOCUS. COM" <BUGTRAQ () securityfocus com>; <incidents () securityfocus org> Sent: Wednesday, September 24, 2003 4:00 PM Subject: Re: Privacy leak in VeriSign's SiteFinder service #2
On Wed, 24 Sep 2003, Mark Coleman wrote:TELNET YYAAHHOO.COM 25 220 sitefinder.verisign.com VeriSign mail rejector (Postfix) mail from:source () yahoo com 250 Ok rcpt to:user () yyaahhoo com 550 <unknown[198.252.172.254]>: Client host rejected: The domain you are trying to send mail to does not exist. They could (AND SHOULD) REJECT from the initial connection, but instead ALLOW the TO and FROM fields of the SMTP negotiation to happen.Moreover, they're still working on this SMTP server. Just one week ago, they were running another Postfix-like MTA, with completely different behaviour: root@anarch0:~# telnet kjashfjhshghgfddg.com 25 Trying 64.94.110.11... Connected to kjashfjhshghgfddg.com. Escape character is '^]'. 220 snubby1-wcwest Snubby Mail Rejector Daemon v1.3 ready helo foo 250 OK mail from:test () test com 250 OK rcpt to:nospam () 0xdeadbeef info 250 OK data 221 snubby1-wcwest Snubby Mail Rejector Daemon v1.3 closing transmission channelConnection closed by foreign host. What if Verisign is planning to open more similar TCP/IP services on that host? What if they're going to further modify the existing ones, to better invade individuals' privacy? :raptor -- Marco Ivaldi Antifork Research, Inc. http://0xdeadbeef.info/ 3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
Current thread:
- Privacy leak in VeriSign's SiteFinder service Richard M. Smith (Sep 24)
- Privacy leak in VeriSign's SiteFinder service #2 Mark Coleman (Sep 24)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Marco Ivaldi (Sep 24)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Diego Bitencourt Contezini (Sep 24)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Henning Rust (Sep 25)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Niels Bakker (Sep 25)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Marco Ivaldi (Sep 24)
- Re: Privacy leak in VeriSign's SiteFinder service #2 der Mouse (Sep 24)
- Re: Privacy leak in VeriSign's SiteFinder service #2 Hugo van der Kooij (Sep 24)
- Message not available
- Re: Privacy leak in VeriSign's SiteFinder service #2 Timothy J. Biggs (Sep 25)
- Privacy leak in VeriSign's SiteFinder service #2 Mark Coleman (Sep 24)