Jargons of Info Tech industry

[Tim Tyler]

In comp.lang.java.programmer Mike Meyer <mwm at mired.org> wrote or quoted:
> Tim Tyler <tim at tt1lock.org> writes:
> > In comp.lang.java.programmer Mike Meyer <mwm at mired.org> wrote or quoted:
> >> Roedy Green <my_email_is_posted_on_my_website at munged.invalid> writes:

> >> > Read my essay.
> >> > http://mindprod.com/projects.html/mailreadernewsreader.html
> >> >
> >> > I talk around those problems.
> >> 
> >> Virus writers will love the ability to change peoples address books 
> >> remotely.
> >
> > Since - in Roedy's essay - messages are digitally signed, authority
> > to advise about any email address updates would presumably be confined
> > to those people with access to the sender's private key.
> 
> It's not confined to just people - software can do this as well. In
> particular, you should expect that the users mail agent will have to
> have access to the key, so it can automatically send out the change of
> address notice when the user changes their address (it actually needs
> it to send any mail). Viruses regularly make users mail agents do
> thing. "Change my address" becomes much more entertaining when that
> triggers sending out change of addresses notices to everyone in the
> address book. More likely, though, there'll be an API for getting the
> key so that users can change mail agents without invalidating the
> public key that everyone they correspond with has for them, and the
> virus will just use that API.

Viruses can mail out change of address messages to everyone in the
compromised machine's address book today.

Of course, viruses don't bother doing that - since it's stupid and
pointless.

If you've compromised someone's machine there are typically lots more 
rewarding things to do with it than spoof change-of-address notices.

Top of the cracker's list seems to be:

* Attack organisations;
* Relay spam;
* Attempt to compromise other machines;
-- 
__________
 |im |yler  http://timtyler.org/  tim at tt1lock.org  Remove lock to reply.