Re: New types of Trojans coming

Toen wij Robert Arnold kietelden, kwam er dit uit:
> Professional Software Engineering:

>> One solution (until the miscreants decide to rummage PCs looking for
>> login data) is for affected ISPs to start REQUIRING SMTP
>> authentication

> This solution of smtp authentication assumes that creating accounts
> with the given provider is secure against fraudulent signups. If
> fraudulent account signups can be easily scripted/automated, then an
> smtp authenticated server becomes a de facto open relay, since IP
> access from external networks is usually not restricted (and usually
> enhanced via listening on port 587 for access via external networks
> that block port 25).

Important is: SMTP authentication for existing local users.

Access from external networks to the SMTP-server is blocked by most 
ISPs. There is no real need to open it up for smtps.

My ISP is secure against fraudulent signups, so it allows sending 
messages with SSL through port 465. That allows me to use my portable 
PC via external networks, without sending plain passwords over a
stranger's lines.

--

-- 
Grtz, Ruud