why IPv6 isn't ready for prime time, SMTP edition

Lamar Owen lowen at pari.edu
Wed Mar 26 19:56:23 UTC 2014


On 03/26/2014 02:59 PM, Valdis.Kletnieks at vt.edu wrote:
> You *do* realize that the OS vendor can't really do much about users 
> who click on stuff they shouldn't, or reply to phishing emails, or 
> most of the other ways people *actually* get pwned these days? Hint: 
> Microsoft *tried* to fix this with UAC. The users rioted. 
Yep, I do realize that and I do remember the UAC 'riots.'  But the OS 
vendor can make links that are clicked run in a sandbox and make said 
sandbox robust.  A user clicking on an e-mail link should not be able to 
pwn the system.  Period.

Most of the phishing e-mails I've sent don't have a valid reply-to, 
from, or return-path; replying to them is effectively impossible, and 
the linked/attached/inlined payload is the attack vector.



More information about the NANOG mailing list