[Esa-l] Anyone have a comprehensive webmail URI list?

Matt Hallmark matt2413 at yahoo.com
Sat Aug 25 21:04:14 PDT 2001


Your right w/ vnc.  Pcanywhere can be used as a file transfer method,
though.

Most likely I'd not set up a tunnel if my job hung in the balance.
I, however, set the security policy at my company, so I can do as I
please.  Scary isn't it? :)

I understand the goal here.  I, as a technical person see the time
spent attempting to perfect this as a waste.  Any workarounds that
are discovered are sure to be passed around the office.

Example:  I recently brought all my mp3's into work, 35Gig's or so.
I put them on a drive in my box, and created a share.  I gave access
to 3 or 4 people, and left it at that.  Within a week I had ~20
people asking me for access.  I hadn't mentioned it again.  I gave
them all access.  Why?  It's read only, and I'd rather eat 100M
switch bandwidth than plug the T1.

At it's root this is a philosophical discussion.  We can all express
our opinions until we are blue in the face.

PS Thanks for writing a kick ass product.

Matt Hallmark

On Sat, 25 Aug 2001 20:08:41 -0700 (PDT), John D. Hardin wrote:
>On Sat, 25 Aug 2001, Matt Hallmark wrote:
>
>> Anonymous proxy server, IP address surfing, remote control (VNC,
>> PCAnywhere), it's just not containable.  Limit me to port 80
>> outbound only?  I'll setup a ssh tunnel to my house and surf via
>> that.
>
>....and any lock can be picked, or cut apart, or blown open, or
>simply
>bypassed. None of this is intended to make it impossible, or to stop
>someone who is determined and technically capable. It is meant to
>make
>casual use of webmail services difficult and thus discourage casual
>(or ignorant) disregard of stated security policy. That's good
enough
>for me.
>
>Question: would you set up your ssh tunnel if your company's
security
>policy stated you'd be fired if it was discovered?
>
><nit>
>You're not likely to be infected at work running a mail client at
>home
>via VNC...
></nit>
>
>--
> John Hardin KA7OHZ   ICQ#15735746
>http://www.wolfenet.com/~jhardin/
> jhardin at impsec.org        pgpk -a
>finger://gonzo.wolfenet.com/jhardin
> 768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76
> 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873
>2E79
>---------------------------------------------------------------------

>--
> In 1998 more than three times as many people in the US were killed
> by incompetent physicians than were killed by handguns, yet the
> President of the A.M.A. is adopting "gun safety" as his platform.
>---------------------------------------------------------------------

>--
>  1165 days until the Presidential Election
>_______________________________________________
>E-mail Security Announce list mailing list
>E-mail Security Announce list at spconnect.com
>http://www.spconnect.com/mailman/listinfo/esa-l


-- Matt Hallmark, matt2413 at yahoo.com on 08/25/2001



More information about the esd-l mailing list