[Esa-l] Anyone have a comprehensive webmail URI list?

John D. Hardin jhardin at impsec.org
Sat Aug 25 20:08:41 PDT 2001


On Sat, 25 Aug 2001, Matt Hallmark wrote:

> Anonymous proxy server, IP address surfing, remote control (VNC,
> PCAnywhere), it's just not containable.  Limit me to port 80
> outbound only?  I'll setup a ssh tunnel to my house and surf via
> that.

...and any lock can be picked, or cut apart, or blown open, or simply
bypassed. None of this is intended to make it impossible, or to stop
someone who is determined and technically capable. It is meant to make
casual use of webmail services difficult and thus discourage casual
(or ignorant) disregard of stated security policy. That's good enough
for me.

Question: would you set up your ssh tunnel if your company's security
policy stated you'd be fired if it was discovered?

<nit>
You're not likely to be infected at work running a mail client at home
via VNC...
</nit>

--
 John Hardin KA7OHZ   ICQ#15735746   http://www.wolfenet.com/~jhardin/
 jhardin at impsec.org        pgpk -a finger://gonzo.wolfenet.com/jhardin
  768: 0x41EA94F5 - A3 0C 5B C2 EF 0D 2C E5  E9 BF C8 33 A7 A9 CE 76 
 1024: 0xB8732E79 - 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  In 1998 more than three times as many people in the US were killed
  by incompetent physicians than were killed by handguns, yet the
  President of the A.M.A. is adopting "gun safety" as his platform.
-----------------------------------------------------------------------
   1165 days until the Presidential Election



More information about the esd-l mailing list