Previous by Date | Next by Date | Date Index
Previous by Thread | Next by Thread
| Thread Index
| LM_NET
Archive
| |
> > >Netscape is free to schools. You did not pay $400 for the software. My > >guess is that the financial users did pay. So you get what you pay for. I > >find it a great piece of software for free. > > > > Bill, you and I share the same philosophy--TANSTAAFL! (There ain't no such > thing as a free lunch!) That's why Netscape is a better product than > others--because it has commercial support. However, Netscape's basic > features don't change regardless of whether you pay for it or not--I'm a > paying customer, btw. (for a single license I paid $39 for the software > plus $20 for the manual--not bad.) Even more interesting, the > documentation, online or printed, doesn't discuss the security "features" > we've been discussing--the ease with which email can be spoofed, for > example. What's interesting is that Netscape has some excellent security > features--all directed toward commercial transactions. Hmmmm? After all, > once I pay for lunch, I like to get what I ordered. ;-) ;-) Changing Netscape in the way you suggest would be a big mistake. Any one of dozens of publicly available programs can be used for easy e-mail spoofing. For example, the telnet program supplied with any Internet package or host can be used to forge e-mail. Just enter the command: % telnet <hostname> 25 This will connnect you to the raw e-mail port of a host. Just type in your mail message in raw SMTP format. You can make up any mail message and header you want. Therefore, it is a much better forgery technique than Netscape. This is a widely known technique and is documented in at least a half dozen popular books. We have an unusual policy for a commercial Internet service provider in that we offer free access to schools, libraries and other educational institutions and provide discounts to students and educators. This means we get lots of students, especially high school students. I regularly catch students forging e-mail with this technique. Your students know how to forge e-mail this way, even if you don't. By the way, it is only slightly less convienent, and no more complex, to spoof IP addresses, There is no way to "fix" this e-mail security issue without breaking significant features of the Internet. E-mail is transfered by trust and a healthy skepticism towards the authorship of *all* e-mail is necessary. Changing Netscape the way you wish is pointless, since it would still be very easy to spoof e-mail with other programs. The entire architecture of Internet e-mail would have to be re-designed to allow any real security. Further, you would cause useful features to stop working. We provide phantom domains to schools so that educators who use our service can send and recieve e-mail from their school domain without any investment on the school district's part. You would break this feature by not allowing people to change their domain in their "from" address. Commerical transactions over the Internet is a much easier problem, since the designer can control both ends of the conversation: reader and writer. There is no need for backward compatibility. Please stop trashing the reputation of the Netscape developers. You have no evidence to back up your mean spirited accusations. sincerely, fletcher