Path: utzoo!attcan!uunet!husc6!bloom-beacon!gatech!ukma!nrl-cmf!ames!killer!tness7!texbell!ssbn!carpet!bill
From: bill@carpet.WLK.COM (Bill Kennedy)
Newsgroups: comp.mail.uucp
Subject: Re: problems with att multiple-machine approach?
Message-ID: <164@carpet.WLK.COM>
Date: 1 Oct 88 05:07:39 GMT
References: <1988Sep23.105347.652@lsuc.uucp> <2300@att.ATT.COM> <1988Sep29.210829.29073@lsuc.uucp>
Reply-To: bill@ssbn.WLK.COM (Bill Kennedy)
Distribution: na
Organization: W.L. Kennedy Jr & Associates, Pipe Creek, TX
Lines: 26

In article <1988Sep29.210829.29073@lsuc.uucp> dave@lsuc.uucp (David Sherman) writes:
>In article <2300@att.ATT.COM>, jhc@att.ATT.COM (Jonathan Hawbrook-Clark) writes:
[ Jonathan's remarks ... ]

[ David's remarks, followed by David's remarks that I'm following up ]

>Of course, you'd no longer have the cuteness of running uucico
>on your dialup lines instead of getty.  I must admit I was a bit
>startled when I first saw the L.sys entry for calling att (there's
>no login mechanism at all, you just dial and connect).

Now hold on here for just a minute.  This suggests that the att gateways
operate just like ihnp4 used to, i.e.  any site on earth with something
to say can call in and it will be said (even if it's to /dev/null).  This
makes a lot of sense from the standpoint of collecting as much att mail
and news as possible, but it makes no sense whatsoever from a security
point of view.

Admittedly, "there's no login mechanism at all", but I thought there was at
lease a verification of Shere.  Perhaps Jonathan's (deleted) remarks about
any site being able to masquerade as any other apply, but just *any* site who
wants to shovel into att can call and do it?  If that's so, I need to crawl
back into my shell and watch my toenails grow.
-- 
Bill Kennedy  Internet:  bill@ssbn.WLK.COM
                Usenet:  { killer | att | rutgers | uunet!bigtex }!ssbn!bill