[govsec] Morris Worm and a Change in Direction

[security curmudgeon]

: True but with a sacrificial lamb, the mail server, and the redundancy of
: a secondary backup server in line this is a literally minor problem

Tell that to the administrator of any system that has had a box
compromised due to a remote vulnerability in their MTA. You are talking
about a service that is exposed to the world, can't block traffic to it
99% of the time, and must receive all incoming mail before it is
processed. That is a set up for a serious vector of attack.

Even if you make an external mail server a 'sacrifical lamb', it would
need a small trust relationship to pass mail to the second mail server and
still presents one route from the big bad internet to the soft chewy
center of a corporate network.

: The reality is that Government can not afford to contract out mail
: services.
:
: Too many whistle blowers would never make contact if they were aware
: that third or fourth parties could read or discuss their knowledge with
: the people they are reporting.

Third, fourth, fifth and eighteenth parties can read the mail usually. Not
only do you have administrators of the various systems the mail is sent
from and ends up on. Then factor in how many hostile parties could be
sniffing traffic at various points of the net.