summaryrefslogtreecommitdiff
path: root/content/entry/siue-unauthenticated-smtp-server.md
diff options
context:
space:
mode:
authorNicholas Johnson <nick@nicholasjohnson.ch>2023-02-14 00:00:00 +0000
committerNicholas Johnson <nick@nicholasjohnson.ch>2023-02-14 00:00:00 +0000
commit8ffcb04f81e9a3ba6340aca2503c1af1641d062af8d76d233a720c42c3dc1f4d (patch)
treea9463650478909c0ab4388f327f18bec96198f43664deb49686aaf76048cac28 /content/entry/siue-unauthenticated-smtp-server.md
parent5795573822b102745c640046b8a2dcafad5ab88ea0d8370e1e66dedf4f1ea149 (diff)
downloadjournal-8ffcb04f81e9a3ba6340aca2503c1af1641d062af8d76d233a720c42c3dc1f4d.tar.gz
journal-8ffcb04f81e9a3ba6340aca2503c1af1641d062af8d76d233a720c42c3dc1f4d.zip
Convert refs: siue-unauthenticated-smtp-server
Diffstat (limited to 'content/entry/siue-unauthenticated-smtp-server.md')
-rw-r--r--content/entry/siue-unauthenticated-smtp-server.md7
1 files changed, 1 insertions, 6 deletions
diff --git a/content/entry/siue-unauthenticated-smtp-server.md b/content/entry/siue-unauthenticated-smtp-server.md
index f4000b3..1eec3dc 100644
--- a/content/entry/siue-unauthenticated-smtp-server.md
+++ b/content/entry/siue-unauthenticated-smtp-server.md
@@ -2,15 +2,10 @@
title: "SIUe Unauthenticated SMTP Server"
date: 2020-09-21T00:00:00
draft: false
-makerefs: false
---
# Email Server
-During my last semester at SIUe[1], one of my professors demonstrated spoofing an email using an unauthenticated SMTP server (smtp.siue.edu) on the university network. I believe the server is still present on the network despite being reported multiple times to IT. It isn't accessible on the public internet, only through the university's network that all students have easy access to. Non-students could also gain access to the network fairly easily while at the university and therefore have access to the email server.
+During my last semester at [SIUe](https://siue.edu), one of my professors demonstrated spoofing an email using an unauthenticated SMTP server (smtp.siue.edu) on the university network. I believe the server is still present on the network despite being reported multiple times to IT. It isn't accessible on the public internet, only through the university's network that all students have easy access to. Non-students could also gain access to the network fairly easily while at the university and therefore have access to the email server.
The email server has no authentication whatsoever. You don't have to offer any credentials to send emails. You can't read others' emails, however. This means you don't even need to be a student to send emails. As a non-student, you can access the email server through Telnet and send emails as any student, professor, faculty or staff member. With that, you can send out emails to any email lists. This unauthenticated server has been present on the network for years according to other students I have talked to.
I hope the server gets taken off the network, but this underscores a larger issue. American colleges and universities are institutions with some of the weakest cybersecurity where you would expect better. This makes them easy targets for hackers. The reason is they don't have strong incentives to do better. Unless having poor cybersecurity is going to lose money, business as usual will continue and unauthenticated email servers will stay online.
-
-
-Link(s):
-[1: https://siue.edu](https://siue.edu)