| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 17 Jun 2004 19:27:00 +0200 From: Joel Eriksson <je-secfocus@...nux.com> To: R Armiento <rar_bt@...iento.se> Cc: bugtraq@...urityfocus.com Subject: Re: Is predictable spam filtering a vulnerability? On Wed, Jun 16, 2004 at 01:26:28PM +0200, R Armiento wrote: [snip] > For example: attacker 'A' sends 'B' a social engineering request > for "the secret plans" and says "if you are unsure, forward my > request to your boss and ask if this is okay". 'B' forwards the > email to his boss 'C' and asks "Is this okay?". However, 'C':s > spam filter silently drops the email. 'A' forges a reply from > 'C' saying: "Sure, no problem, go ahead." Many will probably discard the above as farfetched or ignore it since it's not a "real" vulnerability that gives remote root to the attacker, I think it's beautiful though. :) Security is a state of mind, a way of thinking. Vulnerabilities are all around us and the one you point out above is certainly one of them. > Regards, > R. Armiento -- Best Regards, Joel Eriksson ------------------------------------------------- Cellphone: +46-70 228 64 16 Home: +46-26-10 23 37 Security Research & Systems Development at Bitnux PGP Key Server pgp.mit.edu, PGP Key ID 0x08811B44 DF38 5806 0EFB 196E E4B6 34B5 4C01 73BB 0881 1B44 -------------------------------------------------
Powered by blists - more mailing lists