| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: chows at ozemail.com.au (Gregh) Subject: Mcafee Spamkiller 5 spam filter bypass This one reported to Mcafee a short time ago, this day. They don't see it as a bug, however. Enter a valid name into your FRIENDS list. Say "John" (john@...s.site.com) is the entry. Now put an entry in ACCEPTING email from any email address where the received line has a certain phrase in it. Eg, you may wish to put "Netsys" for example. Now, any email that comes in with the name "John" so long as it has "Netsys" in received will be accepted not because of the presence of "Netsys" but will be received and accepted by Spamkiller 5 and marked as having come from john@...s.site.com even when the John in question will be a totally different From address. So what does this mean? If spammers can figure out a way to insert the letter "a" into your accepted rules and keep on sending FROM names (not from ADDRESSES) using the same name as one already in your friends list, you can bypass spamkiller's other entries entirely, thus making it totally useless. Now as most Western hemisphere people know a person called "John" or "Joan" and as most people don't supply surnames with their first name in email, all it is going to take for Spamkiller to be bypassed is for spammers to figure out how to insert a rule into spamkiller 5 accepting any email that has a RECEIVED line with the letter "a" in it and make sure that they have a spoofed RECEIVED with that letter in it. So please tell me - if anyone knows - why the HELL pay for Spamkiller when it is so easy to bypass? Damned if I know why I did, now! Greg.
Powered by blists - more mailing lists