lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040617172700.GA21370@eip.bitnux.com>
Date: Thu, 17 Jun 2004 19:27:00 +0200
From: Joel Eriksson <je-secfocus@...nux.com>
To: R Armiento <rar_bt@...iento.se>
Cc: bugtraq@...urityfocus.com
Subject: Re: Is predictable spam filtering a vulnerability?


On Wed, Jun 16, 2004 at 01:26:28PM +0200, R Armiento wrote:
[snip]
> For example: attacker 'A' sends 'B' a social engineering request
> for "the secret plans" and says "if you are unsure, forward my
> request to your boss and ask if this is okay". 'B' forwards the
> email to his boss 'C' and asks "Is this okay?". However, 'C':s
> spam filter silently drops the email. 'A' forges a reply from
> 'C' saying: "Sure, no problem, go ahead."

Many will probably discard the above as farfetched or ignore it
since it's not a "real" vulnerability that gives remote root to
the attacker, I think it's beautiful though. :)

Security is a state of mind, a way of thinking. Vulnerabilities
are all around us and the one you point out above is certainly
one of them.

> Regards,
> R. Armiento

-- 
Best Regards,
   Joel Eriksson
-------------------------------------------------
Cellphone: +46-70 228 64 16 Home: +46-26-10 23 37
Security Research & Systems Development at Bitnux
PGP Key Server pgp.mit.edu, PGP Key ID 0x08811B44
DF38 5806 0EFB 196E E4B6 34B5 4C01 73BB 0881 1B44
-------------------------------------------------


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ