lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 17 Jun 2004 11:21:46 +0300
From: Ilya Sher <ilya79@...com.net.il>
To: rar_bt@...iento.se
Cc: bugtraq@...urityfocus.com
Subject: Re: Is predictable spam filtering a vulnerability?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

R Armiento wrote:
| During a recent email conversation with several participants, we
discovered that the email service of one participant silently
dropped legitimate emails that happened to contain certain
combinations of words common in spam. I believe this sort of filter
is common practice, and in fact even in place for some of my own
email addresses.
|
| However, this experience made me think: isn't predictable spam
filtering in general a vulnerability that could be used as a hoax
device? Since most users reply to an email citing the complete
source email, including filter-offending words, it should be
possible to keep a reply, forward, or even a whole thread, under the
radar of specific recipients. If used in combination with forged
replies from addresses predictably dropping emails, I think this may
be a dangerous tool for social engineering.
|
| For example: attacker 'A' sends 'B' a social engineering request
for "the secret plans" and says "if you are unsure, forward my
request to your boss and ask if this is okay". 'B' forwards the
email to his boss 'C' and asks "Is this okay?". However, 'C':s spam
filter silently drops the email. 'A' forges a reply from 'C' saying:
"Sure, no problem, go ahead."
|
| Regards,
| R. Armiento
|
|

Interesting idea.

That might be problematic if the originator doesn't intercept the
letter to boss as it may contain some important data for
faking the boss's answer

- --
Ilya Sher: 3A4A 810C 1C81 79F3 A8C6  2545 90FD 6114 F730 0680
Rules: UNIX,UTF-8,Lisp,S-exps,Encryption,OSS,VIM,Gnome
Sucks: M$,XML,Morons on the web
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA0VSakP1hFPcwBoARApNYAKCT2vjCpSd7GL30qbXiAGaySvTsTwCgk1Jj
BiwFRjU/rRRMrrjeCbnt6aI=
=9G+O
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ