[<prev] [next>] [day] [month] [year] [list]
Message-ID: <200408161943.i7GJhvfd027151@mira.taygeta.com>
Date: Mon, 16 Aug 2004 12:43:57 -0700
From: Skip Carter <skip@...geta.com>
To: "Nick D." <ndebaggis@...izon.net>
Cc: bugtraq@...urityfocus.com
Subject: Re: SpecificMAIL Technical Brief
> SpecificMAIL Outlook Spam Filter Technical Brief
>
> July 22, 2004; August 10, 2004
>
> SpecificMAIL (www.specificmail.com) is a free Outlook / Outlook
> Express spam filter that utilizes a proprietary online spam database
> to help keep your inbox clean of spam. SpecificMAIL is much more
> than a spam filter; initial tests show that SpecificMAIL should be
> classified as spyware/adware. SpecificMAILÂs EULA and privacy policy
> In the following email, a message was sent to the user of
>SpecificMAIL (customer@) from the mock address onlinebank@. The
> 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 33 2e 30 20 nt: Mozilla/3.0
> 28 63 6f 6d 70 61 74 69 62 6c 65 29 0d 0a 48 6f (compatible)..Ho
> 73 74 3a 20 77 77 77 2e 73 70 65 63 69 66 69 63 st: www.specific
> 6d 61 69 6c 2e 63 6f 6d 0d 0a 41 75 74 68 6f 72 mail.com..Author
> 69 7a 61 74 69 6f 6e 3a 20 42 61 73 69 63 20 63 ization: Basic c
> 33 42 6c 59 32 6c 6d 61 57 4e 74 59 57 6c 73 4f 3BlY2lmaWNtYWlsO
> 6a 45 79 4d 7a 51 32 4e 51 3d 3d 0d 0a 0d 0a jEyMzQ2NQ==....
Even though the passwords encoded in the HTTP Authorization strings
are trivial to decode. The one in THEIR string
c3BlY2lmaWNtYWlsOjEyMzQ2NQ== is probably a pretty good indication
of a company wide lax attitude about passwords.
Skip
--
Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647
Taygeta Scientific Inc. INTERNET: skip@...geta.com
1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com
Monterey, CA. 93940
Powered by blists - more mailing lists