| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Aug 2004 12:43:57 -0700 From: Skip Carter <skip@...geta.com> To: "Nick D." <ndebaggis@...izon.net> Cc: bugtraq@...urityfocus.com Subject: Re: SpecificMAIL Technical Brief > SpecificMAIL Outlook Spam Filter Technical Brief > > July 22, 2004; August 10, 2004 > > SpecificMAIL (www.specificmail.com) is a free Outlook / Outlook > Express spam filter that utilizes a proprietary online spam database > to help keep your inbox clean of spam. SpecificMAIL is much more > than a spam filter; initial tests show that SpecificMAIL should be > classified as spyware/adware. SpecificMAILÂs EULA and privacy policy > In the following email, a message was sent to the user of >SpecificMAIL (customer@) from the mock address onlinebank@. The > 6e 74 3a 20 4d 6f 7a 69 6c 6c 61 2f 33 2e 30 20 nt: Mozilla/3.0 > 28 63 6f 6d 70 61 74 69 62 6c 65 29 0d 0a 48 6f (compatible)..Ho > 73 74 3a 20 77 77 77 2e 73 70 65 63 69 66 69 63 st: www.specific > 6d 61 69 6c 2e 63 6f 6d 0d 0a 41 75 74 68 6f 72 mail.com..Author > 69 7a 61 74 69 6f 6e 3a 20 42 61 73 69 63 20 63 ization: Basic c > 33 42 6c 59 32 6c 6d 61 57 4e 74 59 57 6c 73 4f 3BlY2lmaWNtYWlsO > 6a 45 79 4d 7a 51 32 4e 51 3d 3d 0d 0a 0d 0a jEyMzQ2NQ==.... Even though the passwords encoded in the HTTP Authorization strings are trivial to decode. The one in THEIR string c3BlY2lmaWNtYWlsOjEyMzQ2NQ== is probably a pretty good indication of a company wide lax attitude about passwords. Skip -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip@...geta.com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940
Powered by blists - more mailing lists