lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <FC3D3810639AD311B207009027D3A60F0A553D5D@MISSOURI>
From: eric at intraspect.com (Eric Wagner)
Subject: Improving E-mail security...

Sounds interesting, though sending and receiving relays aren't always the
same.

--E

-----Original Message-----
From: Bengt Ruusunen [mailto:bengtij@...mail.com]
Sent: Tuesday, August 26, 2003 4:15 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Improving E-mail security...


Hello,

As everybody knows that recent viruses spread via sending spoofed 'sender 
address'.

fex.

I am a person 'someone@...eone.com' and got so called 'return mail' from 
'someone@...eiving.organisation.com' telling that mail sent by me (which I 
never sent in a first place) cannot be delivered. Obviously containg 
somekind malware as an attachment.

This kind of 'spread method' could easily stopped if the mail servers 
include some kind of fingerprint to the passing E-mail.

If the return mail (mail receiver server checks this against an private key 
or something) does not contain an fingerprint then the returned mail should 
not be delivered 'back to the sender'.

Rather clever way to counterfeit the sender address, it might double the 
infection if the bounce to the 'sender' leads to infection.

Now, what this kind of 'hardening' might need is...

- E-mail receiving server could check that 'very first original' From: line 
and if it is same than the receiver address ie. 'someone@...eone.com'

Perform an check to see if the 'sender identification' ie. salted public 
key, GUID or something (X-Authenticated-Guid: #0a845d299ca340087140) exists 
in mail header.

Delivery should be done only if an 'sender identification' exist and the key

matches.

Otherwise mail should be trashed to dev/null :)

Waiting for comments and succestions...

_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. 
http://join.msn.com/?page=features/virus

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


------------------------
This message is part of a discussion named:
Full-Disclosure
and can be found at:
http://mindshare.intraspect.com/gm/message-1.24.1466530



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030826/6c394c07/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ