lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <871080DEC5874D41B4E3AFC5C400611E03F60BA5@UTDEVS02.campus.ad.utdallas.edu>
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: Swen Really Sucks

> -----Original Message-----
> From: Joe Stewart [mailto:jstewart@...hq.com] 
> Sent: Wednesday, September 24, 2003 7:50 AM
> To: jasonc@...ence.org; full-disclosure@...ts.netsys.com
> Cc: secure@...rosoft.com
> Subject: Re: [Full-Disclosure] Swen Really Sucks
> 
> The "From" or Return-Path address specified by the MAIL FROM: 
> transaction in the SMTP session is the real email address of the 
> infected user, or at least is what they entered on the fake 
> MAPI dialog 
> that Swen uses to get that information.
> 
Please tell me you don't believe this is true.  If you know anything
about SMTP you know that the MAIL FROM: can be anything you want it to
be.  And Swen certainly forges the sender, as the hundreds of bounces I
get will testify.  There is *nothing* in an SMTP transaction that you
can rely on except the headers *if* you know how to read headers.  If
you don't, even those will fool you.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ