Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is predictable spam filtering a vulnerability?

From: Joel Eriksson <je-secfocus () bitnux com>
Date: Thu, 17 Jun 2004 19:27:00 +0200
On Wed, Jun 16, 2004 at 01:26:28PM +0200, R Armiento wrote:
[snip]

For example: attacker 'A' sends 'B' a social engineering request
for "the secret plans" and says "if you are unsure, forward my
request to your boss and ask if this is okay". 'B' forwards the
email to his boss 'C' and asks "Is this okay?". However, 'C':s
spam filter silently drops the email. 'A' forges a reply from
'C' saying: "Sure, no problem, go ahead."


Many will probably discard the above as farfetched or ignore it
since it's not a "real" vulnerability that gives remote root to
the attacker, I think it's beautiful though. :)

Security is a state of mind, a way of thinking. Vulnerabilities
are all around us and the one you point out above is certainly
one of them.


Regards,
R. Armiento


-- 
Best Regards,
   Joel Eriksson
-------------------------------------------------
Cellphone: +46-70 228 64 16 Home: +46-26-10 23 37
Security Research & Systems Development at Bitnux
PGP Key Server pgp.mit.edu, PGP Key ID 0x08811B44
DF38 5806 0EFB 196E E4B6 34B5 4C01 73BB 0881 1B44
-------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: