Bugtraq mailing list archives
Re: Is predictable spam filtering a vulnerability?
From: Gadi Evron <ge () linuxbox org>
Date: Thu, 17 Jun 2004 20:55:38 +0200
R Armiento wrote:
During a recent email conversation with several participants, we discovered that the email service of one participant silently dropped legitimate emails that happened to contain certain combinations of words common in spam. I believe this sort of filter is common practice, and in fact even in place for some of my own email addresses.However, this experience made me think: isn't predictable spam filtering in general a vulnerability that could be used as a hoax device? Since most users reply to an email citing the complete source email, including filter-offending words, it should be possible to keep a reply, forward, or even a whole thread, under the radar of specific recipients. If used in combination with forged replies from addresses predictably dropping emails, I think this may be a dangerous tool for social engineering.
Generally, the word 'vulnerability' is attributed to actual flaw in code. Me? I believe that if a software fails to do it's job due to missing a feature or a feature not working correctly, it is indeed a vulnerability, a weakness, or whatever other name you'd like to call it.
Using the word 'vulnerability' for it might not be the best of choices, but it fits.
On the other hand, security products have to keep up with an evolving world. New attacks and ways of circumventing detection show up daily, and products update themselves accordingly. Is it being out-dated or vulnerable for a product to act as you describe?
Maybe there is a time-issue on if and when the product gets updates, or perhaps even if new blocks are required and old products can't be expected to keep up.
Me? I believe that if a product does not keep up-to-date for doing what it claims to do, it is useless. Not vulnerable.
Another good example is virus scanners which do not support unpacking of different PE packers, when nowadays malware gets released and re-released simply re-packed with a different packer, making it undetectable to about half of the current top-products. Sometimes getting a new name while at it for the media to chew on.
A poor choice of wording or plain exaggerations? I suppose that with a missing definitions each person would have to decide for him/herself. Calling it a vulnerability is fine.. but don't complain about the stoning later. :) I didn't.
Gadi Evron.
Current thread:
- Re: Is predictable spam filtering a vulnerability?, (continued)
- Re: Is predictable spam filtering a vulnerability? Sean Straw / PSE (Jun 24)
- Re: Is predictable spam filtering a vulnerability? John Fitzgibbon (Jun 24)
- Re: Is predictable spam filtering a vulnerability? Sean Straw / PSE (Jun 25)
- Re: Is predictable spam filtering a vulnerability? The Fungi (Jun 25)
- Re: Is predictable spam filtering a vulnerability? Valdis . Kletnieks (Jun 24)
- Re: Is predictable spam filtering a vulnerability? Michael A. Dickerson (Jun 24)
- Message not available
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Sean Straw / PSE (Jun 24)
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages) der Mouse (Jun 25)
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Seth Breidbart (Jun 25)
- Re: Is predictable spam filtering a vulnerability? Crispin Cowan (Jun 22)
- [OT] Safe spam filtering methods (was: Is predictable spam filtering a vulnerability?) The Fungi (Jun 22)
- Re: Is predictable spam filtering a vulnerability? Phil Barnett (Jun 23)