PaulDotCom mailing list archives

Spoofing emails

From: jim.halfpenny at gmail.com (Jim Halfpenny)
Date: Fri, 15 May 2009 18:45:11 +0100

I do remember one email-spoofing incident with an infosec angle. Once upon a
time I wanted access to a server room and went to the security desk to get
the key. I was not named on the list of peeps allowed access to the key and
was told that an email from one of the named parties would do the trick. I
went to the desk of said namee only to find them out to lunch, but with
their workstation unlocked. A quick email later and I had the key. OK, I
didn't spoof the mail but I'm sure if I did the result would have been the
same.

Here's an example of physical and people security let down because email was
used as a trusted medium for handing out permission. Even with cool PKI you
still have to beware of the unlocked workstation scenario.

Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090515/816d1ad9/attachment.htm

Current thread:

Spoofing emails, (continued)
- - - Spoofing emails Russell Butturini (May 11)
    - Spoofing emails Robin Wood (May 11)
    - Spoofing emails Noah (May 13)
    - Spoofing emails Jason Wood (May 13)
    - Spoofing emails Jim Halfpenny (May 14)
    - Spoofing emails Robin Wood (May 14)
    - Spoofing emails Jason Wood (May 14)
    - Spoofing emails Jim Halfpenny (May 14)
    - Spoofing emails Sam Buhlig (May 14)
    - Spoofing emails d4ncingd4n at gmail.com (May 14)
    - Spoofing emails Jim Halfpenny (May 15)
    - Spoofing emails Jack Daniel (May 15)
  - Spoofing emails natron (May 15)
    - Spoofing emails John Miller (May 15)
    - Spoofing emails natron (May 17)