PaulDotCom mailing list archives
Spoofing emails
From: jim.halfpenny at gmail.com (Jim Halfpenny)
Date: Fri, 15 May 2009 18:45:11 +0100
I do remember one email-spoofing incident with an infosec angle. Once upon a time I wanted access to a server room and went to the security desk to get the key. I was not named on the list of peeps allowed access to the key and was told that an email from one of the named parties would do the trick. I went to the desk of said namee only to find them out to lunch, but with their workstation unlocked. A quick email later and I had the key. OK, I didn't spoof the mail but I'm sure if I did the result would have been the same. Here's an example of physical and people security let down because email was used as a trusted medium for handing out permission. Even with cool PKI you still have to beware of the unlocked workstation scenario. Jim -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090515/816d1ad9/attachment.htm
Current thread:
- Spoofing emails, (continued)
- Spoofing emails Russell Butturini (May 11)
- Spoofing emails Robin Wood (May 11)
- Spoofing emails Noah (May 13)
- Spoofing emails Jason Wood (May 13)
- Spoofing emails Jim Halfpenny (May 14)
- Spoofing emails Robin Wood (May 14)
- Spoofing emails Jason Wood (May 14)
- Spoofing emails Jim Halfpenny (May 14)
- Spoofing emails Sam Buhlig (May 14)
- Spoofing emails d4ncingd4n at gmail.com (May 14)
- Spoofing emails Jim Halfpenny (May 15)
- Spoofing emails Jack Daniel (May 15)
- Spoofing emails John Miller (May 15)
- Spoofing emails natron (May 17)