oss-sec mailing list archives
Re: spoofing of local email sender via a homoglyph attack
From: "Stuart D. Gathman" <stuart () gathman org>
Date: Thu, 23 Apr 2020 12:33:34 -0400
On Thu, 2020-04-23 at 17:32 +0300, PromiseLabs Pentest Research wrote:
is that it could be used to advance a social-engineer attack into tricking the recipients believing that they are getting an email from a high-level position at the company. It's related to the from header.
This is not really job of postfix to block. It is trivial to block internationalized local mail in a milter (note: I maintain pymilter) - or just refuse to create non-ascii mailboxes. You don't even need utf- 8 for this attack - the infamous Arial font makes homoglyphs like lBM (which looks exactly like IBM in Arial) possible, and email localpart is case sensitive. So I also recommend forcing all local mailboxes to be all lower case. (Some businesses force to all upper case instead.) If anything, this is a security bug in the *font* (which the term homoglyph implies), and the CVE should specify the problematic font or fonts.
Current thread:
- spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Jeremy Stanley (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack John Haxby (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack PromiseLabs Pentest Research (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Wietse Venema (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Solar Designer (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Claus Assmann (Apr 23)
- Re: spoofing of local email sender via a homoglyph attack Stuart D. Gathman (Apr 23)