|
Bugtraq
mailing list archives
Re: Is predictable spam filtering a vulnerability?
From: krispykringle () gentoo org
Date: Thu, 17 Jun 2004 13:04:55 -0400
Very interesting proposition, but I can't think of any real advantage here. In the hypothetical scenario, could the
attacker not simply send an email purportedly from the boss to begin with saying, ``please forward the secret plans to
attacker () hijackeddomain com''? For that matter, isn't it likely that a recipient in such a poorly run system with
such little regard for reading headers (and I don't delude myself that this is uncommon) would not notice if an
attacker were to send an e-mail with a from address boss () company tld but a reply-to of hax0r ()
istealcreditcardnumbers com? In other words, the specific ``exploit'' here is not the spam filter so much as the
ignorance of the victim.
Anywho, it seems most decent spam filters have whitelisting; bigcheese () company com is unlikely to filter out
servileMBA () company com, even if the e-mail does contain the key words. The spam filter is usually not applied to
legitimate known-good e-mail addresses.
Interesting discussion nonetheless.
Dan
On Wed, Jun 16, 2004 at 01:26:28PM +0200, R Armiento wrote:
During a recent email conversation with several participants, we discovered that the email service of one participant
silently dropped legitimate emails that happened to contain certain combinations of words common in spam. I believe
this sort of filter is common practice, and in fact even in place for some of my own email addresses.
However, this experience made me think: isn't predictable spam filtering in general a vulnerability that could be
used as a hoax device? Since most users reply to an email citing the complete source email, including
filter-offending words, it should be possible to keep a reply, forward, or even a whole thread, under the radar of
specific recipients. If used in combination with forged replies from addresses predictably dropping emails, I think
this may be a dangerous tool for social engineering.
For example: attacker 'A' sends 'B' a social engineering request for "the secret plans" and says "if you are unsure,
forward my request to your boss and ask if this is okay". 'B' forwards the email to his boss 'C' and asks "Is this
okay?". However, 'C':s spam filter silently drops the email. 'A' forges a reply from 'C' saying: "Sure, no problem,
go ahead."
Regards,
R. Armiento
 By Date 
By Thread
Current thread:
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages), (continued)
Re: Is predictable spam filtering a vulnerability? Ilya Sher (Jun 18)
Re: Is predictable spam filtering a vulnerability? Gadi Evron (Jun 19)
Re: Is predictable spam filtering a vulnerability? krispykringle (Jun 21)
RE: Is predictable spam filtering a vulnerability? Romulo M. Cholewa (Jun 19)
RE: Is predictable spam filtering a vulnerability? Andrew Hunter (Jun 19)
|
Intro
