Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Spoofing emails
From: jim.halfpenny at gmail.com (Jim Halfpenny)
Date: Fri, 15 May 2009 18:45:11 +0100

I do remember one email-spoofing incident with an infosec angle. Once upon a
time I wanted access to a server room and went to the security desk to get
the key. I was not named on the list of peeps allowed access to the key and
was told that an email from one of the named parties would do the trick. I
went to the desk of said namee only to find them out to lunch, but with
their workstation unlocked. A quick email later and I had the key. OK, I
didn't spoof the mail but I'm sure if I did the result would have been the
same.

Here's an example of physical and people security let down because email was
used as a trusted medium for handing out permission. Even with cool PKI you
still have to beware of the unlocked workstation scenario.

Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090515/816d1ad9/attachment.htm 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]