Bugtraq mailing list archives
Re: Is predictable spam filtering a vulnerability?
From: Ilya Sher <ilya79 () actcom net il>
Date: Thu, 17 Jun 2004 11:21:46 +0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 R Armiento wrote: | During a recent email conversation with several participants, we discovered that the email service of one participant silently dropped legitimate emails that happened to contain certain combinations of words common in spam. I believe this sort of filter is common practice, and in fact even in place for some of my own email addresses. | | However, this experience made me think: isn't predictable spam filtering in general a vulnerability that could be used as a hoax device? Since most users reply to an email citing the complete source email, including filter-offending words, it should be possible to keep a reply, forward, or even a whole thread, under the radar of specific recipients. If used in combination with forged replies from addresses predictably dropping emails, I think this may be a dangerous tool for social engineering. | | For example: attacker 'A' sends 'B' a social engineering request for "the secret plans" and says "if you are unsure, forward my request to your boss and ask if this is okay". 'B' forwards the email to his boss 'C' and asks "Is this okay?". However, 'C':s spam filter silently drops the email. 'A' forges a reply from 'C' saying: "Sure, no problem, go ahead." | | Regards, | R. Armiento | | Interesting idea. That might be problematic if the originator doesn't intercept the letter to boss as it may contain some important data for faking the boss's answer - -- Ilya Sher: 3A4A 810C 1C81 79F3 A8C6 2545 90FD 6114 F730 0680 Rules: UNIX,UTF-8,Lisp,S-exps,Encryption,OSS,VIM,Gnome Sucks: M$,XML,Morons on the web -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFA0VSakP1hFPcwBoARApNYAKCT2vjCpSd7GL30qbXiAGaySvTsTwCgk1Jj BiwFRjU/rRRMrrjeCbnt6aI= =9G+O -----END PGP SIGNATURE-----
Current thread:
- Re: Is predictable spam filtering a vulnerability?, (continued)
- Re: Is predictable spam filtering a vulnerability? Luca Berra (Jun 22)
- Re: Is predictable spam filtering a vulnerability? Sean Straw / PSE (Jun 24)
- Re: Is predictable spam filtering a vulnerability? John Fitzgibbon (Jun 24)
- Re: Is predictable spam filtering a vulnerability? Sean Straw / PSE (Jun 25)
- Re: Is predictable spam filtering a vulnerability? The Fungi (Jun 25)
- Re: Is predictable spam filtering a vulnerability? Luca Berra (Jun 22)
- Re: Is predictable spam filtering a vulnerability? Valdis . Kletnieks (Jun 24)
- Re: Is predictable spam filtering a vulnerability? Michael A. Dickerson (Jun 24)
- Message not available
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Sean Straw / PSE (Jun 24)
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages) der Mouse (Jun 25)
- Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Seth Breidbart (Jun 25)
- Re: Is predictable spam filtering a vulnerability? Crispin Cowan (Jun 22)
- [OT] Safe spam filtering methods (was: Is predictable spam filtering a vulnerability?) The Fungi (Jun 22)
- Re: Is predictable spam filtering a vulnerability? Phil Barnett (Jun 23)