Re: Is predictable spam filtering a vulnerability?

[Ilya Sher <ilya79 () actcom net il>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

R Armiento wrote:
| During a recent email conversation with several participants, we
discovered that the email service of one participant silently
dropped legitimate emails that happened to contain certain
combinations of words common in spam. I believe this sort of filter
is common practice, and in fact even in place for some of my own
email addresses.
|
| However, this experience made me think: isn't predictable spam
filtering in general a vulnerability that could be used as a hoax
device? Since most users reply to an email citing the complete
source email, including filter-offending words, it should be
possible to keep a reply, forward, or even a whole thread, under the
radar of specific recipients. If used in combination with forged
replies from addresses predictably dropping emails, I think this may
be a dangerous tool for social engineering.
|
| For example: attacker 'A' sends 'B' a social engineering request
for "the secret plans" and says "if you are unsure, forward my
request to your boss and ask if this is okay". 'B' forwards the
email to his boss 'C' and asks "Is this okay?". However, 'C':s spam
filter silently drops the email. 'A' forges a reply from 'C' saying:
"Sure, no problem, go ahead."
|
| Regards,
| R. Armiento
|
|

Interesting idea.

That might be problematic if the originator doesn't intercept the
letter to boss as it may contain some important data for
faking the boss's answer

- --
Ilya Sher: 3A4A 810C 1C81 79F3 A8C6  2545 90FD 6114 F730 0680
Rules: UNIX,UTF-8,Lisp,S-exps,Encryption,OSS,VIM,Gnome
Sucks: M$,XML,Morons on the web
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFA0VSakP1hFPcwBoARApNYAKCT2vjCpSd7GL30qbXiAGaySvTsTwCgk1Jj
BiwFRjU/rRRMrrjeCbnt6aI=
=9G+O
-----END PGP SIGNATURE-----