Re: Is predictable spam filtering a vulnerability?

From: Ilya Sher (ilya79_at_actcom.net.il)
Date: 06/17/04

  • Next message: infamous41md_at_hotpop.com: "exploiting overflowed kmalloc() memory?" 
    Date: Thu, 17 Jun 2004 11:21:46 +0300
To: rar_bt@armiento.se

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    R Armiento wrote:
    | During a recent email conversation with several participants, we
    discovered that the email service of one participant silently
    dropped legitimate emails that happened to contain certain
    combinations of words common in spam. I believe this sort of filter
    is common practice, and in fact even in place for some of my own
    email addresses.
    |
    | However, this experience made me think: isn't predictable spam
    filtering in general a vulnerability that could be used as a hoax
    device? Since most users reply to an email citing the complete
    source email, including filter-offending words, it should be
    possible to keep a reply, forward, or even a whole thread, under the
    radar of specific recipients. If used in combination with forged
    replies from addresses predictably dropping emails, I think this may
    be a dangerous tool for social engineering.
    |
    | For example: attacker 'A' sends 'B' a social engineering request
    for "the secret plans" and says "if you are unsure, forward my
    request to your boss and ask if this is okay". 'B' forwards the
    email to his boss 'C' and asks "Is this okay?". However, 'C':s spam
    filter silently drops the email. 'A' forges a reply from 'C' saying:
    "Sure, no problem, go ahead."
    |
    | Regards,
    | R. Armiento
    |
    |

    Interesting idea.

    That might be problematic if the originator doesn't intercept the
    letter to boss as it may contain some important data for
    faking the boss's answer

    - --
    Ilya Sher: 3A4A 810C 1C81 79F3 A8C6 2545 90FD 6114 F730 0680
    Rules: UNIX,UTF-8,Lisp,S-exps,Encryption,OSS,VIM,Gnome
    Sucks: M$,XML,Morons on the web
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFA0VSakP1hFPcwBoARApNYAKCT2vjCpSd7GL30qbXiAGaySvTsTwCgk1Jj
    BiwFRjU/rRRMrrjeCbnt6aI=
    =9G+O
    -----END PGP SIGNATURE-----

  • Next message: infamous41md_at_hotpop.com: "exploiting overflowed kmalloc() memory?"

    Relevant Pages

    • Re: Why cant ISPs stop spam/virus ?!
      ... I don't doubt that a small load of well designed spam can pass through. ... You need to get a decent ISP. ... The method of distribution is now thousands of Windows computers, ... You cannot filter by place of origin. ...
      (comp.os.linux.misc)
    • RE: Bystander shot by a spam filter.
      ... Bystander shot by a spam filter. ... bad advice is being mass marketed through the good offices of FreeBSD, ... Spambouncer doesn't like Inflow. ...
      (FreeBSD-Security)
    • Re: Look at these update from M$ Corporation.
      ... a mass scale which results in the complete breakdown of communication without ... few samples for the filters to learn that this is spam and that is not. ... because you're posting tripe to mailing lists with a needless Reply-To set ... samples of what I don't want and feeding them to the filter when the show up. ...
      (Debian-User)
    • Re: OT: writing resumes with VT100 for a Lisp job
      ... The more spam a user gets, the less likely he'll be to notice one ... There's a very simple way any spammer can defeat such a filter: ... it would not be enough for spammers to make ... Bubby We Need Your PERMISSI0N ...
      (comp.lang.lisp)
    • Re: porn email
      ... A good proxy spam filter should add a tag ... If the "Subject:" tag is [spam], then you can create a single ... > delete folder. ... Spammers know that people try to block their ...
      (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
    • Quantcast