Dont't worry, assp decodes this and will detect it, because the byte order
is from left to right in this stings. Only the human view in the mail
client will show the reverse order.
So, the default filters like blocking attachment names and/or extensions
will work.
Thomas
Von: K Post <[email protected]>
An: ASSP development mailing list <[email protected]>
Datum: 26.09.2011 20:47
Betreff: [Assp-test] Right to Left override unicode in file names
Interesting article over at Krebs On Security:
http://krebsonsecurity.com/2011/09/right-to-left-override-aids-email-attacks/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29
It talks about a unicode character that reverses ordering from right to
left
that had apparently been used to change the order of characters. For
example, making:
thefilenamedoc.exe
display as
thefilenameexe.doc
I've not seen this, but was wondering if there's a way to have ASSP block
emails with an attachment that has this unicode character. Some thought
might be necessary if we're going to consider url's that also have it.
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the
individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Assp-test mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/assp-test
