Re: WIRED: ‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs (fwd)
Hass mutt got this vulnerability? -- -- Forwarded message -- Date: Tue, 5 Dec 2017 15:14:15 From: Jude610610 DaShiell513To: jdash...@panix.com Subject: WIRED: ?Mailsploit? Lets Hackers Forge Perfect Email Spoofs ?Mailsploit? Lets Hackers Forge Perfect Email Spoofs WIRED The attack uncovers bugs in how more than a dozen programs implement email's creaky protocol. Read the full story Shared from Apple News Sent from my iPhone I tried to spoof the from address with the example utf8 code, but mutt printed it out verbatim. You could try piping a message to less using another charset: macro pager,index O |"fmt -s|LESSCHARSET=iso8859 less" That tends to get rid of utf8 glyphs in the headers and message. I'm not saying that it will work for those exploits though. D
Re: WIRED: ‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs (fwd)
On Tue, Dec 05, 2017 at 05:35:45PM -0800, Ian Zimmerman wrote: > > The attack uncovers bugs in how more than a dozen programs implement > > email's creaky protocol. Read the full story > > With such a tendentious title, I'm not sure I should take anything in > the article seriously. SMTP is a cleaner and more foolproof protocol > (when correctly implemented) than most that came after it. Also, it almost makes it sound as if it's able to spoof the actual headers (i.e., the Received lines). In reality, it targets bugs in rendering the >From line. I would say that it does create an email that would fool most people... I tried a couple of the more generic test attacks against Mutt and (as expected), they didn't seem to fool it. I didn't try all 14 though. w
Re: WIRED: ‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs (fwd)
> The attack uncovers bugs in how more than a dozen programs implement > email's creaky protocol. Read the full story With such a tendentious title, I'm not sure I should take anything in the article seriously. SMTP is a cleaner and more foolproof protocol (when correctly implemented) than most that came after it. -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet, fetch the TXT record for the domain.
WIRED: ‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs (fwd)
Hass mutt got this vulnerability? -- -- Forwarded message -- Date: Tue, 5 Dec 2017 15:14:15 From: Jude610610 DaShiell513To: jdash...@panix.com Subject: WIRED: ?Mailsploit? Lets Hackers Forge Perfect Email Spoofs ?Mailsploit? Lets Hackers Forge Perfect Email Spoofs WIRED The attack uncovers bugs in how more than a dozen programs implement email's creaky protocol. Read the full story Shared from Apple News Sent from my iPhone