[Owasp-alabama] [Bham_InfraGard] Email Research posted today

owasp-alabama at lists.owasp.org owasp-alabama at lists.owasp.org
Mon Oct 26 11:07:37 EDT 2009

It's not the 80's anymore. :)

Companies tested had the latest/greatest email protection available from
vendors. So what are companies supposed to do??  Just say that it is too
hard to stop it using technology?
We all know how had user security awareness really is..  

I do this on a daily basis for our clients, so I see how devastating this
type of attack is.  I agree that it is an issue with SMTP, but if users are
targeted, and technology can't stop it or at least move certain emails into
a "Junk/Phishing" folder then there is a big issue. If it looks half way
legit, they are going to click on it and attackers are going to get their
credentials or exploit their browser. 


-----Original Message-----
From: David.R.Wharton at regions.com [mailto:David.R.Wharton at regions.com] 
Sent: Monday, October 26, 2009 9:53 AM
To: Chad Holmes
Cc: birmingham_chapter at infragard.org;
birmingham_chapter-bounces at listserv.infragard.org; josh at packetfocus.com;
owasp-alabama at lists.owasp.org
Subject: Re: [Bham_InfraGard] Email Research posted today

So email can be spoofed and the "From:" domain doesn't have to match up 
with the MTA domain.  Welcome to the 1980's.  This isn't a vendor issue, 
it is how the protocol works.  Personally, I prefer it this way so I can 
have my own domain-specific email addresses but relay mail thru my ISP.

-David Wharton

P.S. Apparently UDP packets can be spoofed too.  Who knew? ;)

Chad Holmes <cholmes24 at gmail.com> 
Sent by: birmingham_chapter-bounces at listserv.infragard.org
10/22/2009 05:38 PM

josh at packetfocus.com
birmingham_chapter at infragard.org, owasp-alabama at lists.owasp.org
Re: [Bham_InfraGard] Email Research posted today

Nice work Josh,

On Thu, Oct 22, 2009 at 2:07 PM, Joshua Perrymon <josh at packetfocus.com> 
> http://www.darkreading.com/story/showArticle.jhtml?articleID=220900191
> Joshua Perrymon, CEH, OPST, OPSA
> CEO PacketFocus LLC
> Josh at packetfocus.com
> 1.877.PKT.FOCUS
> 1.205.994.6573
> Fax: (877) 218-4030
> www.packetfocus.com
> President Alabama OWASP Chapter www.owasp.org
> Selected for ?Top 5 Coolest hacks of 2007? Dark Reading/ Forbes.com
> www.linkedin.com/in/packetfocus
> Follow PacketFocus  on Twitter:  http://twitter.com/packetfocus
> _______________________________________________
> Birmingham_chapter mailing list
> Birmingham_chapter at listserv.infragard.org
> http://listserv.infragard.org:8080/mailman/listinfo/birmingham_chapter


Chad Holmes

Birmingham_chapter mailing list
Birmingham_chapter at listserv.infragard.org

More information about the Owasp-alabama mailing list