[Owasp-alabama] [Bham_InfraGard] Email Research posted today
owasp-alabama at lists.owasp.org
owasp-alabama at lists.owasp.org
Mon Oct 26 11:22:07 EDT 2009
If the "latest/greatest" email protection was implemented, did this
include SPF/DKIM? Of course, in order for that to be effective, the
receiving MTA must support and honor it but a lot of them do. I would
certainly consider SPF/DKIM to be part of the "latest and greatest" email
spoofing and SPAM countermeasures.
Also, you may want to look in to publishing a SPF record for
packetfocus.com.
-David Wharton
Joshua Perrymon <josh at packetfocus.com>
Sent by: birmingham_chapter-bounces at listserv.infragard.org
10/26/2009 10:07 AM
Please respond to
josh at packetfocus.com
To
David.R.Wharton at regions.com, 'Chad Holmes' <cholmes24 at gmail.com>
cc
birmingham_chapter at infragard.org, owasp-alabama at lists.owasp.org,
birmingham_chapter-bounces at listserv.infragard.org
Subject
Re: [Bham_InfraGard] Email Research posted today
It's not the 80's anymore. :)
Companies tested had the latest/greatest email protection available from
vendors. So what are companies supposed to do?? Just say that it is too
hard to stop it using technology?
We all know how had user security awareness really is..
I do this on a daily basis for our clients, so I see how devastating this
type of attack is. I agree that it is an issue with SMTP, but if users
are
targeted, and technology can't stop it or at least move certain emails
into
a "Junk/Phishing" folder then there is a big issue. If it looks half way
legit, they are going to click on it and attackers are going to get their
credentials or exploit their browser.
JP
-----Original Message-----
From: David.R.Wharton at regions.com [mailto:David.R.Wharton at regions.com]
Sent: Monday, October 26, 2009 9:53 AM
To: Chad Holmes
Cc: birmingham_chapter at infragard.org;
birmingham_chapter-bounces at listserv.infragard.org; josh at packetfocus.com;
owasp-alabama at lists.owasp.org
Subject: Re: [Bham_InfraGard] Email Research posted today
So email can be spoofed and the "From:" domain doesn't have to match up
with the MTA domain. Welcome to the 1980's. This isn't a vendor issue,
it is how the protocol works. Personally, I prefer it this way so I can
have my own domain-specific email addresses but relay mail thru my ISP.
-David Wharton
P.S. Apparently UDP packets can be spoofed too. Who knew? ;)
Chad Holmes <cholmes24 at gmail.com>
Sent by: birmingham_chapter-bounces at listserv.infragard.org
10/22/2009 05:38 PM
To
josh at packetfocus.com
cc
birmingham_chapter at infragard.org, owasp-alabama at lists.owasp.org
Subject
Re: [Bham_InfraGard] Email Research posted today
Nice work Josh,
On Thu, Oct 22, 2009 at 2:07 PM, Joshua Perrymon <josh at packetfocus.com>
wrote:
> http://www.darkreading.com/story/showArticle.jhtml?articleID=220900191
>
>
>
>
>
> Joshua Perrymon, CEH, OPST, OPSA
>
> CEO PacketFocus LLC
>
> Josh at packetfocus.com
>
> 1.877.PKT.FOCUS
>
> 1.205.994.6573
>
> Fax: (877) 218-4030
>
> www.packetfocus.com
>
>
>
> President Alabama OWASP Chapter www.owasp.org
>
> Selected for ?Top 5 Coolest hacks of 2007? Dark Reading/ Forbes.com
>
> www.linkedin.com/in/packetfocus
>
> Follow PacketFocus on Twitter: http://twitter.com/packetfocus
>
>
>
>
>
>
>
>
>
> _______________________________________________
> Birmingham_chapter mailing list
> Birmingham_chapter at listserv.infragard.org
> http://listserv.infragard.org:8080/mailman/listinfo/birmingham_chapter
>
>
--
Thanks,
Chad Holmes
http://www.linkedin.com/in/chadholmes
_______________________________________________
Birmingham_chapter mailing list
Birmingham_chapter at listserv.infragard.org
http://listserv.infragard.org:8080/mailman/listinfo/birmingham_chapter
_______________________________________________
Birmingham_chapter mailing list
Birmingham_chapter at listserv.infragard.org
http://listserv.infragard.org:8080/mailman/listinfo/birmingham_chapter
More information about the Owasp-alabama
mailing list