[Owasp-leaders] Email Security Research

Joshua Perrymon josh at packetfocus.com
Wed Oct 14 12:44:08 EDT 2009

I did a talk yesterday on phishing, and I walked the crowd through an attack
on a domain I own.   For this domain, the email is hosted and I just use POP
or IMAP to get it.   On a separate client laptop, I had 4 client email
programs running


1)      Outlook 2007

2)      Microsoft Mail (VISTA)

3)      Thunderbird

4)      Opera Mail Client.


At the end of the demo, we determined that hosted email provided little or
no protection against targeted (Non-blacklisted) phishing attacks, other
than Microsoft clients not allowing IP addresses in links or email body.
None of the clients kept track of attempts, meaning that you could send a
"good" email from the same address, right after sending an email that got
caught in a phishing filter.


I would also like to note, that my new PALM PRE never Identified a single
phishing email, no matter what was in the body or subject.


Industry Questions:


1)      So now, I'm trying to decide at what point does a company start
hosting email internally?


2)      Would you think that a large number of companies use hosted email?


3)      Do clients use Email Security (Hardware) when using remote email


4)      If clients have email hosted internally, what security controls are
applied to identify email attacks?


o   Inbound SMTP scanning?

o   Email Security Hardware?

o   Email Relay Scanning?

o   Email Server Hardening/Configuration/Security

o   Client Level Controls 




I will be writing an OWASP paper on this topic, and keeping track with the
results.   I'm just trying to understand what email security fails on so
many levels.  I understand that there are a lot of dumb users, but
technology should do a better job at identifying attacks.




Joshua Perrymon, CEH, OPST, OPSA

CEO PacketFocus LLC

 <mailto:Josh at packetfocus.com> Josh at packetfocus.com



Fax: (877) 218-4030

 <http://www.packetfocus.com/> www.packetfocus.com


President Alabama OWASP Chapter  <http://www.owasp.org/> www.owasp.org

Selected for "Top 5 Coolest hacks of 2007" Dark Reading/ Forbes.com





-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20091014/40707626/attachment.html 

More information about the OWASP-Leaders mailing list