An Interest In:
Web News this Week
- April 2, 2024
- April 1, 2024
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
Some of Our Sources
- Slashdot
- Techcrunch
- TutsPlus - Code
- Pearsonified
- You The Designer
- Creative Curio
- Crazy Leaf Design
- Fudge Graphics
- CSS Tricks
- Android Headlines
Help Webnuz
Referal links:
August 4, 2020 08:45 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5gZ-6nj2Tjw/decades-old-email-flaws-could-let-attackers-mask-their-identities
Decades-Old Email Flaws Could Let Attackers Mask Their Identities
At the Black Hat security conference on Thursday, researchers will present "darn subtle" flaws in industry-wide protections used to ensure that emails come from the address they claim to. From a report: The study looked at the big three protocols used in email sender authentication -- Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting and Conformance (DMARC) -- and found 18 instances of what the researchers call "evasion exploits." The vulnerabilities don't stem from the protocols themselves, but from how different email services and client applications implement them. Attackers could use these loopholes to make spearphishing attacks even harder to detect. "I think I'm a savvy, educated user and the reality is, no, that's actually not enough," says Vern Paxson, cofounder of the network traffic analysis firm Corelight and a researcher at the University of California, Berkeley, who worked on the study along with Jianjun Chen, a postdoctoral researcher at the International Computer Science Institute, and Jian Jiang, senior director of engineering at Shape Security. "Even users who are pretty savvy are going to look at the indicators that Gmail or Hotmail or others provide and be fooled," Paxson says. Think about when you hand a friend a birthday card at their party. You probably only write their first name on the outside of the envelope, and maybe underline it or draw a heart. If you mail that letter instead, though, you need the recipient's full name and detailed address, a stamp, and ultimately a postmark with a date on it. Sending email across the internet works similarly. Though email services only require you to fill out the "To" and "Subject" fields, there's a whole list of more detailed information getting filled out behind the scenes. Those industry-standard "headers," as they're known, include date and time sent and received, language, a unique identifier called a Message-ID, and routing information.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/5gZ-6nj2Tjw/decades-old-email-flaws-could-let-attackers-mask-their-identities
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot