|
|
BugTraq
Is predictable spam filtering a vulnerability? Jun 16 2004 11:26AM R Armiento (rar_bt armiento se) (7 replies) Re: Is predictable spam filtering a vulnerability? Jun 17 2004 05:27PM Joel Eriksson (je-secfocus bitnux com) (3 replies) Re: Is predictable spam filtering a vulnerability? Jun 18 2004 08:57PM Jason Coombs (jasonc science org) Re: Is predictable spam filtering a vulnerability? Jun 18 2004 06:52PM PSE-L mail professional org (Sean Straw / PSE) RE: Is predictable spam filtering a vulnerability? Jun 17 2004 02:18PM Aaron Cake (aaron vltpm com) (1 replies) Re: Is predictable spam filtering a vulnerability? Jun 21 2004 01:23PM Chris Brown (chris wavetex com) Re: Is predictable spam filtering a vulnerability? Jun 17 2004 11:28AM David F. Skoll (dfs roaringpenguin com) (4 replies) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 22 2004 02:20PM Martin Maèok (martin macok underground cz) (2 replies) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 24 2004 07:15AM Valdis Kletnieks vt edu Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 23 2004 12:53AM David F. Skoll (dfs roaringpenguin com) (2 replies) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 23 2004 10:46PM der Mouse (mouse Rodents Montreal QC CA) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 23 2004 09:48PM PSE-L mail professional org (Sean Straw / PSE) (2 replies) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 25 2004 07:49PM der Mouse (mouse Rodents Montreal QC CA) Re: Is predictable spam filtering a vulnerability? (silently dropping messages) Jun 25 2004 05:35PM Seth Breidbart (sethb panix com) Re: Is predictable spam filtering a vulnerability? Jun 20 2004 01:52PM Luca Berra (bluca comedia it) (3 replies) Re: Is predictable spam filtering a vulnerability? Jun 24 2004 08:32PM Michael A. Dickerson (mikey singingtree com) Re: Is predictable spam filtering a vulnerability? Jun 23 2004 05:07PM PSE-L mail professional org (Sean Straw / PSE) (2 replies) Re: Is predictable spam filtering a vulnerability? Jun 24 2004 07:42PM The Fungi (fungi yuggoth org) Re: Is predictable spam filtering a vulnerability? Jun 24 2004 05:44PM John Fitzgibbon (bugtraq jfitz com) (1 replies) Re: Is predictable spam filtering a vulnerability? Jun 25 2004 05:08AM PSE-L mail professional org (Sean Straw / PSE) Re: Is predictable spam filtering a vulnerability? Jun 19 2004 02:56PM Kyle Wheeler (kyle-bugtraq memoryhole net) Re: Is predictable spam filtering a vulnerability? Jun 19 2004 12:49AM Jon Fiedler (jmf9 cwru edu) (1 replies) Re: Is predictable spam filtering a vulnerability? Jun 19 2004 01:29AM David F. Skoll (dfs roaringpenguin com) RE: Is predictable spam filtering a vulnerability? Jun 17 2004 08:26AM Hamlesh Motah (admin hamlesh com) Re: Is predictable spam filtering a vulnerability? Jun 17 2004 08:21AM Ilya Sher (ilya79 actcom net il) |
|
Privacy Statement |
> During a recent email conversation with several participants, we discovered that the email service of one participant silently dropped legitimate emails that happened to contain certain combinations of words common in spam. I believe this sort of filter is common practice, and in fact even in place for some of my own email addresses.
>
> However, this experience made me think: isn't predictable spam filtering in general a vulnerability that could be used as a hoax device? Since most users reply to an email citing the complete source email, including filter-offending words, it should be possible to keep a reply, forward, or even a whole thread, under the radar of specific recipients. If used in combination with forged replies from addresses predictably dropping emails, I think this may be a dangerous tool for social engineering.
Generally, the word 'vulnerability' is attributed to actual flaw in
code. Me? I believe that if a software fails to do it's job due to
missing a feature or a feature not working correctly, it is indeed a
vulnerability, a weakness, or whatever other name you'd like to call it.
Using the word 'vulnerability' for it might not be the best of choices,
but it fits.
On the other hand, security products have to keep up with an evolving
world. New attacks and ways of circumventing detection show up daily,
and products update themselves accordingly. Is it being out-dated or
vulnerable for a product to act as you describe?
Maybe there is a time-issue on if and when the product gets updates, or
perhaps even if new blocks are required and old products can't be
expected to keep up.
Me? I believe that if a product does not keep up-to-date for doing what
it claims to do, it is useless. Not vulnerable.
Another good example is virus scanners which do not support unpacking of
different PE packers, when nowadays malware gets released and
re-released simply re-packed with a different packer, making it
undetectable to about half of the current top-products. Sometimes
getting a new name while at it for the media to chew on.
A poor choice of wording or plain exaggerations? I suppose that with a
missing definitions each person would have to decide for him/herself.
Calling it a vulnerability is fine.. but don't complain about the
stoning later. :) I didn't.
Gadi Evron.
[ reply ]