arisuchan    [ tech / cult / art ]   [ λ / Δ ]   [ psy ]   [ ru ]   [ random ]   [ meta ]   [ all ]    info / stickers     temporarily disabledtemporarily disabled

/cyb/ - cyberpunk and cybersecurity

low life. high tech. anonymity. privacy. security.
Name
Email
Subject
Comment

formatting options
File
Password (For file deletion.)

Help me fix this shit. https://legacy.arisuchan.jp/q/res/2703.html#2703

Kalyx ######

File: 1504690456667.jpg (164.88 KB, 800x600, 1314798687966379303.jpg)

 No.1437

http://archive.is/DmQvU

>Security researchers are warning of a new, easy-to-exploit email trick that could allow an attacker to turn a seemingly benign email into a malicious one after it has already been delivered to your email inbox.

>Dubbed Ropemaker (stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky), the trick was uncovered by Francisco Ribeiro, the researcher at email and cloud security firm Mimecast.

>A successful exploitation of the Ropemaker attack could allow an attacker to remotely modify the content of an email sent by the attacker itself, for example swapping a URL with the malicious one.

>This can be done even after the email has already been delivered to the recipient and made it through all the necessary spam and security filters, without requiring direct access to the recipient’s computer or email application, exposing hundreds of millions of desktop email client users to malicious attacks.

 No.1440

Wow so a way of communicating that's not just plain text has an attack vector related to formatting. This happens every time when will people learn ?

 No.1442

Agreed.

Send and receive email as text-only and this is less likely to happen.

 No.1443

So the attack is that you link external content and late change that? You can't actually replace a link with CSS, you can only change whether it is shown or not, right?

>This attack is harder to defend against because the initial email received by the user does not display any URL, most software systems will not flag the message as malicious.
It will still contain the URL so the spam filters should still pick it up. I doubt they would ignore it just because it has a "display: none" property.

Unless I missed something this seems to be very stupid fear mongering.

 No.1445

>>1443
I think it's like this.

<hidden>M</hidden>
<shown>S</shown>
<h>a</h>
<s>a</s>
<h>l</h>
<s>f</s>
<h>w</h>
<s>e</s>
<h>a</h>
<h>r</h>
<h>e</h>

I could be wrong though

 No.1448

>>1443
I only skimread it but that's what it looked like, html email with an externally linked CSS stylesheet, selectively hide/show whole elements with the CSS stylesheet after the fact.

Overhyped. Wouldn't really call this a vuln worth even worrying about. The HTML body of the email itself won't bloody change and anything scanning mail bodies won't care what the CSS says to display.

TAGGED WONTFIX

 No.1519

>>1437
blocks external sources from loading
I think, it would be even better for the GoodURL to display same text, but actually point to different site, as most people won't click on something that looks like BadURL. Nothing wrong with combining both ways.
And then there's something like this:
https://thejh.net/misc/website-terminal-copy-paste


[Return] [Go to top] [ Catalog ] [Post a Reply]
Delete Post [ ]