WIRED: ‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs (fwd)

Discussion:

Jude DaShiell

2017-12-05 22:52:25 UTC

Hass mutt got this vulnerability?
--
---------- Forwarded message ----------
Date: Tue, 5 Dec 2017 15:14:15
From: Jude610610 DaShiell513 <***@icloud.com>
To: ***@panix.com
Subject: WIRED: ?Mailsploit? Lets Hackers Forge Perfect Email Spoofs

?Mailsploit? Lets Hackers Forge Perfect Email Spoofs
WIRED

The attack uncovers bugs in how more than a dozen programs implement email's creaky protocol. Read the full story

Shared from Apple News

Sent from my iPhone

Ian Zimmerman

2017-12-06 01:35:45 UTC

Permalink

Post by Jude DaShiell
The attack uncovers bugs in how more than a dozen programs implement
email's creaky protocol. Read the full story

With such a tendentious title, I'm not sure I should take anything in
the article seriously. SMTP is a cleaner and more foolproof protocol
(when correctly implemented) than most that came after it.

--
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet, fetch the TXT record for the domain.

David Woodfall

2017-12-06 21:24:01 UTC

Permalink

Post by Jude DaShiell
Hass mutt got this vulnerability?
--
---------- Forwarded message ----------
Date: Tue, 5 Dec 2017 15:14:15
Subject: WIRED: ?Mailsploit? Lets Hackers Forge Perfect Email Spoofs
?Mailsploit? Lets Hackers Forge Perfect Email Spoofs
WIRED
The attack uncovers bugs in how more than a dozen programs implement email's creaky protocol. Read the full story
Shared from Apple News
Sent from my iPhone

I tried to spoof the from address with the example utf8 code, but mutt
printed it out verbatim.

You could try piping a message to less using another charset:

macro pager,index O |"fmt -s|LESSCHARSET=iso8859 less<enter>"

That tends to get rid of utf8 glyphs in the headers and message. I'm
not saying that it will work for those exploits though.

D