Thursday, February 16, 2012

Spoofed mail messages...

I was reading about email hack attacks advisory by FINRA and it shows what I'm constantly stress in my education talks about email service: It is very insecure service in general and it shouldn't be used for anything serious. What is not clear is why it is necessary to hack someone's mail account in order to spoof a message. I suppose that the reason is some secret code (i.e. password) that is necessary to provide within mail message in order to prove message authenticity? In any case, email is insecure and that's it. Yeah, I know, there are S/MIME and PGP, but they are still not used much!

But, there is always but, and it is the case when the correspondence is internal to an organization. That case can be treated as a more trustworthy for a simple reason that the messages are passing through mail server, and in general through network infrastructure, under the local control (e.g. some company). Of course, this assumes that the network of that company is sufficiently secure, or that a threat of unauthorized access to a network is sufficiently small.

Now I here you saying that there is a problem: someone from the outside can falsify a message so that it looks like it originates from some internal users. Basically, this is not a problem for users that know where to look (i.e. headers), but for the majority, and those that don't look offten headers, this is indeed a problem. Still, I think, there are two possible solutions. The first one is for mail server (actually spam filter) to reject messages claiming to originate from some internal user and coming from the outside. The second one is via some plugin for mail client (which doesn't exist yet as far as I know) that would analyze From and Received attributes in a message header and in case they match (mail originating IP address is internal and From field is internal mail address) it would show a message in a green color, otherwise in a red color, signalizing to a user that something is strange with this message.

For the end of the post, here is a link to educational games I found during search for a original advisory from FINRA. Namely, the article I first encountered about email attacks didn't provide its source, so I googled for it and in due course I found those games which I think are interesting!

No comments:

About Me

scientist, consultant, security specialist, networking guy, system administrator, philosopher ;)

Blog Archive