Bugtraq mailing list archives
Re: Security Flaw with Digital signatures in Microsoft Outlook
From: <dori () we-can co il>
Date: 29 Mar 2005 04:18:21 -0000
In-Reply-To: <20050325202052.15663.qmail () www securityfocus com> Mr Roberto managed to change email headers from address. Security Professionals know the email headers can't be trusted and can be easily forged. Most Outlook users *do not*. The signed by and the certificate signer remain valid so its issue of educating users to look at the "signed by" field , and not the from address. This "Feature / Flaw" can be the source of some problematic phishing scams: if i buy a certificate for some-user () company com and send a forged email with "from" helpdesk () company com, signed by that some-user () company com I'm sure it can get the passwords from most of the users. I'm sure some ppl will take this further and we are going to see this trend in phishing evolving quickly. Dori Fisher, We! Consulting group.
Current thread:
- Security Flaw with Digital signatures in Microsoft Outlook Roberto Franceschetti (Mar 25)
- RE: Security Flaw with Digital signatures in Microsoft Outlook Adrian Floarea (Mar 25)
- Re: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook Erwann ABALEA (Mar 25)
- RE: [bugtraq] Security Flaw with Digital signatures in Microsoft Outlook Lyal Collins (Mar 26)
- Re: Security Flaw with Digital signatures in Microsoft Outlook Anthony G. Atkielski (Mar 26)
- <Possible follow-ups>
- Re: Security Flaw with Digital signatures in Microsoft Outlook dori (Mar 29)