What is Digg?Sponsored by Best Buy
Think Choosing a Gift For A Teen Girl Is Impossible? view!
bestbuy.com - Hello-o-o! No WAY! Email, IM, chat, social networking & streaming audio/video are all on Netbooks.
26 Comments
- akwok, on 10/24/2009, -3/+30It took me quite a while to figure out what that title was trying to say...
- spambutcher, on 10/24/2009, -1/+21I'm somehow not surprised anti-spam systems couldn't detect a small-scale hand-crafted phishing attack.
the real "spoof" here is that the study's perpetrator managed to convince others this was news-worthy. nice work. - seltaeb4, on 10/24/2009, -0/+11I approved him, and the cool thing is he's going to send me $1,000 for helping him test out his e-mail.
- bossm4n, on 10/24/2009, -1/+10No. Spear-Phishing.
..........................................________
....................................,.-‘”...................``~.,
.............................,.-”...................................“-.,
.........................,/...............................................”:,
.....................,?......................................................\,
.................../...........................................................,}
................./......................................................,:`^`..}
.............../...................................................,:”........./
..............?.....__.........................................:`.........../
............./__.(.....“~-,_..............................,:`........../
.........../(_....”~,_........“~,_....................,:`........_/
..........{.._$;_......”=,_.......“-,_.......,.-~-,},.~”;/....}
...........((.....*~_.......”=-._......“;,,./`..../”............../
...,,,___.\`~,......“~.,....................`.....}............../
............(....`=-,,.......`........................(......;_,,-”
............/.`~,......`-...............................\....../\
.............\`~.*-,.....................................|,./.....\,__
,,_..........}.>-._\...................................|..............`=~-,
.....`=~-,_\_......`\,.................................\
...................`=~-,,.\,...............................\
................................`:,,...........................`\..............__
.....................................`=-,...................,%`>--==``
........................................_\..........._,-%.......`\
...................................,<`.._|_,-&``................`\ - lead2thehead, on 10/24/2009, -0/+8The spam filters are still smarter than the average user.
- turbosatan, on 10/24/2009, -1/+8how is this news?
Anti Spam vendors dont stop one specific linked in request!!!!
Wow
call the ***** pentagon quick. Crisis level 5. launch all weapons.. including the guy who did the test. he is a weapon - AveryDeDog, on 10/24/2009, -1/+5Let's just say it and get it done:
People are stupid, greedy, arrogant and stupid.
There, it's on the table.
Email is really no different from any other human interaction ever invented and people are no different from the morons that went for Madoff's Get Rich Quick scheme. Until someone invents a "Stupid Vaccination" peole will continue to be cullible.
By they way, if you send me $10, I'll shut up.
Until is becomes acceptable to analyze content in a mail there will be no protection from an attack like this. - regx, on 10/24/2009, -1/+5No surprise here
No email phishing or spam scanning program is 100% effective. They all have false positives and false negatives and waste a ton of processing power. What I would be more interested in is the CO2 footprint caused by spam. The only method to stop 100% of spam and phishing with 0 false positives and false negatives while using hardly any processing power is whitelist / blacklist. Install boxtrapper or something similar on your server and be done with it. If people complain about having to verify they are human to contact you, just tell them it is a small price to pay and thank them for helping save the planet. - betona, on 10/24/2009, -0/+3...but you have to forward it to all of your friends first.
- Greg2k, on 10/24/2009, -0/+3I thought something smelt phishy...
- shox, on 10/25/2009, -0/+3This is in no way a failure of any major e-mail provider or system, this is a failure of the administrators of those enterprises to properly configure their systems.
There are two great ways to detect and block spoofed e-mails like this, and they are called Sender Policy Framework and DomainKeysIdentifiedMail (DKIM).
LinkedIn.com currently publishes SPF rules in DNS. Here's their rule:
v=spf1 ip4:70.42.142.0/24 ip4:208.111.172.0/24 ip4:64.74.220.0/24 ip4:64.74.221.0/26 ip4:64.71.153.211 ip4:64.74.221.30 ip4:69.28.149.0/24 ip4:208.111.169.128/26 ip4:64.74.98.128/26 ip4:64.74.98.16/29 mx ~all
What this rule says is "don't accept an email from linkedin.com unless it comes from one of these IPs". Every major e-mail system today supports the ability to check SPF rules. In the event an SPF check fails, as it would have in this case, the recipient mail system should reject the message as invalid.
Here's a mail header from a legit message from my mailserver that came from linkedin.com:
Received-SPF: pass (mymailserver.mydomain.com: SPF record at linkedin.com designates 64.74.98.137 as permitted sender)
I would have rejected it if it didn't come from one of those IPs.
OK, so let's also talk about DKIM, or DomainKeysIdentifiedMail. This is a standard that cryptographically signs e-mails so the recipient can verify they are coming from the actual sender. An invalid sender could not sign an e-mail, so it would fail a check. Does LinkedIn sign e-mails? Let me check my own legitimate receipts from their domain -
DomainKey-Signature: s=prod; d=linkedin.com; c=nofws; q=dns;
h=Sender:Date:From:To:Message-ID:Subject:MIME-Version:
Content-Type:X-LinkedIn-fbl;
b=gOLE2QgqdBPFVmssKG1EQdmgEGbZ0KiuIa72vTYfnPKu/9Rf9fDissQp
WF0s7UaoccZmyYXbaCxK8maZ6fuppgUhKqPOpjWuw4lT8yAq5dESOW6kl
ZX35wOBgQhmxFx8;
Yep, looks like they do! So in both cases, linkedin.com has published SPF records and signs their e-mails with DKIM. So why did this 'spear phising' test work? Because the people running those e-mail systems did not recognize the importance of checking and validating SPF and DKIM rules. Basically, they did not configure their mail systems properly. This is a sysadmin fail, not a vendor fail.
IMO, this is a bad attempt at hyping up phising to get media attention for the company that wrote the article. They do not mention SPF or DKIM in their white paper AT ALL or why it is important. They don't give any direction other than a call to build an awareness and incident response program, both of which they also happen to sell.
Don't believe the hype. - solunas, on 10/24/2009, -0/+1Dammit! I knew it was too good to be true!! And I was gonna ask him for a recommendation too.. Bummer..
- scottc, on 10/24/2009, -0/+1boxtrapper creates its own spam because it sends replies to forged return addresses. If you are the victim of a joe job you don't want thousands of boxtrapper confirmation emails flooding your inbox..
- Jaime2000, on 10/24/2009, -1/+2Well played, good sir.
- lead2thehead, on 10/24/2009, -1/+2Come on people, use the "report" button. I'm sick of seeing this *****.
- RavagesOfTime, on 10/24/2009, -1/+1So, this was all a big misunderstanding and Bill Gates isn't the devil, than?
- mrsurfboard, on 10/24/2009, -2/+1Email is basically useless now. It has become so overwhelmed with SPAM and malware that it has ceased to become a valuable tool. Time to scrap it and start over.
- masteama, on 10/24/2009, -1/+0Hey Mr. Surfboard,
I will share with you a comment that I once got from an old hacker that helped develop the internet software and protocols......."when a program eventually is executed....it all 0's and 1's.......and at that point all programs....and I mean all programs are subject to hacking.......there are no programs that cannot be undone" His comments came maybe ten years before you got your first surfboard. Using the Internet Protocol there are still old email programs that work in DOS.....that escape your whining complaints about your webbased hackable puny email software that you think have captured your only choices for emailing on the net. Quit surfing and research how to overcome your problem. I have hesitated to call you a "newbie" because I thought it may hurt your feelings............... - Hammertym3, on 10/24/2009, -2/+0M$ at it again, eh?
- Myztry, on 10/24/2009, -8/+3There was once an ad campaign saying "nobody gets fired for buying IBM". Well guess what. If you spam bounced an email from Bill Gates to your employer you could be darn sure you would get fired. Hell, you'd never work in the industry again.
White listing. Sometimes the consequences demand it... - citizensARREST, on 10/24/2009, -9/+4"Monopoly's just a game, Senator - I'm trying to control the ***** world."
- Velnich, on 10/24/2009, -15/+5Don't listen to bruisky. He is NOT Bill Gates.
I am. - Jaime2000, on 10/24/2009, -13/+3"...Spear-Phising..."
..........................................________
....................................,.-‘”...................``~.,
.............................,.-”...................................“-.,
.........................,/...............................................”:,
.....................,?......................................................\,
.................../...........................................................,}
................./......................................................,:`^`..}
.............../...................................................,:”........./
..............?.....__.........................................:`.........../
............./__.(.....“~-,_..............................,:`........../
.........../(_....”~,_........“~,_....................,:`........_/
..........{.._$;_......”=,_.......“-,_.......,.-~-,},.~”;/....}
...........((.....*~_.......”=-._......“;,,./`..../”............../
...,,,___.\`~,......“~.,....................`.....}............../
............(....`=-,,.......`........................(......;_,,-”
............/.`~,......`-...............................\....../\
.............\`~.*-,.....................................|,./.....\,__
,,_..........}.>-._\...................................|..............`=~-,
.....`=~-,_\_......`\,.................................\
...................`=~-,,.\,...............................\
................................`:,,...........................`\..............__
.....................................`=-,...................,%`>--==``
........................................_\..........._,-%.......`\
...................................,<`.._|_,-&``................`\ - bruisky, on 10/24/2009, -17/+6I'm going to start telling everyone I'm Bill Gates.
I'm Bill Gates. - pstroll, on 10/24/2009, -14/+2♥♥ Me and Bill. bff! ♥♥
- phpchris, on 10/24/2009, -16/+3No I'm Sparta.. eh.. Bill Gates!.
© Digg Inc. 2009
— Content created and posted by Digg users is