Twitter | Search | |
Search Refresh
Mike Cherry 5 Dec 17
So is turning out to be fun
Reply Retweet Like
VPN.AC 5 Dec 17
kudos to our friend for his excellent research on email spoofing!
Reply Retweet Like
Kev Creechan 🇨🇦🏴󠁧󠁢󠁳󠁣󠁴󠁿 8 Dec 17
This is why isn't the problem you thought it was. There's still a lot of companies running improperly configured MTA's, therefore plain old header forging works without any need for obfuscation.
Reply Retweet Like
Ramandeep 7 Dec 17
?Q?=00?= could be replaced with ?b?bnVsbA==?= and it still works
Reply Retweet Like
Tutanota 6 Dec 17
Another attack is possible on most major email services. Always be a step ahead of malicious attackers: Use - we've not been affected by as security is at the heart of our encrypted mail service.
Reply Retweet Like
MultiCoastMedia 5 Dec 17
A good reason to consider using your web based email, at least for now, instead of a client like Outlook or Apple Mail. header in Gmail is not very convincing.
Reply Retweet Like
al0xander 11 Dec 17
Working on ways to block via EOP rules.
Reply Retweet Like
Synametrics 27 Dec 17
If you haven't done so already, we highly suggest updating your Xeams. With the comes: - A new filter called Tricky Sender to combat - Inherited Profiles are introduced - Additional system alerts have added And more!
Reply Retweet Like
MailMate 13 Dec 17
MailMate 1.10 released. This release also includes fixes for High Sierra and various related issues.
Reply Retweet Like
MailMate 8 Dec 17
A few thoughts on email spoofing after the issues in MailMate were fixed:
Reply Retweet Like
TrendLabs 7 Dec 17
Emails using can be crafted to look like they were from legitimate senders. Report:
Reply Retweet Like
rm - rf 5 Dec 17
awesome work by , . I'm hoping to see an offline version of the tool.
Reply Retweet Like
Sabri Sep 17
Replying to @pwnsdx
is the proof for the first, was for the latter one.
Reply Retweet Like
Fab 5 Dec 17
fancy title and/but worth a look
Reply Retweet Like
Valimail Feb 14
Replying to @Valimail
The hype around ignored one big thing that Haddouche's own data makes clear: Most mail clients are not vulnerable to it. Here's everything you need to know about and DMARC. 7/
Reply Retweet Like
Kev Creechan 🇨🇦🏴󠁧󠁢󠁳󠁣󠁴󠁿 5 Dec 17
1/ Fixing isn't going to magically inject trust into the SMTP model. You can still successfully send forged headers without the exploit to a lot of people because there's so many badly configured MTA's out there that will happily accept them.
Reply Retweet Like
Kenneth Holley 5 Dec 17
“The cleverness of this attack is that everything comes from the right source from the perspective of the mail server...” >> ‘Mailsploit’ Lets Hackers Forge Perfect Email Spoofs
Reply Retweet Like
Karl Emil Nikka 5 Dec 17
vulnerability (found by ) opens up for e-mail spoofing.
Reply Retweet Like
Luca 6 Dec 17
Shoutout confirming once again what a fantastic and serious developer he is (yes, singular). If you need a mail client for macOS look no further. Released fix for in a day from notification.
Reply Retweet Like
Pabumake 5 Dec 17
also works in Exchange 2013 OWA here Great Research and thanks for the Demo 👌 Check it out !
Reply Retweet Like