Mailing List Archive

On 12/28/2022 8:11 AM, Brent Clark wrote:
> Something to see and keep an eye on (Read: Why build this tool)

Sigh.  Yet another borderline ethical posting / tool like far too many
pentesters who think transparency is the ultimate way to move the needle
of security while thinly veiling their search for love and attention
that their mother didn't give them.

Regards,

KAM

On 12/28/22 6:17 AM, Kevin A. McGrail wrote:
> Sigh.  Yet another borderline ethical posting / tool like far too many
> pentesters who think transparency is the ultimate way to move the needle
> of security
Many tools can be used for both good and evil.

I have yet to find a kitchen knife that can tell the difference, much
less behave differently when cutting bread vs the human operator.

SATAN, SARA, cops, crack, firesheep, metasploit, nmap, et al. come to
mind as tools used to help identify weaknesses in security / defenses.
It seems like Espoofer is yet another in a long line of such tools.

I will read about Espoofer, what it does, and how it does it in the
spirit of securing my systems. I think that any such information has
some value.

If nothing else, know they enemy.

> while thinly veiling their search for love and attention that their
> mother didn't give them.

I see no need for the (minor) ad hominem attack and I don't think it
brings anything to the conversation.



--
Grant. . . .
unix || die

It would be great if someone(tm) went through the blackhat pdf and wrote
rules for all the evasions, and fixed the MTAs etc.

On 12/28/22 10:32 AM, Greg Troxel wrote:
> It would be great if someone(tm) went through the blackhat pdf and
> wrote rules for all the evasions, and fixed the MTAs etc.

I have seen and heard discussion about the raft number of bugs fixed 30
- 90 days after the annual Blackhat / Pwn2Own conferences.

It's not detection rules, but it is security fixes based on questionable
research.



--
Grant. . . .
unix || die

Brent Clark:
> Something to see and keep an eye on (Read: Why build this tool)
>
> https://www.kitploit.com/2022/01/espoofer-email-spoofing-testing-tool.html

This is old news. The espoofer tool and research were presented I think
in 2020 and were widely discussed then. And bug fixes for, say, OpenDKIM
and OpenDMARC became available later, presumably also for other affected
software.

On 2022-12-28 at 12:32:39 UTC-0500 (Wed, 28 Dec 2022 12:32:39 -0500)
Greg Troxel <gdt@lexort.com>
is rumored to have said:

> It would be great if someone(tm) went through the blackhat pdf and
> wrote
> rules for all the evasions, and fixed the MTAs etc.

From the cited page:

For more technical details, please see our Black Hat USA 2020 talk
(with presentation video) or USENIX security 2020 paper.
Black Hat USA 2020 slides (PDF): You have No Idea Who Sent that Email:
18 Attacks on Email Sender Authentication
USENIX security 2020 paper (PDF): Composition Kills: A Case Study of
Email Sender Authentication
Distinguished Paper Award Winner

In this repo, we summarize all test cases we found and integrate them
into this tool to help administrators and security-practitioners quickly
identify and locate such security issues.




--
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire