New hijacking - Done via via good old-fashioned Identity Theft

Sven Olaf Kamphuis sven at cb3rob.net
Thu Oct 7 14:16:00 UTC 2010


you just give contacts for the passwords with which you have received a 
new one.

each potential person that can send email to your email address, gets a 
unique password from you.

sending person/maillist 1 gets password abcdefg to send to bla at example.com 
(no matter from which email address)

sending person/maillist 2 gets password 123545 to send to bla at example.com 
(no matter from which email address)

email clients should be modified to include the password: field both in 
the email itself and in the header entry field (to: from: subjecT: or just 
store them together with the destination address in the address book

mailservers (the maildrop part) should be modified to parse the Password: 
header, compare it to the list of currently allowed passwords for the 
destination email address and then either drop to the mailbox, or 
bounce. (we did this in our test setup by simply parsing the entire email, 
so the password could be -anywhere- in the email :P

ofcourse the Password: line should be only sent to the recipient, not to 
other Cc: or Bcc: target addresses of the same email, the first stmp 
server in the chain should solve this bit.

actually, durign our tests, we turned off all the header verifications, 
RBL's, etc on our smtpds, and the only spam that got through were emails 
that accidentially contained the password string in a binary attachment 
(as we parsed the entire email .. we should not do that, just teh 
Password: line  in the final version :P and stuff where we gave, for 
example, nanog, the password "nanog" and then nanog is cc'ed in a spam
both of which cases can be solved with the standardization of the 
Password: field

once this is in place, all smtpds can go open relay again, port 25 can be 
opened again on eyeball networks, RBLs and graylisting can remain at home, 
and the SMTP email system will be 100% spam free and reliable and 
real-time. (there are several other features which have been removed from 
most smtpds to "stop spam" such as accepting ip addresses rather than 
domain names in the target email address, which can then return)

all the other stuff never stopped spam, it just made smtp email unreliable 
slow and no longer an option for 99% of the things where email was used 
for before, and skype, msn and facebook are used for today.

this system -does- stop spam, but the disadvantage to this system is that 
by implementing it, smtp email is no longer suitable for "initial contact"

(well you could ofcourse place passwords in whois and on your website for 
your hostmaster/sales box so random people can still make initial contact 
over smtp, or simply accept all passwords on those boxes, on which then 
there WILL be spam.. ;)

i'd say, smtp no longer being "open for any random idiot to mail any other 
random idiot without knowing each other first" is less of a disadvantage 
than taking the whole thing slowly die by making it less and less 
attractive as a means of communications (slow, unreliable and not 
real-time, and still with spam coming in by the 1000s, which it is due to 
"conventional" attempts to stop spam)


-- 
Greetings,

Sven Olaf Kamphuis,
CB3ROB Ltd. & Co. KG
=========================================================================
Address: Koloniestrasse 34         VAT Tax ID:      DE267268209
          D-13359                   Registration:    HRA 42834 B
          BERLIN                    Phone:           +31/(0)87-8747479
          Germany                   GSM:             +49/(0)152-26410799
RIPE:    CBSK1-RIPE                e-Mail:          sven at cb3rob.net
=========================================================================
<penpen> C3P0, der elektrische Westerwelle

=========================================================================

Confidential: Please be advised that the information contained in this
email message, including all attached documents or files, is privileged
and confidential and is intended only for the use of the individual or
individuals addressed. Any other use, dissemination, distribution or
copying of this communication is strictly prohibited.


On Thu, 7 Oct 2010, Valdis.Kletnieks at vt.edu wrote:

> On Thu, 07 Oct 2010 12:10:37 -0000, Sven Olaf Kamphuis said:
>> If what you're asking under point c is "what happens if a system that
>> contains such a password for your email address gets compromised" the
>> answer is simple, you remove that specific password from your approved
>> passwords list
>
> 140 million or so compromised systems.  You may be spending a lot of time
> removing compromised passwords from your list - and even more problematic,
> notifying everybody of the *new* password(s) they should use to e-mail to you.
> So far this month, I've seen 4,964 mails from 1,090 different From: lines
> (mostly due to a subscription to the linux-kernel list, which is a true fire
> hose), and some 250 different SMTP MAIL FROM: sources.
>
>>                          (note that on the receiver side, the password is not linked
>> to the source email address, senders can use any source email address they
>> want, as long as one of the currently active/accepted passwords is in the
>> email)
>
> We'll overlook the fact that if the password isn't linked to the source
> address, then *any* sender can use any source they want, as long as as it's
> known that *some* sender used '97%-chicken-teriyaki' as a password.  And with
> 140 million compromised boxes, there's a basically never-ending supply of
> credentials to be stolen and used.
>
>> remaining problems with this system are:
>> by lack of a standard header for Password: which should be supported by
>> all clients, address books, online shops, mailinglists, we put the
>> password in the email, which means, that on Cc:'s and forwards etc
>> the password got forwarded along with the email, potentially giving other
>> people the password too.
>
> And you recognize that your scheme leaks said passwords, but that's not a fatal
> problem.
>
>> Now, this is -100%- spam stopping, smtp can be as open relay and you want,
>> the internet can be full of compromised windows boxes chunking out tons of
>> crap, but you won't get any spam, just mail from people YOU choose to deal
>> with, by actively -giving- them a password yourself, which you can also
>> -revoke-.
>
> So explain to me in *detail* - you're in the To: line of this mail.  I don't
> believe I've sent to you in the past.  I acquire a password valid to send you
> this e-mail, how, exactly? After all, I can't e-mail you and ask for one...
>
> After that, explain how a Hotmail user migrates to GMail (or vice versa) and
> retains their ability to contact everybody they used to contact.
>
> You might want to look at this:
>
> http://www.rhyolite.com/anti-spam/you-might-be.html
>
> and see how many of the entries in the list apply to your proposal. (Nothing
> personal - I don't think *any* realistic anti-spam proposal can get much
> traction unless they've at least *thought* about every single bullet point on
> that list).
>
> Further discussion is probably best on SPAM-L.
>
>




More information about the NANOG mailing list