Re: [brlug-general] Spearfishing
To be more direct, the protocols that define email are horribly out of date and have no place in the modern world. If email is to ever going to have any remote possibility of being secured, SMTP needs to be completely thrown out the window in favor or something else. The protocols are broken, there is no TRUE and 100% accepted way of verifying senders, and it's horrible for sending or linking files. Of course, that ain't gonna happen any time soon, unfortunately On Fri, Dec 6, 2013 at 3:10 PM, Edmund Cramp wrote: > The reply from the customer support is *“Currently, our system is set to > send the remittances in the secure format. The only other option would be > for us to change the format to non-secure, this way the email won’t contain > any html files.”* > > > > This brings to mind a tagline that used to appear in the ASR newsgroup … > "I would like to shake the hand of the man who first decided that e-mail > clients should slice, dice and run arbitrary programs. Then I'd like to > stir, blend and puree his hand." > > > > ROT-13 would be a lot less dangerous and probably more secure - "V jbhyq > yvxr gb funxr gur unaq bs gur zna jub svefg qrpvqrq gung r-znvy pyvragf > fubhyq fyvpr, qvpr naq eha neovgenel cebtenzf. Gura V'q yvxr gb fgve, oyraq > naq cherr uvf unaq." > > > > > > *From:* General [mailto:general-boun...@brlug.net] *On Behalf Of *Shannon > Roddy > *Sent:* Wednesday, December 04, 2013 1:33 PM > > *To:* general@brlug.net > *Subject:* Re: [brlug-general] Spearfishing > > > > It appears to me to be Cisco IronPort. > > > > http://www.networkworld.com/community/node/19588 > > > > Yuck. > > > > On Wed, Dec 4, 2013 at 1:40 PM, Jarred White > wrote: > > It looks to be legit, but what an awful freaking idea BofA. > > http://securemsg.bankofamerica.com/Secure_Email_Recipient_Guide_en.pdf > > > > On Wed, Dec 4, 2013 at 1:32 PM, Keith Stokes > wrote: > > Yes, unfortunately it is this easy. > > > > On Dec 4, 2013, at 12:21 PM, Edmund Cramp wrote: > > > > A user received an email that purports to come from one of our customers > with the instructions: > > "Click the securedoc.html attachment to open (view) the secure message. > For best results, save the file first and open it from the saved location > using a Web browser." > > My email system, very sensibly stripped and quarantined the file, and > stored it with a couple of hundred of assorted New Order.zip and payroll > report.xls files in the quarantine directory. Opening the file with > notepad shows it to be mostly javascript with various references that make > it appear to come from the Bank of America. > > My immediate reaction was unprintable but hell, assuming that it's "real" > and that's not certain yet, these people want me to let users open any HTML > web page that floats into their inbox? > > This has got to be a gift from the gods if you are up to mischief - just > email everyone a securedoc.html file and they will open it and enter their > password ... which javascript (love that stuff) will promptly send to the > web site of your choice. > > Spearfishing is this easy? > > Edmund Cramp - google.com/+edmundcramp > -- > I am a drinker with writing problems. Brendan Behan > > > ___ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net > > > > > --- > > > > Keith Stokes > > > > > ___ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net > > > > > -- > > ~Running amok on technology with no apologies > > > ___ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net > > > > ___ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net > > ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
Re: [brlug-general] Spearfishing
The reply from the customer support is “Currently, our system is set to send the remittances in the secure format. The only other option would be for us to change the format to non-secure, this way the email won’t contain any html files.” This brings to mind a tagline that used to appear in the ASR newsgroup … "I would like to shake the hand of the man who first decided that e-mail clients should slice, dice and run arbitrary programs. Then I'd like to stir, blend and puree his hand." ROT-13 would be a lot less dangerous and probably more secure - "V jbhyq yvxr gb funxr gur unaq bs gur zna jub svefg qrpvqrq gung r-znvy pyvragf fubhyq fyvpr, qvpr naq eha neovgenel cebtenzf. Gura V'q yvxr gb fgve, oyraq naq cherr uvf unaq." From: General [mailto:general-boun...@brlug.net] On Behalf Of Shannon Roddy Sent: Wednesday, December 04, 2013 1:33 PM To: general@brlug.net Subject: Re: [brlug-general] Spearfishing It appears to me to be Cisco IronPort. http://www.networkworld.com/community/node/19588 Yuck. On Wed, Dec 4, 2013 at 1:40 PM, Jarred White wrote: It looks to be legit, but what an awful freaking idea BofA. http://securemsg.bankofamerica.com/Secure_Email_Recipient_Guide_en.pdf On Wed, Dec 4, 2013 at 1:32 PM, Keith Stokes wrote: Yes, unfortunately it is this easy. On Dec 4, 2013, at 12:21 PM, Edmund Cramp wrote: A user received an email that purports to come from one of our customers with the instructions: "Click the securedoc.html attachment to open (view) the secure message. For best results, save the file first and open it from the saved location using a Web browser." My email system, very sensibly stripped and quarantined the file, and stored it with a couple of hundred of assorted New Order.zip and payroll report.xls files in the quarantine directory. Opening the file with notepad shows it to be mostly javascript with various references that make it appear to come from the Bank of America. My immediate reaction was unprintable but hell, assuming that it's "real" and that's not certain yet, these people want me to let users open any HTML web page that floats into their inbox? This has got to be a gift from the gods if you are up to mischief - just email everyone a securedoc.html file and they will open it and enter their password ... which javascript (love that stuff) will promptly send to the web site of your choice. Spearfishing is this easy? Edmund Cramp - google.com/+edmundcramp -- I am a drinker with writing problems. Brendan Behan ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net --- Keith Stokes ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net -- ~Running amok on technology with no apologies ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
Re: [brlug-general] Spearfishing
It appears to me to be Cisco IronPort. http://www.networkworld.com/community/node/19588 Yuck. On Wed, Dec 4, 2013 at 1:40 PM, Jarred White wrote: > It looks to be legit, but what an awful freaking idea BofA. > > http://securemsg.bankofamerica.com/Secure_Email_Recipient_Guide_en.pdf > > > > On Wed, Dec 4, 2013 at 1:32 PM, Keith Stokes wrote: > >> Yes, unfortunately it is this easy. >> >> On Dec 4, 2013, at 12:21 PM, Edmund Cramp wrote: >> >> A user received an email that purports to come from one of our customers >> with the instructions: >> >> "Click the securedoc.html attachment to open (view) the secure message. >> For best results, save the file first and open it from the saved location >> using a Web browser." >> >> My email system, very sensibly stripped and quarantined the file, and >> stored it with a couple of hundred of assorted New Order.zip and payroll >> report.xls files in the quarantine directory. Opening the file with >> notepad shows it to be mostly javascript with various references that make >> it appear to come from the Bank of America. >> >> My immediate reaction was unprintable but hell, assuming that it's "real" >> and that's not certain yet, these people want me to let users open any HTML >> web page that floats into their inbox? >> >> This has got to be a gift from the gods if you are up to mischief - just >> email everyone a securedoc.html file and they will open it and enter their >> password ... which javascript (love that stuff) will promptly send to the >> web site of your choice. >> >> Spearfishing is this easy? >> >> Edmund Cramp - google.com/+edmundcramp >> -- >> I am a drinker with writing problems. Brendan Behan >> >> >> ___ >> General mailing list >> General@brlug.net >> http://brlug.net/mailman/listinfo/general_brlug.net >> >> >> >> --- >> >> Keith Stokes >> >> >> ___ >> General mailing list >> General@brlug.net >> http://brlug.net/mailman/listinfo/general_brlug.net >> >> > > > -- > ~Running amok on technology with no apologies > > ___ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net > > ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
Re: [brlug-general] Spearfishing
It does appear to be legitimate - but then you’d expect a good phish to look legit wouldn’t you? I’ve emailed them (and they should have received an attachment removed message automatically) and we’ll see what happens but I’ve no intention of compromising security for their convenience. Edmund Cramp - google.com/+edmundcramp -- "Novit enim Dominus qui sunt eius" (Kill them surely the Lord discerns which are his) - Arnaud-Amaury, Albigensian Crusade 1209. From: General [mailto:general-boun...@brlug.net] On Behalf Of Jarred White Sent: Wednesday, December 04, 2013 12:41 PM To: general@brlug.net Subject: Re: [brlug-general] Spearfishing It looks to be legit, but what an awful freaking idea BofA. http://securemsg.bankofamerica.com/Secure_Email_Recipient_Guide_en.pdf On Wed, Dec 4, 2013 at 1:32 PM, Keith Stokes wrote: Yes, unfortunately it is this easy. On Dec 4, 2013, at 12:21 PM, Edmund Cramp wrote: A user received an email that purports to come from one of our customers with the instructions: "Click the securedoc.html attachment to open (view) the secure message. For best results, save the file first and open it from the saved location using a Web browser." My email system, very sensibly stripped and quarantined the file, and stored it with a couple of hundred of assorted New Order.zip and payroll report.xls files in the quarantine directory. Opening the file with notepad shows it to be mostly javascript with various references that make it appear to come from the Bank of America. My immediate reaction was unprintable but hell, assuming that it's "real" and that's not certain yet, these people want me to let users open any HTML web page that floats into their inbox? This has got to be a gift from the gods if you are up to mischief - just email everyone a securedoc.html file and they will open it and enter their password ... which javascript (love that stuff) will promptly send to the web site of your choice. Spearfishing is this easy? Edmund Cramp - google.com/+edmundcramp -- I am a drinker with writing problems. Brendan Behan ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net --- Keith Stokes ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net -- ~Running amok on technology with no apologies___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
Re: [brlug-general] Spearfishing
I like when they request access to your clipboard Mark A. Lappin, CCNA, MCITP: Enterprise Administrator | Lee Michaels Fine Jewelry Director of Information Technology 11314 Cloverland Ave | Baton Rouge, LA 70809 Ph: 225.368.3645 | Fax: 225.368.3675 ma...@lmfj.com<mailto:ma...@lmfj.com> | www.lmfj.com<http://www.lmfj.com/> [[image]] Like Us on Facebook <http://www.facebook.com/leemichaelsjewelry> Watch the Lee Michaels Story <http://www.lmfj.com/embed_holder.php> This communication is privileged and confidential. If you are not the intended recipient, please notify the sender by reply e-mail and destroy all copies of this communication . From: General [mailto:general-boun...@brlug.net] On Behalf Of Jarred White Sent: Wednesday, December 04, 2013 12:41 PM To: general@brlug.net Subject: Re: [brlug-general] Spearfishing It looks to be legit, but what an awful freaking idea BofA. http://securemsg.bankofamerica.com/Secure_Email_Recipient_Guide_en.pdf On Wed, Dec 4, 2013 at 1:32 PM, Keith Stokes mailto:ke...@digital-gurus.com>> wrote: Yes, unfortunately it is this easy. On Dec 4, 2013, at 12:21 PM, Edmund Cramp mailto:e...@motion-labs.com>> wrote: A user received an email that purports to come from one of our customers with the instructions: "Click the securedoc.html attachment to open (view) the secure message. For best results, save the file first and open it from the saved location using a Web browser." My email system, very sensibly stripped and quarantined the file, and stored it with a couple of hundred of assorted New Order.zip and payroll report.xls files in the quarantine directory. Opening the file with notepad shows it to be mostly javascript with various references that make it appear to come from the Bank of America. My immediate reaction was unprintable but hell, assuming that it's "real" and that's not certain yet, these people want me to let users open any HTML web page that floats into their inbox? This has got to be a gift from the gods if you are up to mischief - just email everyone a securedoc.html file and they will open it and enter their password ... which javascript (love that stuff) will promptly send to the web site of your choice. Spearfishing is this easy? Edmund Cramp - google.com/+edmundcramp<http://google.com/+edmundcramp> -- I am a drinker with writing problems. Brendan Behan ___ General mailing list General@brlug.net<mailto:General@brlug.net> http://brlug.net/mailman/listinfo/general_brlug.net --- Keith Stokes ___ General mailing list General@brlug.net<mailto:General@brlug.net> http://brlug.net/mailman/listinfo/general_brlug.net -- ~Running amok on technology with no apologies <>___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
Re: [brlug-general] Spearfishing
It looks to be legit, but what an awful freaking idea BofA. http://securemsg.bankofamerica.com/Secure_Email_Recipient_Guide_en.pdf On Wed, Dec 4, 2013 at 1:32 PM, Keith Stokes wrote: > Yes, unfortunately it is this easy. > > On Dec 4, 2013, at 12:21 PM, Edmund Cramp wrote: > > A user received an email that purports to come from one of our customers > with the instructions: > > "Click the securedoc.html attachment to open (view) the secure message. > For best results, save the file first and open it from the saved location > using a Web browser." > > My email system, very sensibly stripped and quarantined the file, and > stored it with a couple of hundred of assorted New Order.zip and payroll > report.xls files in the quarantine directory. Opening the file with > notepad shows it to be mostly javascript with various references that make > it appear to come from the Bank of America. > > My immediate reaction was unprintable but hell, assuming that it's "real" > and that's not certain yet, these people want me to let users open any HTML > web page that floats into their inbox? > > This has got to be a gift from the gods if you are up to mischief - just > email everyone a securedoc.html file and they will open it and enter their > password ... which javascript (love that stuff) will promptly send to the > web site of your choice. > > Spearfishing is this easy? > > Edmund Cramp - google.com/+edmundcramp > -- > I am a drinker with writing problems. Brendan Behan > > > ___ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net > > > > --- > > Keith Stokes > > > ___ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net > > -- ~Running amok on technology with no apologies ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
Re: [brlug-general] Spearfishing
Yes, unfortunately it is this easy. On Dec 4, 2013, at 12:21 PM, Edmund Cramp wrote: > A user received an email that purports to come from one of our customers with > the instructions: > > "Click the securedoc.html attachment to open (view) the secure message. For > best results, save the file first and open it from the saved location using a > Web browser." > > My email system, very sensibly stripped and quarantined the file, and stored > it with a couple of hundred of assorted New Order.zip and payroll report.xls > files in the quarantine directory. Opening the file with notepad shows it to > be mostly javascript with various references that make it appear to come from > the Bank of America. > > My immediate reaction was unprintable but hell, assuming that it's "real" and > that's not certain yet, these people want me to let users open any HTML web > page that floats into their inbox? > > This has got to be a gift from the gods if you are up to mischief - just > email everyone a securedoc.html file and they will open it and enter their > password ... which javascript (love that stuff) will promptly send to the web > site of your choice. > > Spearfishing is this easy? > > Edmund Cramp - google.com/+edmundcramp > -- > I am a drinker with writing problems. Brendan Behan > > > ___ > General mailing list > General@brlug.net > http://brlug.net/mailman/listinfo/general_brlug.net --- Keith Stokes ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
[brlug-general] Spearfishing
A user received an email that purports to come from one of our customers with the instructions: "Click the securedoc.html attachment to open (view) the secure message. For best results, save the file first and open it from the saved location using a Web browser." My email system, very sensibly stripped and quarantined the file, and stored it with a couple of hundred of assorted New Order.zip and payroll report.xls files in the quarantine directory. Opening the file with notepad shows it to be mostly javascript with various references that make it appear to come from the Bank of America. My immediate reaction was unprintable but hell, assuming that it's "real" and that's not certain yet, these people want me to let users open any HTML web page that floats into their inbox? This has got to be a gift from the gods if you are up to mischief - just email everyone a securedoc.html file and they will open it and enter their password ... which javascript (love that stuff) will promptly send to the web site of your choice. Spearfishing is this easy? Edmund Cramp - google.com/+edmundcramp -- I am a drinker with writing problems. Brendan Behan ___ General mailing list General@brlug.net http://brlug.net/mailman/listinfo/general_brlug.net
