Sections:
Home |
Featured Blogs |
News Briefs |
Industry Updates |
Topics |
Community
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use
Copyright © 2002-2008 CircleID.
Iomemo Inc.
All rights reserved unless where otherwise noted.
Local Time: Tuesday, December 02, 2008 10:04 PM PST – Page Load: 0.2637 Sec.
Local Time: Tuesday, December 02, 2008 10:04 PM PST – Page Load: 0.2637 Sec.
Depending, of course, on how your address book works. Many users of Outlook, for example, have auto-add-to-address-book, auto-lookup and auto-completion turned on. This opens up an interesting type of spoof attack.
Let's say you know that John Smith and Jane Doe exchange email among a group of folks, and you'd like to receive misdirected emails from that distribution. If Jane is "Jane Doe" <jane.doe@bigcorp.com>, then you sign up with a free email service as "Jane Doe" <jane.doe@freeservice.com>. Next, you send an innocuous email to John Smith such as "testing my email account. let me know if you got this. thanks." When John Smith hits 'reply', two things happen. Your freeservice email account is added to his address book, AND the next time he quickly starts to writeJane Doe's email address into a To: line, your free email address will be the one picked by Outlook to fill in for Jane Doe.
Again, the effectiveness of this strategy depends on several variables, but I've seen it happen.
Ain't it the truth.
My Gmail username is very similar to the abbreviation that people might guess for a certain Irish journalist, and I get lots of hot tips for stories in the Emerald Isle. Nothing yet that I can turn into a profit, though.