Security Operations

563 readers

6 users here now

A place for all things Cyber Security, from questions, rants, and stories, to the latest attacks, vulnerabilities, and zero days.

founded 1 year ago

MODERATORS

[email protected]

Introducing SMTP Smuggling: A novel technique for spoofing e-mails (r.sec-consult.com)

submitted 10 months ago by [email protected] to c/[email protected]

3 comments fedilink hide all child comments

Introducing SMTP Smuggling: A novel technique for spoofing e-mails::undefined

top 3 comments

sorted by: hot top controversial new old

[–] [email protected] 3 points 10 months ago (1 children)

Whoa, having been in IT since the dawn of time I'm impressed this relatively simple attack on smtp worked.

Prepare for a humongous inrush of spam before servers patch this one.

[–] [email protected] 3 points 10 months ago

Prepare for a humongous inrush of spam before servers patch this one.

But it's already patched by GMX and Microsoft.

As far as I understand it, it doesn't affect single mail servers, but only mail systems where you have separate inbound and outbound servers and the outbound servers trust the data they get from the inbound servers.

[–] [email protected] 2 points 10 months ago

Not sure how many get the joke in "Figure 23: Typical Austrian reaction after receiving a spoofed e-mail":

OIDA

😂