22nd August 2017 by Tara Seals
A new email exploit, dubbed Ropemaker, allows a malicious actor to edit the content in an email—after it’s been delivered to the recipient and made it through the necessary filters.
For instance, an attacker could swap a benign URL with a malicious one in an email already delivered to an inbox, or edit any text in the body of an email whenever they want—all without direct access to that inbox.
First uncovered by Mimecast’s research team, a successful exploit could even undermine those that use SMIME or PGP for signing.
Full Article.
Oh that sounds nasty.
Martijn Grooten on Aug 28, 2017
Researchers at Mimecast have published details (pdf) of an email exploit they call 'ROPEMAKER' (short for 'Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky'), which allows an email sender with malicious intentions to modify the appearance of an email after it has been delivered.
The idea is rather simple: a lot of emails use CSS, and it is not uncommon for part of the stylesheet to be loaded from an external source. This external CSS can then be modified post-delivery to change the email as it appears to the user, for example by hiding one ('good') link and making another ('bad') link visible, or more complex variants of this technique.
Although Mimecast says the technique doesn't work on any of the major webmail providers, it does work in Microsoft Outlook, Apple Mail and Mozilla Thunderbird; I was easily able to reproduce the technique in the latter case.
Full Article.
Researchers at Mimecast have published details (pdf) of an email exploit they call 'ROPEMAKER' (short for 'Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky'), which allows an email sender with malicious intentions to modify the appearance of an email after it has been delivered.
The idea is rather simple: a lot of emails use CSS, and it is not uncommon for part of the stylesheet to be loaded from an external source. This external CSS can then be modified post-delivery to change the email as it appears to the user, for example by hiding one ('good') link and making another ('bad') link visible, or more complex variants of this technique.
Although Mimecast says the technique doesn't work on any of the major webmail providers, it does work in Microsoft Outlook, Apple Mail and Mozilla Thunderbird; I was easily able to reproduce the technique in the latter case.
Full Article.
Again, this thing is NASTY. Ugh.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.