Re: [Add] Google's DOH(like) being used for evil already
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 12 June 2019 14:38 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FF451200E3 for <add@ietfa.amsl.com>; Wed, 12 Jun 2019 07:38:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id miOByrWx96wt for <add@ietfa.amsl.com>; Wed, 12 Jun 2019 07:38:47 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45DBE1200B3 for <add@ietf.org>; Wed, 12 Jun 2019 07:38:46 -0700 (PDT)
Received: from sandelman.ca (unknown [IPv6:2607:f0b0:f:2:56b2:3ff:fe0b:d84]) by tuna.sandelman.ca (Postfix) with ESMTP id 47F70380BE; Wed, 12 Jun 2019 10:37:21 -0400 (EDT)
Received: by sandelman.ca (Postfix, from userid 179) id B82B9F4A; Wed, 12 Jun 2019 10:38:44 -0400 (EDT)
Received: from sandelman.ca (localhost [127.0.0.1]) by sandelman.ca (Postfix) with ESMTP id B5B6855A; Wed, 12 Jun 2019 10:38:44 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Wes Hardaker <wjhns1@hardakers.net>
cc: add@ietf.org
In-Reply-To: <yblblz3cfpo.fsf@wu.hardakers.net>
References: <yblblz3cfpo.fsf@wu.hardakers.net>
X-Mailer: MH-E 8.6; nmh 1.7+dev; GNU Emacs 24.5.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 12 Jun 2019 10:38:44 -0400
Message-ID: <9053.1560350324@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/pfnNHw79dBdxtjX5otSdI9L3868>
Subject: Re: [Add] Google's DOH(like) being used for evil already
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Jun 2019 14:38:49 -0000
Wes Hardaker <wjhns1@hardakers.net> wrote: > https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/ It's just executing untrusted code in MIME, while downloading part of the payload via google. It's nothing that didn't occur 25 years ago to mail user agents that ignored MIME's Security Considerations. What's new is that it (ab)uses google to transfer the payload. -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- [Add] Google's DOH(like) being used for evil alre… Wes Hardaker
- Re: [Add] Google's DOH(like) being used for evil … Vladimír Čunát
- Re: [Add] Google's DOH(like) being used for evil … Wes Hardaker
- Re: [Add] Google's DOH(like) being used for evil … Vladimír Čunát
- Re: [Add] Google's DOH(like) being used for evil … Stephane Bortzmeyer
- Re: [Add] Google's DOH(like) being used for evil … Stephane Bortzmeyer
- Re: [Add] Google's DOH(like) being used for evil … Michael Richardson