IETF Logo Mail Archive

[calsify] Calendar spam - it is speeding up - security issue / warning

Doug Royer <douglasroyer@gmail.com> Fri, 14 June 2019 01:13 UTC

Return-Path: <douglasroyer@gmail.com>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCB1D1200EF for <calsify@ietfa.amsl.com>; Thu, 13 Jun 2019 18:13:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id plIK6AP8Eass for <calsify@ietfa.amsl.com>; Thu, 13 Jun 2019 18:13:13 -0700 (PDT)
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28CDA1200D7 for <calsify@ietf.org>; Thu, 13 Jun 2019 18:13:13 -0700 (PDT)
Received: by mail-pf1-x42e.google.com with SMTP id x15so344131pfq.0 for <calsify@ietf.org>; Thu, 13 Jun 2019 18:13:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:organization:message-id:date:user-agent :mime-version; bh=hh/nVZr0jd2JwypOBT3WvLXJiUBczBDXs7w9gsyx7Rk=; b=dqvgQJnDqhdsooiPUezYIea3C1d875y3D6Az8Q+4JuKIQqaGI+SlIPqXKnkdB9IVbt PHn7nMhbKtyZFC0KX52SEpHtQmrX8WpCvndC5A44mvaBW7Of/v9EcjEIs3WlRq40GZrB gQFI0sSKWjBtqTZkkH/IoJwz8A5qoGRuIf0rKvIt4qpC6FeoumIq1yymTuZLvQF3LdhM alItu62ubQ0te4FSaIBhwrgiLEkkCugcal40JSLHjyc7FhCLHTHW0PzUemz4cbX5j/qm /tBGm2333/CHX3riv6yJXPuEx6Kgx+esYhKj907iJ4rQKOp1YK676HMEYSDV+P2qdvZo RBwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:organization:message-id:date :user-agent:mime-version; bh=hh/nVZr0jd2JwypOBT3WvLXJiUBczBDXs7w9gsyx7Rk=; b=huty4OyPKS6crHkEYOxz4xB8oCCr+2P054u2Jw8UmBmMVU64PafD0C645IVYhGOK7n 6h2jP/Zc8RilVQgcbbjkGwlNTA6Mrzi6UvbYnjppC99/WYn8nBkfh4mMd1E6Yr82Fnmy 4CD+JgDmj0A7uF7OVgZOtnQAbC+MeqryZ2a0d1p/Hf+c5h1SgERoTejEKIgojv9tDYUo 19Ee0c0RfG0J7oz4CgYELq/+nLfu+svBVm9aZ0Anci3V+UdmTagldZw0dIx8GynpcSja Nhe7mpbZ8RcYhQgX3JLAaMIli8/hUItpbF4xnvzL+Tfon2l+BejJNSzGryBwXP/5/h7K 5q1A==
X-Gm-Message-State: APjAAAXDQlbjQ2QEBN9GlJmHkJKHyt/PrYZvGs4Xj1qcEDyeE1wfHG8T +nMWCSXTE02/rOZY3RSqmddX0fAAIkhL
X-Google-Smtp-Source: APXvYqwhd1I570QtYdiKifM/w6Nqf3WIKv66OTYAUoJiEnyLc66YM7Hh0eAjwXJIUvthmGFvo0iPpA==
X-Received: by 2002:a17:90a:3724:: with SMTP id u33mr8277300pjb.19.1560474792088; Thu, 13 Jun 2019 18:13:12 -0700 (PDT)
Received: from [192.168.1.7] ([174.27.189.124]) by smtp.googlemail.com with ESMTPSA id j14sm910402pfe.10.2019.06.13.18.13.10 for <calsify@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Thu, 13 Jun 2019 18:13:10 -0700 (PDT)
From: Doug Royer <douglasroyer@gmail.com>
X-Google-Original-From: Doug Royer <DouglasRoyer@gmail.com>
To: calsify@ietf.org
Organization: http://SoftwareAndServices.NET
Message-ID: <f7d8336f-edd2-7d26-1589-87e58dd8672b@gmail.com>
Date: Thu, 13 Jun 2019 19:13:10 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms040900070402030404070606"
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/DY-DPGQagudAlFnWMwrR_ARbgCU>
Subject: [calsify] Calendar spam - it is speeding up - security issue / warning
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 01:13:15 -0000

Years ago, I predicted without more controls (no clue what), that 
calendaring can be used to attempt to schedule appointments and spam.

No proposal from me. Perhaps after reading the article below, new 
security controls may be needed soon. It might make a new great topic / 
draft. Clearly - do not click on appointments in email to find out what 
they are about.

This article is pointing out the latest calendaring security abuse. (it 
is a bit of pay-to-view, you can still read it).

Summary, spammers are sending out calendar appointments with URLs that 
look like appointments (and are fake links or malicious links), or have 
valid iCalendar objects that have or link to malicious calendar 
attachments. The MUA/CUA or perhaps user is being careless about what is 
loaded.

The original post that led me to this article pointed out that 
Thunderbird with the calendar add-on, may be vulnerable to this.

Not entirely new or new news. But it seems to be picking up.

 
https://www.forbes.com/sites/daveywinder/2019/06/11/new-security-warning-issued-for-googles-1-5-billion-gmail-and-calendar-users/#700c55f7565e

No proposal from me. Just for those on this list, if you happen to have 
an idea for helping slow or stop this kind of thing, it may be time to 
rethink iTIP and calendar security.

-- 

Doug Royer - (http://DougRoyer.US)
Douglas.Royer@gmail.com
714-989-6135

v2.23.0 | Report a Bug | By Email