[calsify] Calendar spam - it is speeding up - security issue / warning
Doug Royer <douglasroyer@gmail.com> Fri, 14 June 2019 01:13 UTC
Return-Path: <douglasroyer@gmail.com>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCB1D1200EF for <calsify@ietfa.amsl.com>; Thu, 13 Jun 2019 18:13:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.998
X-Spam-Level:
X-Spam-Status: No, score=-0.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id plIK6AP8Eass for <calsify@ietfa.amsl.com>; Thu, 13 Jun 2019 18:13:13 -0700 (PDT)
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28CDA1200D7 for <calsify@ietf.org>; Thu, 13 Jun 2019 18:13:13 -0700 (PDT)
Received: by mail-pf1-x42e.google.com with SMTP id x15so344131pfq.0 for <calsify@ietf.org>; Thu, 13 Jun 2019 18:13:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:organization:message-id:date:user-agent :mime-version; bh=hh/nVZr0jd2JwypOBT3WvLXJiUBczBDXs7w9gsyx7Rk=; b=dqvgQJnDqhdsooiPUezYIea3C1d875y3D6Az8Q+4JuKIQqaGI+SlIPqXKnkdB9IVbt PHn7nMhbKtyZFC0KX52SEpHtQmrX8WpCvndC5A44mvaBW7Of/v9EcjEIs3WlRq40GZrB gQFI0sSKWjBtqTZkkH/IoJwz8A5qoGRuIf0rKvIt4qpC6FeoumIq1yymTuZLvQF3LdhM alItu62ubQ0te4FSaIBhwrgiLEkkCugcal40JSLHjyc7FhCLHTHW0PzUemz4cbX5j/qm /tBGm2333/CHX3riv6yJXPuEx6Kgx+esYhKj907iJ4rQKOp1YK676HMEYSDV+P2qdvZo RBwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:organization:message-id:date :user-agent:mime-version; bh=hh/nVZr0jd2JwypOBT3WvLXJiUBczBDXs7w9gsyx7Rk=; b=huty4OyPKS6crHkEYOxz4xB8oCCr+2P054u2Jw8UmBmMVU64PafD0C645IVYhGOK7n 6h2jP/Zc8RilVQgcbbjkGwlNTA6Mrzi6UvbYnjppC99/WYn8nBkfh4mMd1E6Yr82Fnmy 4CD+JgDmj0A7uF7OVgZOtnQAbC+MeqryZ2a0d1p/Hf+c5h1SgERoTejEKIgojv9tDYUo 19Ee0c0RfG0J7oz4CgYELq/+nLfu+svBVm9aZ0Anci3V+UdmTagldZw0dIx8GynpcSja Nhe7mpbZ8RcYhQgX3JLAaMIli8/hUItpbF4xnvzL+Tfon2l+BejJNSzGryBwXP/5/h7K 5q1A==
X-Gm-Message-State: APjAAAXDQlbjQ2QEBN9GlJmHkJKHyt/PrYZvGs4Xj1qcEDyeE1wfHG8T +nMWCSXTE02/rOZY3RSqmddX0fAAIkhL
X-Google-Smtp-Source: APXvYqwhd1I570QtYdiKifM/w6Nqf3WIKv66OTYAUoJiEnyLc66YM7Hh0eAjwXJIUvthmGFvo0iPpA==
X-Received: by 2002:a17:90a:3724:: with SMTP id u33mr8277300pjb.19.1560474792088; Thu, 13 Jun 2019 18:13:12 -0700 (PDT)
Received: from [192.168.1.7] ([174.27.189.124]) by smtp.googlemail.com with ESMTPSA id j14sm910402pfe.10.2019.06.13.18.13.10 for <calsify@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Thu, 13 Jun 2019 18:13:10 -0700 (PDT)
From: Doug Royer <douglasroyer@gmail.com>
X-Google-Original-From: Doug Royer <DouglasRoyer@gmail.com>
To: calsify@ietf.org
Organization: http://SoftwareAndServices.NET
Message-ID: <f7d8336f-edd2-7d26-1589-87e58dd8672b@gmail.com>
Date: Thu, 13 Jun 2019 19:13:10 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.2.1
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms040900070402030404070606"
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/DY-DPGQagudAlFnWMwrR_ARbgCU>
Subject: [calsify] Calendar spam - it is speeding up - security issue / warning
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 01:13:15 -0000
Years ago, I predicted without more controls (no clue what), that calendaring can be used to attempt to schedule appointments and spam. No proposal from me. Perhaps after reading the article below, new security controls may be needed soon. It might make a new great topic / draft. Clearly - do not click on appointments in email to find out what they are about. This article is pointing out the latest calendaring security abuse. (it is a bit of pay-to-view, you can still read it). Summary, spammers are sending out calendar appointments with URLs that look like appointments (and are fake links or malicious links), or have valid iCalendar objects that have or link to malicious calendar attachments. The MUA/CUA or perhaps user is being careless about what is loaded. The original post that led me to this article pointed out that Thunderbird with the calendar add-on, may be vulnerable to this. Not entirely new or new news. But it seems to be picking up. https://www.forbes.com/sites/daveywinder/2019/06/11/new-security-warning-issued-for-googles-1-5-billion-gmail-and-calendar-users/#700c55f7565e No proposal from me. Just for those on this list, if you happen to have an idea for helping slow or stop this kind of thing, it may be time to rethink iTIP and calendar security. -- Doug Royer - (http://DougRoyer.US) Douglas.Royer@gmail.com 714-989-6135
- [calsify] Calendar spam - it is speeding up - sec… Doug Royer
- Re: [calsify] Calendar spam - it is speeding up -… David Thewlis
- Re: [calsify] Calendar spam - it is speeding up -… Doug Royer
- Re: [calsify] Calendar spam - it is speeding up -… Thomas Schäfer
- Re: [calsify] Calendar spam - it is speeding up -… Doug Royer