IETF Logo Mail Archive

Re: [calsify] Calendar spam - it is speeding up - security issue / warning

"Thomas Schäfer" <ts@web.de> Tue, 18 June 2019 16:23 UTC

Return-Path: <ts@web.de>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2965120291 for <calsify@ietfa.amsl.com>; Tue, 18 Jun 2019 09:23:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.698
X-Spam-Level:
X-Spam-Status: No, score=-1.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=web.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3f3-wqSxql62 for <calsify@ietfa.amsl.com>; Tue, 18 Jun 2019 09:23:10 -0700 (PDT)
Received: from mout.web.de (mout.web.de [212.227.17.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 295931201E8 for <calsify@ietf.org>; Tue, 18 Jun 2019 09:23:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1560874984; bh=BmdqRSNZbeg1CXDIXtDk8xtNRFqv0zGoH+mhXCO5m+8=; h=X-UI-Sender-Class:From:To:Cc:Subject:Date:In-Reply-To:References; b=FvdizvLYjaberHBOcX5J8v0aU+mJJz8YssQvgKX1h9cJxO145O/kULXmWsKNigUTt artamt7LlVIXY2hgygLgvsRFLEbRaNr4CqKi5eZ7y161W0LFsOyovYBgXSXRK2VlbC u/qW+hLPF68fEwAMSAeOqUP5OMtX5IQsXbbzRe7k=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from [82.165.232.202] ([82.165.232.202]) by web-mail.web.de (3c-app-webde-bap44.server.lan [172.19.172.44]) (via HTTP); Tue, 18 Jun 2019 18:23:04 +0200
MIME-Version: 1.0
Message-ID: <trinity-a024771a-f08f-423d-92b1-2db3c370970d-1560874984587@3c-app-webde-bap44>
From: "\"Thomas Schäfer\"" <ts@web.de>
To: Doug Royer <douglasroyer@gmail.com>
Cc: calsify@ietf.org
Content-Type: text/plain; charset="UTF-8"
Date: Tue, 18 Jun 2019 18:23:04 +0200
Importance: normal
Sensitivity: Normal
In-Reply-To: <a30c7d25-ae1f-43c4-4153-a423d97da827@gmail.com>
References: <f7d8336f-edd2-7d26-1589-87e58dd8672b@gmail.com> <25453529-BE41-4A4E-B6BD-5EB662C73DEC@calconnect.org> <a30c7d25-ae1f-43c4-4153-a423d97da827@gmail.com>
Content-Transfer-Encoding: quoted-printable
X-UI-Message-Type: mail
X-Priority: 3
X-Provags-ID: V03:K1:gfHFvRwNdvrm6N4lEFGcoAGmk58sR2sPUstXjTPSp51aVZxB2MANxgWJqkyM6Psbduo9s cImmsBB6E0pGV8HZvL4EY2DRkifR4idgOVcvQqimeAZ2zsHeMUbJgyJ4cHjL26ZEewI6e29tm7nE AMc8yYp6FoxV9ww1k48ttAi4RW/Kfjqf97xLu6nADTj/u9fQ+TfeLdgFe3rRUvLNa5zJg9372k3U crvMYFr1V/z1ioYZcuMXja3kiBDPIf+pDTbphJeGctwpciPhXByUtm6ft3R2JAlw+Ase7WaNMbZP yI=
X-UI-Out-Filterresults: notjunk:1;V03:K0:OopGMPIp/7w=:699+d/6oJI+nAFPjyrwBXj 6YC92bisTWlFOo6V+saZn7wtnNA4cqBLSNRImHzSaDVXz3BTJ/YFJkjvKbCqgdSbGSOKETL8G /KtNHFE34wUspjn1Npzxzf/0s85t6AZRMFhUKpWMPWcjF/KDh5/Ov/Lvq+4ne6zZi/55eC/96 8dVoWBcmosBC01qLgaVKNu0Xqb7i/Zah6JImIZOMzisVMJZCfcRJ3uJn8TglTBeTEx/lM5nLU 5C8yQU0v3YUDWpZXorHLD9x3xOawAjRgtsU7TkGWCSxxUZNgruP5ZiPGQcMu6V/y9Qv3j/vpp gXghQN7PhjE3iOIBfHSTLX5ZHiWmEGJsf6L7WNl83O40EnxMRn0ZL3C7WWdBS4z0MxMq1laUY iedj8wJ4XPfqvT8nDys+sDHK9kfxKILzeQcvrAbLBhNhRRX3gmbvqDFYMbayJSEGAULh3Pr3s D9HdfK97/Gdf+qLv4OOd4baoqAeOp7ht7z3zUvQe5Y4SOVjqGJ3D6MAmDYhth83kZahHaILyM q7zVC4uS2rs473YLrL9cMDGTDMcW3weZB5GqT5UHuCK+dQ8zJDn1NvwXN7Xxje9OyTSdxrUur z4at1o2rVQ+jBqjmzEh1jGxDtT7FtppaZjadzPXBhv6VZzz95PoijwIQ==
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/YZbyb2H8ieL_I4uBhsPTXvGPl7Q>
Subject: Re: [calsify] Calendar spam - it is speeding up - security issue / warning
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Jun 2019 16:23:12 -0000

Hi Doug,

Thanks for pointing to the mentioned article.

Members of CalConnect started thinking about this as soon as the big wave of calendar spam hit Apple users in November 2016 (https://www.bbc.com/news/technology-38144377). We soon started working on it by issuing article describing what happened (https://www.calconnect.org/news/2017/01/30/calendar-spam) and also started reaching out for E-Mail people at Messaging Malware Mobile Anti-Abuse Working Group (M3AAWG, https://www.m3aawg.org/) to work together on the topic.

In 2018 we finally managed to agree on working together on the topic (https://www.calconnect.org/news/2018/04/05/taking-calendar-spam-scheduling-developers-organization-calconnect-collaborates) and as Dave mentioned, the result was our published Calendar operator practices — Guidelines to protect against calendar abuse (https://standards.calconnect.org/csd/cc-18003.html) which also includes suggestions for mail and calendar service providers how to address the topic. Which now waits to be co-published by M3AAWG as well.

You are right, that the document may also address the area of calendar client developers a little bit more, but unfortunately we were not able to attract people developing clients to join.

Regarding some of your points:

>Virus checking and malicious site checking is the second (and not mentioned) half.

It is mentioned in https://standards.calconnect.org/csd/cc-18003.html#toc15 and https://standards.calconnect.org/csd/cc-18003.html#toc18, but as said, it does not contain a deep section about expected calendar client behaviour, as it aims for not inserting malicious events in your calendar at all and therefor preventing them to appear in your calendar client.

Thomas Schäfer
chair of TC CALSPAM @ CalConnect

> Gesendet: Freitag, 14. Juni 2019 um 04:57 Uhr
> Von: "Doug Royer" <douglasroyer@gmail.com>
> An: calsify@ietf.org
> Betreff: Re: [calsify] Calendar spam - it is speeding up - security issue / warning
>
> On 6/13/19 8:10 PM, David Thewlis wrote:
> > FYI earlier this year, CalConnect published a best current practices for 
> > calendar operators on calendar spam.  This was developed in conjunction 
> > with M3AAWG; we understand that they will be publishing it as well.  See 
> > https://standards.calconnect.org/csd/cc-18003.html.
> > 
> > Dave Thewlis
> 
> Great! Just read it for the first time. I did not know it existed.
> 
> Should drafts start using 'https' and not 'http' in the examples? It is 
> not just about security over the wire. It can be about verifying the 
> destination host is from a verified and expected site. Should https be 
> required for all links in the future?
> 
> I could add a URL into an iCalendar property/ parameter that links to a 
> .DOC file that has malicious code. Several proposals lately have added 
> or used URL links to related documents.  Some CUAs could execute the 
> related viewing application themselves after the user says 'yes' to load 
> "YourIntroPacket.doc" - without virus checking.  This is a security issue.
> 
> A warning about the user saying "yes" to download and not automatic 
> loading is the first half. Virus checking and malicious site checking is 
> the second (and not mentioned) half.
> 
> Last time I wrote a CUA, I just used the OS call to load and view the 
> reflated application using the OS 'start the correct application' calls 
> - without checking.
> 
> -- 
> 
> Doug Royer - (http://DougRoyer.US)
> Douglas.Royer@gmail.com
> 714-989-6135
> 
> _______________________________________________
> calsify mailing list
> calsify@ietf.org
> https://www.ietf.org/mailman/listinfo/calsify
>

v2.23.0 | Report a Bug | By Email