Bad spelling opens up security loophole Skip to main content

Bad spelling opens up security loophole

A missing dot in an email address might mean messages end up in the hands of cyber thieves, researchers have found.
By creating web domains that contained commonly mistyped names, the investigators received emails that would otherwise not be delivered.
Over six months they grabbed 20GB of data made up of 120,000 wrongly sent messages.
Some of the intercepted correspondence contained user names, passwords, and details of corporate networks.
About 30% of the top 500 companies in the US were vulnerable to this security shortcoming according to researchers Peter Kim and Garret Gee of the Godai Group.
The problem arises because of the way organisations set up their email systems. While most have a single domain for their website, many use sub-domains for individual business units, regional offices or foreign subsidiaries.
Dots or full stops are used to separate the words in that sub domain.
For example a large American financial group may take bank.com as its corporate home but internally use us.bank.com for staff email.
Usually, if an address is typed with one of the dots missing, ie usbank.com, then the message is returned to its sender.
But by setting up similar doppelganger domains, the researchers were able to receive messages that would otherwise be bounced back.

Start Quote

It's striking that the researchers managed to capture so much information by focusing on just one common mistake”
Mark Stockley Sophos
"Doppelganger domains have a potent impact via email as attackers could gather information such as trade secrets, user names and passwords, and other employee information," wrote the researchers in a paper detailing their work.
Only one of the companies being impersonated noticed that spoofing was taking place and tracked down the researchers.
Man in the middle A clever attacker could cover their tracks by passing on the message to its correct recipient and relaying back any reply.
By acting as a middleman the likelihood of more messages being mis-sent using the "reply" function increases.
Follow-up work by the researchers revealed that some cyber criminals may already be exploiting keyboard errors.
A search uncovered many addresses resembling corporate sub-domains which were owned by individuals in China or linked to sites associated with malware or phishing.
Writing on the blog of security firm Sophos, Mark Stockley said: "It's striking that the researchers managed to capture so much information by focusing on just one common mistake.
"A determined attacker with a modest budget could easily afford to buy domains covering a vast range of organisations and typos," he said.

http://www.bbc.co.uk/news/technology-14842691
Labels:

Comments

Post a Comment

Popular posts from this blog

Chronology of the Press in Burma

1836 – 1846 * During this period the first English-language newspaper was launched under British-ruled Tenasserim, southern  Burma . The first ethnic Karen-language and Burmese-language newspapers also appear in this period.     March 3, 1836 —The first English-language newspaper,  The Maulmain Chronicle , appears in the city of Moulmein in British-ruled Tenasserim. The paper, first published by a British official named E.A. Blundell, continued up until the 1950s. September 1842 —Tavoy’s  Hsa-tu-gaw  (the  Morning Star ), a monthly publication in the Karen-language of  Sgaw ,  is established by the Baptist mission. It is the first ethnic language newspaper. Circulation reached about three hundred until its publication ceased in 1849. January 1843 —The Baptist mission publishes a monthly newspaper, the Christian  Dhamma  Thadinsa  (the  Religious Herald ), in Moulmein. Supposedly the first Burmese-language newspaper, it continued up until the first year of the second Angl
Post a Comment
Read more

ARSA claims ambush on Myanmar security forces

Arakan Rohingya Salvation Army (ARSA) on Sunday claimed responsibility for an ambush on Myanmar security forces that left several wounded in northern Rakhine state, the first attack in weeks in a region gutted by violence. Rakhine was plunged into turmoil last August, when a series of ARSA raids prompted a military backlash so brutal the UN says it likely amounts to ethnic cleansing of the Muslim Rohingya minority. The army campaign sent some 650,000 Rohingya fleeing for Bangladesh, where refugees have given harrowing accounts of rape, murder and arson at the hands of security forces and vigilantes. Myanmar's military, which tightly controls information about Rakhine, denies any abuses and insists the crackdown was a proportionate response to crush the "terrorist" threat. ARSA have launched few attacks in recent months.  But the army reported that "about ten" Rohingya terrorists ambushed a car with hand-made mines and gunfire on Friday morning
Post a Comment
Read more

Thai penis whitening trend raises eyebrows

Image copyright LELUXHOSPITAL Image caption Authorities warn the procedure could be quite painful A supposed trend of penis whitening has captivated Thailand in recent days and left it asking if the country's beauty industry is taking things too far. Skin whitening is nothing new in many Asian countries, where darker skin is often associated with outdoor labour, therefore, being poorer. But even so, when a clip of a clinic's latest intriguing procedure was posted online, it quickly went viral. Thailand's health ministry has since issued a warning over the procedure. The BBC Thai service spoke to one patient who had undergone the treatment, who told them: "I wanted to feel more confident in my swimming briefs". The 30-year-old said his first session of several was two months ago, and he had since seen a definite change in the shade. 'What for?' The original Facebook post from the clinic offering the treatment, which uses lasers to break do
1 comment
Read more