Trad.Goth Advisory #1
Name: Social Engineering of Administrators and Security Professionals
Type: Information Disclosure
Date: Daily
Application: External use only, all MTA's and E-mail Clients, always read
the label
Platform: All Platforms, especially tall ones that wobble a lot
Severity: Names, contact details and internal network infrastructure details
can be enumerated, as can personnel absence
Author : Nexus <nexusat_private-way.co.uk>
Vend Status: Out of Jolt.... bummer said Dougal
CVE: It's too common for a CVE Reference... well actually, I haven't asked
them
Overview
The names, contact details and presence at work of Administrators and
Security Professionals can be enumerated in a trivial fashion simply
by posting a single e-mail to a public mailing list. The resulting
storm of Out Of Office Replies (OOOR's) will contain all the vital
information necessary to socially engineer and determine remote network
structure and implementation. Personal mobile (n. cell phone, [US]),
pager (n. bleepy thing [UK]) numbers and other contact details can also
be revealed as can recent happy events such as births, deaths and marriages.
(Not that I am suggesting Death is always a happy occasion but please
remember
that I'm a) a Trad.Goth (tm) , b) Divorced and c) hate Marilin Manson.)
In addition to this, the SMTP header can also reveal RFC 1918 addresses, MTA
and client versions, OS types, software version banners and any AV products
being used.
Effects
Certain levels of annoyance for anyone posting to a public mailing list,
probably major levels of annoyance for the poor Moderator that gets this
every time they remind the list to turn of OOOR's.
If your rather crowded OOOR'd inbox becomes an issue, I recommend forwarding
the details to your local K-RAD 31337 d00d Dept. or Trocedero Playgroup for
follow-up action.
Detailed Description:
1. Post an e-mail to a public mailing list.
2. Ermmmm....
3. That's it.
4. Await barrage of OOOR's.
5. Complain to anyone that is willing to listen.
6. Continued on Page 94.
7. Apologise to Private Eye for #6
Proof-of-Concept:
This advisory in itself provides full proof of concept, however, list
members
are encouraged to replicate this activity and review the rather full inbox
that results, in a wide variety of languages. Contact details should be
followed up, preferably outside of the individuals working hours, so as to
convey
the importance of telling the entire world that you are not available.
Consideration should be given to reconfiguring your MTA's to send
YIKYAOOOSSSMOOOR
messages (Yes I Know You Are Out Of Office So Stop Sending Me Out Of Office
Replies)
to ensure that people are informed that you are In The Office. Unless you
are out
of office of course. If you are both in and out of the office at the same
time,
then please write an RFC for decoherance and the required number of qubits
to factor
yourself into the same place.
Temporary Workaround:
Inform the list Moderator and the list engine that you are out of office.
Please.
Pretty please with sugar on top.
Vendor Response:
The Vendor was unfortunately unavailable being Out Of Office. However,
their contact details have been passed to the Insomniac Social Engineering
Dept. for further analysis and sold to Telemarketing companies.
Common Vulnerabilities and Exposures (CVE) Information:
The Common Vulnerabilities and Exposures (CVE) project
[http://cve.mitre.org]
has not assigned the following name to this issue - "Please Stop".
In fact, I have not contacted them at all since they only allow crayons
here.
Credits:
I would like to thank the "Big 5" consultantcy firm with the MTA at
10.26.104.85,
the South American bank with the Solaris box at 172.16.126.251 via the
Tid InfoMail Exchanger v2.20 server and the German ISP that likes IBM boxes,
including the MTA at 192.168.0.30 (nice open-source freeware AV solution
guys ;-)
and the other members of this list for supplying me with their emergency
contact
details. Any particularly bad time to call ?
Greetz:
The Guys - y'know who you are... *wave*
This archive was generated by hypermail 2b30 : Fri Jun 07 2002 - 08:52:48 PDT