Collaborate Disseminate
Bob sent an email to Alice with nothing much useful and tenuous ( but because it isn’t useful it can ruin Bob’s reputation if bad Alice decide to publish. )
Is there a way for Bob to include a suicide-after-a-specified-time… Continue reading Email including self-shredding macro after "Seen" flag is set
Email clients like Spark for macOS have a feature where a user can send an email later, at any given time, even when the computer is turned off. An SMTP server needs a password based authentication, though.
Does that mean th… Continue reading How do email clients "send later" without storing a password?
I have an IMAP + SMTP server running on linux, using Dovecot + Postfix.
The server only accepts connections over TLS and uses plaintext authentication once the tunnel is established.
I was auditing the mail logs today and wa… Continue reading Outlook for Android uses intermediate Microsoft Servers
In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam’s OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a mas… Continue reading OceanLotus, Russia, & Google – Paul’s Security Weekly #599
In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam’s OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a … Continue reading OceanLotus, Russia, & Google – Paul’s Security Weekly #599
Attackers are increasingly targeting insecure legacy protocols, like IMAP, to avoid running into multi-factor authentication in password-spraying campaigns. Continue reading Threatlist: IMAP-Based Attacks Compromising Accounts at ‘Unprecedented Scale’
I found a domain with open POP3 (110) and IMAP (143) ports. I was able to use TELNET to connect to them successfully, but beyond this is there any common vulnerability/exploit I should test on them, or is this even a security… Continue reading Risks in open POP3/IMAP ports?
For a security challenge I am supposed to dictionary attack an IMAP service. A rather simple exercise using hydra.
So far I failed, since I’ve given hydra the actual website instead of the mail server. How can I find a site… Continue reading Finding and attacking an IMAP Server
For pgp encryption I’d like to combine short expiry terms for public signing and email encryption with (convenient) long term decryption possibilities of my mailbox mails.
I’m using several mail addresses where each is used … Continue reading How to single key decrypt pgp encrypted mails in a multi key/multi identitiy setup?
When I log in to hotmail or Google or posteo I can only log in using the 2FA that I have set up. However, each provider seems to have an alternative for apps that do not auth via a web client.
Hotmail/Google: 16-lowercase-c… Continue reading Does IMAP/POP3/ASP undermine Two-Factor Auth?