undefined | Better HN

0 pointsasimpletune8mo ago0 comments

The main failure is that dkim still passed even though the email was modified in important ways.

0 comments

Well there are a few different big failures, from not signing the To: to allowing long arbitrary content in an email sent from a legitimate Google address...

But I think Google sites is the most important one because it makes sites look like they are actually Google wherever one comes from, it could be a pop-under loaded by another site or whatever, I think it's a more universal avenue for phishing than just exploiting DKIM.

aaronmdjones8mo ago

The To header was included in the DKIM signature. The reproduction section of the article shows the result of final delivery to the victim which shows the original To header. If that were removed it would invalidate the signature.

aaronmdjones8mo ago

The body of the e-mail was not modified whatsoever. Nor were any of the signed headers of the e-mail, including the Subject, From, and To headers.

j / k navigate · click thread line to collapse

0 comments

seszett8mo ago

Well there are a few different big failures, from not signing the To: to allowing long arbitrary content in an email sent from a legitimate Google address...

aaronmdjones8mo ago

The body of the e-mail was not modified whatsoever. Nor were any of the signed headers of the e-mail, including the Subject, From, and To headers.

j / k navigate · click thread line to collapse