This Week In Security: Echospoofing, Ransomware Records, And Github Attestations

It’s a bit of bitter irony, when a security product gets used maliciously, to pull off the exact attack it was designed to prevent. Enter Proofpoint, and the EchoSpoofing attack. Proofpoint offers an email security product, filtering spam and malicious incoming emails, and also handling SPF, DKIM, and DMARC headers on outgoing email. How does an external service provide those email authentication headers?

One of the cardinal sins of running an email server is to allow open relaying. That’s when anyone can forward email though an SMTP server without authentication. What we have here is two nearly open relays, that wound up with spoofed emails getting authenticated just like the real thing. The first offender is Microsoft’s Office365, which seems to completely skip checking for email spoofing when using SMTP relaying from an allowed IP address. This means a valid Office365 account allows sending emails as any address. The other half relies on the way Proofpoint works normally, accepting SMTP traffic from certain IP addresses, and adding the authentication headers to those emails. There’s an option in Proofpoint to add the Microsoft Office 365 servers to that list, and apparently quite a few companies simply select that option.

The end result is that a clever spammer can send millions of completely legitimate looking emails every day, that look very convincing even to sophisticated users. At six months of activity, averaging three millions emails a day, this campaign managed just over half a billion malicious emails from multiple high-profile domains.

The good news here is that Proofpoint and Guardio discovered the scheme, and worked with Microsoft to develop the X-OriginatorOrg header that is now applied to every email sent from or through the Office365 servers. This header marks the account tenant the email belongs to, giving vendors like Proofpoint a simple way to determine email validity. Continue reading “This Week In Security: Echospoofing, Ransomware Records, And Github Attestations”

Getting A Laser Eye Injury And How To Avoid It

Most people love lasers, because they can make cats chase, read music from a shiny disc, etch and cut materials, and be very shiny in Hollywood blockbusters, even when their presence makes zero sense. That said, lasers are also extremely dangerous, as their highly focused nature and wide range of power levels can leave a person dazzled, blinded or dead from direct and indirect exposure. A lapse in laser safety was how [Phil Broughton] ended up with part of his retina forever marked, as he describes his adventures with an overly enthusiastic laser company sales person.

Quanta Ray PRO350 with frequency doubling, emitting a 532nm beam – Sales brochure image from Quanta Ray, unknown date
Quanta Ray PRO350 with frequency doubling, emitting a 532 nm beam – Sales brochure image from Quanta Ray, unknown date

It didn’t take much, just this sales person who made a really poor decision while trying to please some customers and nearly ended with multiple adults, a local school, pilots at a nearby airfield getting their retinas blasted out due to an absolutely harebrained idea to use a fairly high-powered Quanta-Ray Nd:YAG laser on reflective surfaces in the open.

This was in 1999, and fortunately [Phil] only suffered some fairly minor damage to his retina from the laser beam reflection. What happened to the customers (who wore argon laser safety glasses) or the sales critter (who left soon after) is not described, but both may have received some bad news when they had their eyes checked shortly after at the ophthalmologist.

These kind of stories are a stark reminder that laser safety is not optional. Lasers producing a visible (400 – 700 nm) wavelength above Class 2 should only be operated in a fully secured environment, with safety glasses for the appropriate laser wavelength. Class 2 lasers producing a non-visible wavelength can cause permanent damage because the blink reflex of the eye does not offer any protection here.

As even some dodgy laser pointers are being (illegally) sold online are actually Class 2, this should make it clear that laser eye injury can happen to anyone, and it only takes a second to change someone’s life forever.

An odd looking apparatus for cleaning floppy disks. A neon green disk tray is suspended on metal linear rails in a vertical orientation. It can move back and forth through a set of cleaning heads and a set of drying fans. There are some control buttons on the font as well as a string of addressable LEDs and two speakers.

Rube Goldberg Floppy Disk Cleaner

Floppies were once the standard method of information exchange, but decades of storage can render them unreadable, especially if mold sets in. [Rob Smith] wanted to clean some floppies in style and made a Disco Rube Goldberg-Style device for the job.

Starting with a disk caddy on linear rails, [Smith] has a track for the floppy to follow. First it goes through a set of pads with cleaning solution on them, and is then dried off with heating elements. To make it more fun, the device has LEDs and a set of speakers at the bottom to treat the disk to a more complete car wash-esque experience.

Cotton swabs and a cleaning solution are all you really need to do the job by hand, but if you have a lot of floppies, that can get tedious quickly. [Smith] compares his machine’s performance to doing it by hand with both IPA and a dish soap solution showing that his machine does indeed clean the disks and usually makes them more readable than they were before. He cautions that it might be best to make multiple copies of the disk during the cleaning process as it isn’t always constructive though.

Thinking about archiving that stack of floppies under your workbench? While Linux doesn’t support the drives anymore, we’ve covered a couple different methods in the past and the importance of reading the flux.

Continue reading “Rube Goldberg Floppy Disk Cleaner”