Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Anti-spam user authentication easy to break

Anti-spam user authentication easy to break

by Nikola Strahija on October 11th, 2005 Not only that user authentication schemes will not reduce spam, they are dead easy to break too, a security researcher warned recently.


User authentication schemes such as SPF (Sender Policy Framework) and Sender ID check if machines are allowed to send email from a claimed domain. -This doesn't tell you who the actual sender was or weather or not a message is spam, Nick FitzGerald, of Computer Virus Consulting in New Zealand, said.

Also, botnets, networks of zombie PCs controlled by hackers, screw anti-spam authentication, he noted. -User authentication is worse than nothing at all. For example, SPF is broken before implementation because it's not just breakable but trivial to break, he said.

Although current spam bots don't directly beat SPF it would be trivial to add a few lines of code to do just that, according to FitzGerald.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »