Disclaimer: You know this, but don't try this at home. Srlsy.
Telnet is the program Unix machines use to log in across the network. It's horribly insecure, but sadly ubiquitous. Basically, it takes a character (or line) that you type on your computer, wraps it up in network packets, and sends it across the network to the other computer, which handles it like it was typed directly on the keyboard there.
A cool thing about telnet is that you don't have to use the normal telnet port (TCP/23); you can use any old port that you want. If there isn't some program listening on the other computer, this won't do you any good. But if there is something - like email - listening on the other side, you can send data directly to the program. In this case, you can forge email.
Here's what it looks like:
First, I open command prompt & go to telnet client by typing telnet.. Below is the session:My first one was a little different - I sent it from "god@heaven.org"* but it's exactly the same. Fake.
Microsoft Telnet>o www.mailserver.com 25
220 mailserver.com ESMTP Sendmail Version 8.x.x; Mon, 28 Sept. 2008;
We do not allow to send fake or bulk emails...
helo microsoft.com
250 mailserver.com Hello Nice to meet you..
mail from:billgates@microsoft.com
250 billgates@microsoft.com Sender Ok
rcpt to:victim@victim.com
250 victim@victim.com Recipient Ok
data
354 Enter mail, end with "." on a line by itself..
SUBJECT:Hello!
Hello,
I am Bill Gates, the chairman of Microsoft. I would like to offer you a job for Microsoft
Corporation. If you are interested to work with Microsoft, then reply me at my mail address.
Regards~
Bill Gates
.
250 2.0.0 iF3NDLS240106 Message Accepted For Delivery.
So what does this have to do with anything? Well, it seems that the UK.Gov is spinning up criminal investigations based solely on an email they received:
The UK.Gov got an injunction forcing Fathers 4 Justice to take their web site down. Fathers 4 Justice complied, and appealed, asking for the email. Guess what they found:Exclusive The government faces accusations of technical incompetence and waste after it went to the High Court to shut down the Fathers 4 Justice website, wrongly claiming campaigners had threatened to publish the home addresses of 237 judges.
Lawyers for Matt O'Connor, the controversial group's founder, are now preparing action against the Ministry of Justice to recover costs and damages from taxpayers. He alleges civil servants failed to perform basic checks on the origins of the threat before launching a legal attack.
The battle began in late June, when the Ministry of Justice received an email falsely purporting to come from O'Connor. It said Fathers 4 Justice would expose judges on its website as revenge for perceived unfairness in family court decisions.
Let's leave aside the question about whether the UK.Gov would have targeted say, a mother's group, or a minority rights group, as opposed to white males. What's clear is that there are a bunch of mouth breathers in the UK Ministry of Justice. Mouth breathers that can get court orders."I'm not a techie but any fool could have looked at the Message-ID and seen it was a fake - a 10-year-old could have done it," O'Connor told The Register, adding that no attempt was made to verify the email by contacting him directly.
"Someone there is either extremely gullible or vindictive."
I know that the *.Gov exempts itself from Criminal Negligence statutes, but this seems to rise to that occasion.
Oh, and one last word to the wise: Don't do this at home. Srlsy.
* Heaven is a non-profit organization, so it has a .org domain.
No comments:
Post a Comment