1.    23 Aug 2017 #1
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,886
    Windows 10 (Pro and Insider Pro)

    Ropemaker - new Exploit for Desktop Email Clients


    Mimecast (Email security vendor) has publish a warning today about possible email exploit called Ropemaker.

    A new type of email exploit could affect all kind of computer users, even the most advanced. Practically all desktop email clients are vulnerable to this exploit if sending message in html format.

    Read more at www.eweek.com | security/ropemaker-email-exploit-exposes-desktop-clients-to-security-risks

    The Ropemaker attack abuses desktop email client functionality that enables email messages to pull CSS (Cascading Style Sheet) information from a remote location. Mimecast's researchers found that an attacker can inject or replace CSS information with malicious information that could lead to exploitation.
      My ComputerSystem Spec
  2.    24 Aug 2017 #2
    Join Date : Feb 2016
    Maribor, Slovenia
    Posts : 8,886
    Windows 10 (Pro and Insider Pro)
    Thread Starter

    I'm not sure, if everybody understands how easy this vulnerability is to exploit (since there is no discussion here), I'm posting link to another coverage of it: BleepingComputer | ropemaker-lets-attackers-change-your-emails-after-delivery

    ROPEMAKER which stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky revolves around the idea that an attacker sends an email in HTML format to a victim, but instead of using inline or embedded CSS code to decorate the text, it uses a CSS file loaded from his server.
    The purpose is to write and send an initially benign email, which the attacker modifies at a later date by altering the content of the CSS file hosted on his server.

    ROPEMAKER attack fools current email security products

    The initial benign email passes local email security scanners installed on the target's network, but any changes to the email's content aren't picked up when they happen.
    This is because email security systems don't re-scan emails delivered to users' inboxes, but only incoming emails at the time of their delivery.
      My ComputerSystem Spec

 


Similar Threads
Thread Forum
Anti-virus freezes email clients
I recently posted a question about my email clients not making connections. (Windows Live Mail and others). Email connection question Solved - Windows 10 Forums After a long chat with a Microsoft agent the problem was solved and I happily...
AntiVirus, Firewalls and System Security
Remote Desktop Clients - April 2017 Update for Windows 10
Source: Remote Desktop Clients Enterprise Mobility and Security Blog
Windows 10 News
Email attachments do not appear on Desktop
Hi there I am a first time user of this forum. Using Outlook 365 on Windows 10 Desktop PC Email attachments do not appear when saved to my Desktop. They do save in Downloads but not on the Desktop. Very frustrating:mad: Any suggestions?
Browsers and Email
Improved Skype desktop clients for dynamic new chat experi
Source...
Windows 10 News
Compatible 3rd Party Email Clients ?
Anyone tried Incredimail 2.5, Thunderbird, WLM and ilk yet?
Browsers and Email
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 22:29.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums