Email Security
-
- Posts: 4661
- Joined: Wed Oct 19, 2016 5:43 pm
- Location: Holmes County, Ohio
- Affiliation: Gospel Haven
Email Security
Has anyone here ever seen concrete evidence that a system can be hacked or infiltrated through email when the system is running exclusively in a non-administer user account, and the admin password is NOT entered when a rogue process requests it?
0 x
Congregation: Gospel Haven Mennonite Fellowship, Benton, Ohio (Holmes Co.) a split from Beachy-Amish Mennonite.
Personal heritage & general theological viewpoint: conservative Mennonite Brethren.
Personal heritage & general theological viewpoint: conservative Mennonite Brethren.
-
- Posts: 9139
- Joined: Sat Oct 22, 2016 9:09 pm
- Location: Former full time RVers
- Affiliation: PlainRomanCatholic
- Contact:
Re: Email Security
There is that Yahoo mail hacker problem a few years ago. I’ve always used gmail or university email systems so have not had any problems, thankfully.Neto wrote:Has anyone here ever seen concrete evidence that a system can be hacked or infiltrated through email when the system is running exclusively in a non-administer user account, and the admin password is NOT entered when a rogue process requests it?
It may be that some systems did not have a sufficient set of firewalls or other setup.
0 x
Max (Plain Catholic)
Mt 24:35
Proverbs 18:2 A fool does not delight in understanding but only in revealing his own mind.
1 Corinthians 3:19 For the wisdom of this world is folly with God
Mt 24:35
Proverbs 18:2 A fool does not delight in understanding but only in revealing his own mind.
1 Corinthians 3:19 For the wisdom of this world is folly with God
- Josh
- Posts: 24360
- Joined: Wed Oct 19, 2016 6:23 pm
- Location: 1000' ASL
- Affiliation: The church of God
Re: Email Security
Yes, pretty easy. The system needs to be running an OS that has a privilege escalation CVE on it.Neto wrote:Has anyone here ever seen concrete evidence that a system can be hacked or infiltrated through email when the system is running exclusively in a non-administer user account, and the admin password is NOT entered when a rogue process requests it?
Then the email client needs to have an open CVE that allows arbitrary code execution.
0 x
-
- Posts: 4661
- Joined: Wed Oct 19, 2016 5:43 pm
- Location: Holmes County, Ohio
- Affiliation: Gospel Haven
Re: Email Security
Thanks, Josh. Am I correct in understanding your last sentence to say that "In order for this type of hack to be possible the email client needs to have an unresolved common vulnerability"? If so, would this mean, for instance, Thunderbird, or MS Outlook?Josh wrote:Yes, pretty easy. The system needs to be running an OS that has a privilege escalation CVE on it.Neto wrote:Has anyone here ever seen concrete evidence that a system can be hacked or infiltrated through email when the system is running exclusively in a non-administer user account, and the admin password is NOT entered when a rogue process requests it?
Then the email client needs to have an open CVE that allows arbitrary code execution.
0 x
Congregation: Gospel Haven Mennonite Fellowship, Benton, Ohio (Holmes Co.) a split from Beachy-Amish Mennonite.
Personal heritage & general theological viewpoint: conservative Mennonite Brethren.
Personal heritage & general theological viewpoint: conservative Mennonite Brethren.
-
- Posts: 4058
- Joined: Fri Nov 04, 2016 11:13 am
- Location: Maryland
- Affiliation: Con. Menno.
Re: Email Security
Yeah, Apple keeps patching them like wack-a-mole. So far few in the wild on Unix based platforms are able to get administrative privileges, but I found one that kept trying to execute sudo commands. Fortunately OS X 10.15 wont allow, and prompts for a password.Josh wrote:Yes, pretty easy. The system needs to be running an OS that has a privilege escalation CVE on it.Neto wrote:Has anyone here ever seen concrete evidence that a system can be hacked or infiltrated through email when the system is running exclusively in a non-administer user account, and the admin password is NOT entered when a rogue process requests it?
Then the email client needs to have an open CVE that allows arbitrary code execution.
Can email clients do that in win10?
J.M.
0 x