this post was submitted on 17 Jul 2023
2046 points (97.2% liked)
Mastodon
5284 readers
1 users here now
Decentralised and open source social network.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
In college I had to write a program to send emails. This was around 2012. Basically we had to send the low level commands of an email for it to go through. After doing this I realized something weird. The email gets to say who it is from. There are obviously ways to sign the message and verify it and most email servers block messages that don't have these because of how trivial it is to fake. It's basically like putting a name tag on that says "Joe Biden" and everyone believing you're the president.
I didn't do anything malicious but I did mildly prank my girlfriend. I don't remember what I did but I'm pretty sure I told her before I did it. I really didn't want to end up getting expelled for """hacking""" so I didn't do anything remotely bad. The irony is the assignment wouldn't have worked and been as interesting if my campus had the proper security measures to block the messages.
It could be that the web client for our email mentioned something about the sender being unverified and not to trust it but I don't remember.
I remember realizing this and thinking it was weird too when I was reading about SMTP. Specifically, the MAIL FROM command.
Also related.
Spoofing email is hilariously easy. GPG signing really needs to be made easier
I almost got kicked out of school for this! I sent an email to my girlfriend from some girl that we didn't like, saying something like "you're a huge bitch, haha just kidding this is actually jballs not the chick we don't like."
Problem is that I wrote my girlfriend's email address wrong, so it bounced back to the sender (the girl we didn't like).
So I had to explain to a university dean exactly what I did and how I didn't actually "hack into" the girl's email account. That was fun.
I sent my gmail address an email from obama@whitehouse.gov and it worked.
Most orgs have an internal SMTP server that will accept and send mail to other internal addresses without any special authentication or validation. It's almost essential for automatic monitoring software and that sort of thing.
Where the barriers go up is at the border to the Internet. And thank goodness, just a couple decades ago it was sheer chaos.
I was on the school network, so maybe they accept ones from within and reject ones from outside.
They probably tried to get back to you but used an internal we form that filled the from header with their email address. 💀
When I was in schoola classmate set up an instance that is designed for hacking. But another classmate took it in another direction. Instead of following the clues to the answer (it's a game) they instead hacked the instance and created a folder bomb but named the folders with the Mongolian space separator character. So removing them because a task. No body got upset because well... Hacking can be fun!
Second: hacking is the term used when you break into something to make it better.
Cracking is the term used when you break into things for malicious intent
GPG let's you choose a email too. I always use fucktrump@whitehouse.gov as my email when generating GPG keys for dark net markets