www.outlook.com 會被用來發動中間人攻擊

話說,微軟開發了新的網路信箱服務,用來取代hotmail服務,這幾天才開發,看到新聞說已有百萬人使用了。

剛好我有msn的passport,所以我就用來登入傳說中的www.outlook.com,看看是怎麼一回事。

我明明用的就是yahoo.com.tw的信箱登入的,竟然不用轉換,直接就可以發信。

發了信之後,還是帶[email protected]的信箱出去,如果收件人要回信,就會回到[email protected]的信箱去了,而不是到原來的outlook.com所發出的信箱。

這樣是怎麼回事?

對一般人來說,就是寄的信和收的信不同一起,發信用outlook.com發信,而收信是到yahoo.com.tw的信箱服務去收信,老實說真的是怪到1個不行。

所以,如果原本就有Passport帳號的,可以發起中間人攻擊,一般新申請的帳戶,就會是[email protected]的信箱,寄信和回信就不會有問題。

早知應該多申請一些msn passport帳號,用來防入肉用。

看看下原的原始檔吧!我從outlook.com寄信到我的gmail,實在一個無言。

===原始碼開始===
Delivered-To: [email protected]
Received: by 10.223.156.131 with SMTP id x3csp306764faw;
Thu, 2 Aug 2012 19:16:17 -0700 (PDT)
Received: by 10.224.202.136 with SMTP id fe8mr101550qab.17.1343960176651;
Thu, 02 Aug 2012 19:16:16 -0700 (PDT)
Return-Path: <[email protected]>
Received: from blu0-omc3-s27.blu0.hotmail.com (blu0-omc3-s27.blu0.hotmail.com. [65.55.116.102])
by mx.google.com with ESMTP id hq5si6463741qab.45.2012.08.02.19.16.16;
Thu, 02 Aug 2012 19:16:16 -0700 (PDT)
Received-SPF: neutral (google.com: 65.55.116.102 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=65.55.116.102;
Authentication-Results: mx.google.com; spf=neutral (google.com: 65.55.116.102 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from BLU002-W193 ([65.55.116.72]) by blu0-omc3-s27.blu0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);
Thu, 2 Aug 2012 19:16:16 -0700
Message-ID: <[email protected]>
Return-Path: [email protected]
Content-Type: multipart/alternative;
boundary=”_d6f23841-bf73-460b-963c-9a3e63c74d62_”
X-Originating-IP: [60.251.188.124]
From: someone <[email protected]>
Sender: <[email protected]>
To: “[email protected]” <[email protected]>
Subject:
Date: Fri, 3 Aug 2012 02:16:16 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 03 Aug 2012 02:16:16.0461 (UTC) FILETIME=[F658AFD0:01CD711D]

–_d6f23841-bf73-460b-963c-9a3e63c74d62_
Content-Type: text/plain; charset=”big5″
Content-Transfer-Encoding: base64

bWFpbCB0ZXN0aW5nIGZvciBvdXRsb29rLmNvbQ0KIAkJIAkgICAJCSAg

–_d6f23841-bf73-460b-963c-9a3e63c74d62_
Content-Type: text/html; charset=”big5″
Content-Transfer-Encoding: base64

PGh0bWw+DQo8aGVhZD4NCjxzdHlsZT48IS0tDQouaG1tZXNzYWdlIFANCnsNCm1hcmdpbjowcHg7
DQpwYWRkaW5nOjBweA0KfQ0KYm9keS5obW1lc3NhZ2UNCnsNCmZvbnQtc2l6ZTogMTJwdDsNCmZv
bnQtZmFtaWx5OkNhbGlicmkNCn0NCi0tPjwvc3R5bGU+PC9oZWFkPg0KPGJvZHkgY2xhc3M9J2ht
bWVzc2FnZSc+PGRpdiBkaXI9J2x0cic+bWFpbCB0ZXN0aW5nIGZvciBvdXRsb29rLmNvbTxicj4g
CQkgCSAgIAkJICA8L2Rpdj48L2JvZHk+DQo8L2h0bWw+

–_d6f23841-bf73-460b-963c-9a3e63c74d62_–

===原始碼結束===

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *