Fake

Melbourne man Paul Sant has been charged with unauthorised broadcasting over to pilots over radio bands restricted to aviation users, causing one plane to abort a landing to Tullamarine Airport.

Sant, 19, is alleged to have placed 16 separate transmissions to pilots at Tullamarine and Avalon airports between 5 September and 3 November.

He faces up to a maximum 20 years jail.

The Rockbank man and one-time employee of airline Virgin Australia has been charged with four counts of endangering the safety of aircraft and one count of interference likely to endanger safety.

Media report Sant's lawyer told the court he has been diagnosed with autism and depression without medication.

Australian Federal Police (AFP) confirmed to Vulture South Sant is not alleged to have "hacked" any aviation system, contrary to reports, but merely used broadcasting equipment to make transmissions to pilots in contravention of aviation security laws.

Aviation transmission kit on eBay

Aviation transmission kit on eBay.

Aviation transmission gear capable of communicating with pilots can be bought online for around AU$ 200.

Enthusiasts regularly tune into the broadcasts which are sent unencrypted meaning no hacking is required to make transmissions.

The AFP’s crime operations head acting assistant commissioner Chris Sheehan says aviation security laws are "robust".

“The current security measures in place for the airline industry are robust, and the traveling public should be reassured we are treating this matter appropriately,” Sheehan says.

“These incidents were thoroughly investigated by the AFP with the technical support of Airservices and the Australian Communications and Media Authority. ®

Sponsored: Customer Identity and Access Management


The Register - Security

A flaw in Office 365 could have been exploited by attackers to send out malicious emails and make them look as if they were coming from a legitimate microsoft.com address.

The issue was discovered by Utku Sen, a Turkey-based security enthusiast known for releasing an open source ransomware called Hidden Tear for educational purposes.

Sen found the issue while testing the spam filters of email services such as Outlook 365, Gmail and Yandex. During his tests, which he conducted using the Social Engineering Email Sender (SEES) tool, the expert noticed that Yandex identified some of his phishing emails as valid and marked them with a green icon after performing a DomainKeys Identified Mail (DKIM) verification.

It turned out that the emails detected as valid came from a spoofed microsoft.com email address and they were forwarded through Outlook 365 to Yandex. Further analysis showed that Gmail also accepted the fake microsoft.com emails forwarded from Outlook as legitimate.

The method only worked with emails coming from a spoofed microsoft.com address. When other domains were used, the fake emails went straight to the spam folder.

Sen was unable to figure out the cause, but Reddit user “ptmb” said the problem was likely that Outlook was signing redirected messages with its own DKIM key.

“That means that instead of having an email with a proof of identity from the original sender, you received an email with a proof of identity from the ‘redirector’,” ptmb explained. “And because Outlook was blindly signing these messages it was redirecting, if the message had a fake from field saying something(at)microsoft.com, then after Outlook blindly redirected it, it’d have a genuine DKIM signature from Microsoft by coincidence, even though the original email wasn’t from Microsoft at all.”

Sen informed both Microsoft and Yandex about his findings in September. Microsoft confirmed the issue and patched it in late October, and listed the researcher on its acknowledgements page. Yandex removed the green validation icon, but it’s unclear if it was due to the expert’s report.

Related Reading: Email Is Forever - and It's Not Private

Related Reading: Cisco Patches 9 Flaws in Email Security Appliance

Related Reading: Hackers Can Hijack Dell Email Security Appliances

view counter

Previous Columns by Eduard Kovacs:

Tags:


SecurityWeek RSS Feed