 social engineering
We use ZCS Network Pro. We received a security notice last night from Zimbra advising us to install a patch. I verified the md5 checksum provided in the e-mail. However, the link to the update was directed to the server "loopfuse.net". After inspecting the headers, I saw the e-mail came from this domain as well. Only after looking further in the message source did I notice that the text version of the same e-mail actually provides direct links to the same patch hosted on "zimbra.com".
If zimbra expects administrators to replace important system files linked to through a third party in an e-mail, doesn't that leave them vulnerable to social engineering? If I had a copy of that same file except one that creates vulnerabilities instead of fixing them, I can send a similar e-mail to zimbra admins using a domain which sounds like it could be a marketing partner, tricking them into making their system wide open for attack. |