Jan 2015

Mail security in iOS

Yesterday we wrote about securing your mail client in OS X against automatically displaying remote content. But what about iOS?

Apple included the same feature in their mobile mail clients as well.

Under Settings, "Mail, Contacts, Calendars" and in the "mail" grouping, you will find the toggle for "Load Remote Images". Simply untoggle that switch to prevent the mail client from automatically displaying remote images.

iosmail1

Once this setting has been disabled, you will see the notice below when a message with remote images arrives:

iosmail2

Simply click the "Load All Images" link to view the images.

Work on Minotaur continues

The Minotaur Analysis Framework has been brought back online after around two whole years of downtime. The new code is a complete re-write and has been brought online on its new dedicated home. It is still very much a work-in-progress right now, but you can view the current site at http://minotr.net

The Minotaur Analysis Framework is a system for collecting and analyzing malware, as well as an active environment with tools for researchers to work with. We hope to build it in to a community and a hub of malware research activity.

Mail security in OS X Yosemite

So you are using OS X Yosemite's built-in mail.app and you notice you are getting more spam than usual. Or you've noticed that images are being loaded in all email messages by default, instead of what you've seen with Outlook at work, where corporate policy disables displaying images in emails from unknown sources.

The two scenarios are related. There are very real reasons that policies disable the automatic display of images in incoming email. One-pixel, tiny tracking images are common in spam to alert the sender that the message was received, and that your email address is valid and is being read by a user. This means your email address is actually worth more when resold to other spammers, as there is a high(er) chance the spam will be read.

Any image can be used for this purpose. Images can also be used to exploit rendering bugs, or lend un-due credence to a fake corporate memo in a phishing campaign when the content itself would otherwise be a dead giveaway.

At any rate, you can mitigate this issue be opening your preferences in Mail.app and going to the "Viewing tab and unchecking the "Load remote content in messages" option, as indicated below:

Screen_Shot_2015-01-11_at_9_32_27_PM

Go, do that right now. When an email arrives that uses remote images, you will now see the following bar above the email:

Screen_Shot_2015-01-11_at_9_41_38_PM

Sure, incoming email is a little uglier and it takes one more click, but you've given the spammers one less avenue of success, and one less reason to bother you.