The Danger of Email Signatures?

[Und3ertak3r]

Hmm your security expert may still be worried about this one.. KAKWORM or the signature Virus..

But using a signature won't make you anymore vulnerable to it or other virii

http://securityresponse.symantec.com...t.kakworm.html

would be interesting to try spurious_inode's idea..

cheers

[disc0rd]

I would say that war dialing would be a far cry from a security threat....Not to say its a non-existant threat, its actually fairly effective, (especially if the dialer catches a PBX of the company). However a signature may give out some info about yourself, but isn't that kind of the point of a signature?

Although Spurios_inode brings up a good point....VBScript can be a malicious way of making your sig quite a nice threat to an unsuspecting user...although on an exchange server (business server for example) you can actually control the use of scripts by blocking anything foreign or any specific tags coming through, catching it before it gets to the user.

In order to quell the threat I would only use a signature when addressing people in a professional environment (a trusted professional environment).

Interesting note....I just tried a little malicious VBScript on an email signature to myself....spurious_inode, very good post...your point is very valid

[Maestr0]

If someone uses the same sig in all their e-mails an attacker could conceivably try to use the sig to create a codebook to decrypt encrypted email. This all depends on how the mail is encrypted and would be extremely difficult if any quality encryption were used, but knowing a plain text equivalent portion of the ciphertext would aid greatly in cracking it.

-Maestr0