Hacking Web Services
siduri writes "Udi Manber, chief scientist at Yahoo!, gave a great talk on the kinds of hacks that Yahoo sees at the IEEE's Symposium on Security and Privacy. I wrote an overview of his talk for Dr. Dobb's Journal. While some of the message is well-known stuff (like that people will spend a lot of time hacking the most trivial things), the details of what Yahoo has to deal with are really pretty interesting."
Interestingly enough, by copy-and-pasting the whole text of this story from Dr. Dobbs to Slashdot, you have unwittingly done one of the more common "hacks" that Udi Manber describes as being dangerous. Information stealing is easy to do, and sometimes doesn't even feel like it's a crime.
Congratulations for illustrating his points so directly.
--Mid
If anonymity disappeared from the web, "a lot of the problems would go away," he said.
That's especially true if you equate users with problems ;-)
But he dismissed legal solutions altogether, saying that measures like anti-spam legislation are completely ineffective. "This has to be solved technically, not legally," he warned. "If we can't solve these problems, we'll see less and less services."
That's a point that is occasionally debated in anti-spam circles. The problem there is that the Internet mail delivery system was designed for the kinds of users we had 25 years ago. Heck, it wasn't until somewhat over 5 years ago that all the MTAs [that mattered] would ship with relaying turned off by default. Looked at from that perspective, it seems like a technical problem... change the delivery system and you make the abuse irrelevant. The problem is, how do you implement such a change? It's not so much a question of designing a new system... I've seen a number of proposals that looked fine. The problem is, how do you get all the mail servers on the net to switch over?
At that point in the debate is where the division usually comes in. Some folks will propose various systems for gradual adoption of new systems (essentially having two delivery systems in place until the new one is widely adopted enough to drop the old), while others pull back at that point. They'll say that spam is a social problem and, as a result, it can't be solved technically. Usually those folks will go on to pursue legislative attempts at a solution. The problem is, the track record of using legislation to solve social problems is nothing to write home about.
If he can come up with a technical solution for Yahoo!, of course, then he is all set. The problem, as he said, was that you only have so much identification information available to you at the server end. That makes it nontrivial to reliably separate the valid users from the rest. The thing is, just how much personal identification information are you comfortable giving to Yahoo! to get a mailbox...?
The solution exists, it's just that the transition to the solution will be painful, so we're desperately trying to avoid it.
The solution is whitelists and "postage".
Put all your friends in a whitelist. Main from them is delivered instantly.
Anyone else who emails you gets an autoreponse, "I don't know you. To ensure that you're a real human being, you'll to need to run the postage program to get the result for the code ABAASDFFEFEF". The program needs to be open source and easily verifyable for security reasons. The program solves some problems that is hard to compute (say 60 seconds), but easy to verify. One example would be a brute for cypher break on a simple cypher. The senders email client can handle this autoreponse automatically, shielding the sender from needing to deal with it (Gee, my computer gets slow for a bit when I email someone new). Spammers, on the other hand, would need to either limit their spamming so they have time to generate valid responses, or would need to invest in expensive hardware to generate the responses fast enough. End result: It's no longer cheap and easy spam.
There are a few other details to make mailing lists feasible, but it's doable.
However, this effort would require everyone to upgrade their mail clients or to use external programs to manage this. Given that extremely slow adaptation of other email security features, I'm not optimistic.[B