Security Predictions of 2004

scubacuda writes "Computer World's security predictions for 2004: R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n evading spam filters, Internet access filtering, better desktop management, enterprise personal firewall deployment, tools that securely scrub metadata, corporate policies against USB flash drives, Wi-Fi break-ins, Bluetooth abuses, cell phone hacking, centralized control over IM, public utility breakin publicized, government defense against cybercriminals, organized cybercrime, and a shorter time to exploitation."

bayesian filters aren't fooled so easily

[_Shorty-dammit]

there are more parts to an email than just the subject line or the message body that still give away emails as spam. So even if random punctuation circumvents the spotting of something as specific as "viagra" by changing it to "v..1.,a,g.r,,a" or something similar it doesn't matter much. There are so many other hints that it's basically meaningless to do this, they still get caught because of those other clues. I'm still amazed at how well my bayesian filter of choice, popfile http://sourceforge.net/projects/popfile does with all my email needs. Filtering out spam, sorting out other emails into work, family, and a handful of other 'buckets' to get everything going where I'd like it to go. Spammers are indeed trying out different ideas all the time, but next to nothing ever gets through. And when something does manage to slip by on a rare occasion, well, you just made popfile that much better at catching the rest of the crap anyways. shrug. Been a long time (since I found popfile) since spam was even the slightest concern to me. There are quite a few different bayesian-based filtering methods out there, definitely a good idea to check at least one of them out. Popfile's a good choice, especially if you'd like to sort things besides spam too.

Anti-Obfuscation script

[cnb]

Anti SPAM tools already include anti-obfuscation support. Here's one of many scripts for spamassassin.

- cnb

Re:Spam Spam Defeatable Spam

[Jugalator]

According to SpamAssassin's default scores, these are all adding up to the spam score that apply to the examples above to "challenge spam filters":

- Message text disguised using base64 encoding
- Uses a numeric IP address in URL
- Uses a dotted-decimal IP address in URL
- HTML has over 9 kilopixels of images
- HTML: images with 0-200 bytes of words
- HTML has a low ratio of text to image area
- The score from a bayesian filter, which would probably quickly increase for messages with tons of punctuation and still leave legit mail since you normally don't use tons of punctuation.

Spam operators might get more creative, but I still think spam removal tools are several steps ahead.

Re:Spam Spam Defeatable Spam

[----]

I run spamassassin too.

I get 30-120 spam a day. (old account).

Checking with my spamassassin filter, I see that it's bayesian filter is happy with 1,868,996 pieces of spam, and 386 pieces of ham (the good stuff, stuff I want to keep).

I get maybe 1 spam thru to my normal inbox a month. Which I happily feed to the sa-learn tool (spamassassin's bayesian learning tool).

I don't need any wacky products installed in my email client (which I change often).
I access my email via imap over ssl.
I use mozilla mail mostly, but have used mutt, outlook, pine, outlook express, kmail, and a large amount of others (that I've forgotten about now), all with spamassassin running happily on the mail server churning thru all incoming email.

our mail server handles 4000-10,000 pieces of email a day for all our accounts, and spamassassin barely registers as a 'blip' on our cpu usage radar.

It's really sweet.

Oh yeah, I've had only 1 false positive, and it was due to a wise-ass friend that decided to send a piece of conversational email disguised as spam from a new email address. /* ---- */