Security Predictions of 2004

scubacuda writes "Computer World's security predictions for 2004: R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n evading spam filters, Internet access filtering, better desktop management, enterprise personal firewall deployment, tools that securely scrub metadata, corporate policies against USB flash drives, Wi-Fi break-ins, Bluetooth abuses, cell phone hacking, centralized control over IM, public utility breakin publicized, government defense against cybercriminals, organized cybercrime, and a shorter time to exploitation."

Nearly impossible?

[n0nsensical]

R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n makes it nearly impossible to block spam messages by filtering keywords.

Can't the spam filters just remove it all? They don't really need the punctuation to check for Viagra advertisements anyway.

Re:Nearly impossible?

[Stinky+Glen20]

I agree - We chatted about something similar in our office the other day.

If the spelling and grammar of the email were to be checked and weighted as part of the filtering process you'd get around a lot of the deliberate misspelling of words.

Re:Nearly impossible?

[miu]

Why not filter out spam by anything with > 3 periods, and/or commas?

What seems slightly more workable is to ignore punctuation in the subject when checking for 'spam' words. This would fit more in line with the extremely naive filtering available to Outlook users.

Going simply by punctuation density could cause a lot of false positives based on acronyms and ellipses.

Re:Nearly impossible?

[arvindn]

If you need to keep changing your filter, the spammers have already won.

It doesn't matter to the spammers if the user's filter can be trivially modified to filter out the spam. If they can get past the currently used filters, that's enough. If they keep doing this constantly, it will mean that users will have to constantly upgrade their spam filters. Many people will get tired after a while and just give up :(

Re:Nearly impossible?

[miu]

If you need to keep changing your filter, the spammers have already won.

If you are stating that Outlook client pass/fail filters are bad because (among other flaws) they need constant updating, then you are preaching to the choir. Until Exchange gets a good scoring filter, it makes sense to at least improve the flawed tools that are available to most corporate users.

Spam Spam Defeatable Spam

[dorward]

Spam operators are getting more creative in their efforts to get around spam filters. R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n makes it nearly impossible to block spam messages by filtering keywords.

It doesn't take very much CPU to s/\W//g

Operators are changing to graphics interchange format images with no searchable text.

Yeah! Block all email containing only graphics!

Some spammers send in encoded formats, like Base64, to circumvent keyword filters altogether,

Base64 isn't hard to decode... or to just bin.

and relay through IP addresses that have no Domain Name System domains associated with them.

I've never seen an email with an IP address based URI that wasn't spam. Trash em

These recent developments are challenging spam-filter vendors and frustrating users.

Not this user, or this user's spam filter. Spams using these techniques get the highest spam scores and when 5 is worthy of trashing, 35 is worthy of laughing at (at least until I get so much spam I'll put it in /dev/null rather then ~/mail/spam)

Re:Spam Spam Defeatable Spam

[the+uNF+cola]

It doesn't take very much CPU to s/\W//g

tr/\W//d is faster if that's perl :)

Re:Spam Spam Defeatable Spam

[Eivind]

But that's not needed.

To a Bayesian filter such "cleverness" is even more damning than just stating plain-out what you want to say.

Probably my legitimate mail *seldom* talks about "viagra" or "refinancing", but the rarity of those words in my mail is nothing agains the unlikeliness that I'd write "v1@gr@" or "r3f|n@nc|ng".

In other words, such clever tricks migth work. Once.

Re:Don't put your email address online

[wiggys]

>Don't put your email address online, period

That's like saying "Don't go out after 9pm or you deserve to get beaten/raped".

Sorry, but my instincts are to fight the spamming bastards rather than give in to them.

Re:Don't put your email address online

[dorward]

Don't put your email address online, period. Other solutions like filters only address part of the problem, because you still have to pay for the bandwidth and there's the problem of false positives. I wrote a little Javascript Turing email obfuscator, which prevents renders your email address invisible to bots, even those that can execute javascript.

It comes down to a choice:

• Get less spam
• Make it harder for people to contact you

I don't want to put barriers in people's ways when they wish to contact me (OK, sometimes I do - 'No I will not fix your computer! I don't even know you!' - but generally I don't). Making people use a JavaScript enabled web browser AND answer a question is a barrier, and I don't want it.

Corporate IM

[ksp]

I used to work in a global virtual team for a software company and I was (once again) shocked at the ignorance of the MIS department. A lot of people just decided to use MSN Messenger and so it suddenly became our standard communication program, so far it was even written into work procedures.

I expect the new IM worms to be the next major disaster to these tech companies, just like Slammer was for their unmanaged MS SQL installations.

It surprised me that noone listened to my suggestions on setting up an internal server. OK, not every luser knows IRC, but surely there are many IMs that can be set up to use an internal server and block everything else at the firewall. We tried the Lotus Notes clone of AOLs AIM and it sucked (as everything Notes), apart from using encrypted line data.

I remember trying to get hold of a senior developer I was working with using plain old talk in a terminal and he didn't know it... He got the notification in his shell and called me instead. Sort of explains the renaissance of these dummy IM clients.

Re:defeating random punctuation

[BigBadBri]

Unlikely.

Short, broken, or oddly punctuated sentences, such as this, may wrongly trip the rule.

There are 1,000,000s of examples, of which this is 1.

Still, it's ugly English, so should perhaps be condemned as such and consigned to the spam-bin anyway.

More serious is how to define a sentence - if it's a phrase terminated with a period, then random punctuation is likely to generate many short sentences, and a sufficiently dedicated spammer ought to be able to bias the 'random' punctuation to defeat a conservatively set rule.

I'm not sure that anything can be done 'quite easily' in Perl...

Re:Forget the flash drives... think USB HARD DRIVE

[scottj]

Come to think of it, there's nothing to stop somebody with one of these Hard drives

Come to think of it, this is nothing that I could not have done several years ago with my 20GB laptop. These USB drives are not a new threat in an environment where mobile computing is prominent. Not ALL of us use desktops. In fact, I don't have a single coworker who uses a desktop computer these days.

Re:Spam IS a security issue

[Steve+B]

RTFA. Spammers crack their way through the security measures (filters) designed to prevent their unauthorized access to other people's property. The existing computer security laws need to be enforced against this form of cracking.