Slashdot Mirror
Security Predictions of 2004
scubacuda writes "Computer World's security predictions for 2004: R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n evading spam filters, Internet access filtering, better desktop management, enterprise personal firewall deployment, tools that securely scrub metadata, corporate policies against USB flash drives, Wi-Fi break-ins, Bluetooth abuses, cell phone hacking, centralized control over IM, public utility breakin publicized, government defense against cybercriminals, organized cybercrime, and a shorter time to exploitation."
This is a good thing. It makes it harder for the victims to read, and gives a lot of anomolies that any modern statistical filter will find extremely useful.
That random punctuation stuff is more difficult to read than 1337speak, and will continue to be: leetspeak, at least, has a fairly broad group of people that -want- to understand it and use it conversationally, and thus its more understood.
:P) sends an adrenaline rush through me. I look forward to dealing with such attacks (either preventatively, directly, or for clients, etc.) - seriously. It's exciting stuff.
At any rate, I doubt such punctuation will be a problem. I've already seen a good deal of it get killed with bayesian filters anyway.
The other things though - very interesting. It's not like we can't predict these things ourselves, though - it's only a mattre of time before they happen, what with the increasingly dense levels of tech in our society.
Being the thrill-seeking geek that I am, the prospect alone of bluetooth hacking (wartoothing?
I can see there being a definate increase in the need for serious, intelligent, and knowledgeable computer security staff; they'll likely start supplanting what's left of IT staff, as well as replacing some of the positions that were dumped in the last several years. After IS? Who knows. Maybe we'll be batteries by then, or maybe fighting the machines.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
It doesn't take very much CPU to s/\W//g
Yeah! Block all email containing only graphics!
Base64 isn't hard to decode... or to just bin.
I've never seen an email with an IP address based URI that wasn't spam. Trash em
Not this user, or this user's spam filter. Spams using these techniques get the highest spam scores and when 5 is worthy of trashing, 35 is worthy of laughing at (at least until I get so much spam I'll put it in /dev/null rather then ~/mail/spam)
Don't put your email address online, period. Other solutions like filters only address part of the problem, because you still have to pay for the bandwidth and there's the problem of false positives. I wrote a little Javascript Turing email obfuscator, which prevents renders your email address invisible to bots, even those that can execute javascript.
An ounce of prevention...
I already get some spam with random puncutation yet PopFile still manages to classify it as spam.
Why? Because it knows which combination of words, used together make it more likely the mails are for me, eg spammers only have my email address, they do not know my name... therefore any emails containing either my first name or surname (or better still, both together, will make PopFile flag the message up as "high probability non-spam mail". Of course it looks for other clues.
Anyway, if spammers do find a way to circumvent my filters (and at the moment I'm filtering spam with 99.62% accuracy) then my filtering software will be updated and will check for stupid punctuation tricks.
Sorry, but my karma just ran over your dogma.
I use a 2.5" 20GB USB hard drive when I move between branch offices for work as it carries all my data and stuff with me. I also use my HD as a kind of FTP directory when I want to install client software across a server network.
Come to think of it, there's nothing to stop somebody with one of these Hard drives from importing and exporting several CDs worth of data on it, and importing all kinds of strange software or even CD-copying software into the workplace to make nice CD ISO images or even whole drive dumps of code that should not be freely distributed.
The USB hard disk is probably way more risky than a flash drive, because 512MB while it can still hold a lot of info, is still expensive and is limited by its size.
READY.
PRINT ""+-0
Spammers actually seem to try defeating bayesian spam filters by "training" them with random words:
From: Noah Poe
Date: Sun, 04 Jan 2004 15:58:49 -0600
To: a.konrad@aon.at
Subject: canberra happen
aides bone emmanuel rumania persistent josephine pencil majesty bottom
anarch molecular cafe hepburn done ellipsoid monoceros chokeberry pungent decontrolled
orphanage keel cessna lippincott drugstore onion inclement empire
This is just sick.
A monkey is doing the real work for me.
Ok, this is probably a dumb question, but why the hell doesn't anyone make a spell checking spam filter? Just set it to junk any incoming email with more than x% spelling mistakes, and voila! All y,o.ur.,. r,a.,n.d,.om.,,. p,.u,.nc,.tu,at,i.on and |33t 5p34k is fucked. Combine it with a regular spam filter, and you're set!
It'd also have the added bonus of keeping idiots who can't spell worth crap out of your inbox. And since it would work off a dictionary (preferably the same one as your outgoing spell checker, if equipped), you could always add whatever names, phrases, and abbreviations you wanted, while still keeping the "0MG L1EK MAK UR P3N0R 9 INCHZ LONGR!!" crap out of your inbox.
Surely we have the ability to create something like this. So where is it?
One of the requirements (coming from "concerned parents", of course) was to filter out swearing in the chat rooms. So if someone typed in, say, "you're a shit", what would actually appear for everyone else would be "you're a $!%^" or something similar.
Eventually, of course, we got into an arms race with the kids, who would write "sh1t", "s.h.i.t", "sh*t" and so on.
However, I came up with a program which generated a regexp which matched pretty much all the variations, and - to date - none of the kids have worked out a way around it.
This is how it worked.
(Actually, I can send anyone the original regexp generator code if they're interested - just mail me).
The basic concept was to use a table of "equivalences", for, eg. "a" => [ "@", "4", "A", ....], "f" => [ "ph", .... ]
For each swear word we generate a regexp with (r1|r2|r3|...) for each letter in the bad word, where r1, r2, r3, ... are the list of
equivalences for that letter.
That produces a list of swear word - matching regexps which we then combined into a super mega regexp which would match any of the 50 or so banned words.
One interesting thing is that you can end up with a regexp which is too big for GNU regexp to handle ... But there are ways to get round
that and you can code it up as a flex parser
too which doesn't have any limits as far as I
can tell.
The actual code is slightly more complex and does a few more things than above (eg. it works for "s.h.1.t" too, or even "s---h--1----------t". And it has a concept of "obliterator characters", so "sh*t" can be banned also.
If anyone's interested I can send the code.
Rich.
libguestfs - tools for accessing and modifying virtual machine disk images
What seems slightly more workable is to ignore punctuation in the subject when checking for 'spam' words. This would fit more in line with the extremely naive filtering available to Outlook users.
Going simply by punctuation density could cause a lot of false positives based on acronyms and ellipses.
[Set Cain on fire and steal his lute.]
Stop spam at the source, stupid!
Don't use your email address, period. Other solutions like filters only address part of the problem, I wrote a little Javascript Turing email blocker , which prevents you using email!
No more email means no more spam, spam harvesters use viruses that collect email adresses from the computers of people that know you.
People that don't know how to use bcc spread your adress all over the net. So dont give out your email adress at all. Just send lonely test messages to yourself. mmm, a dictionary attack could still find you..... Stop checking your email!!!
Problem solved.
An ounce of prevention...
there are more parts to an email than just the subject line or the message body that still give away emails as spam. So even if random punctuation circumvents the spotting of something as specific as "viagra" by changing it to "v..1.,a,g.r,,a" or something similar it doesn't matter much. There are so many other hints that it's basically meaningless to do this, they still get caught because of those other clues. I'm still amazed at how well my bayesian filter of choice, popfile http://sourceforge.net/projects/popfile does with all my email needs. Filtering out spam, sorting out other emails into work, family, and a handful of other 'buckets' to get everything going where I'd like it to go. Spammers are indeed trying out different ideas all the time, but next to nothing ever gets through. And when something does manage to slip by on a rare occasion, well, you just made popfile that much better at catching the rest of the crap anyways. shrug. Been a long time (since I found popfile) since spam was even the slightest concern to me. There are quite a few different bayesian-based filtering methods out there, definitely a good idea to check at least one of them out. Popfile's a good choice, especially if you'd like to sort things besides spam too.
I expect the new IM worms to be the next major disaster to these tech companies, just like Slammer was for their unmanaged MS SQL installations.
It surprised me that noone listened to my suggestions on setting up an internal server. OK, not every luser knows IRC, but surely there are many IMs that can be set up to use an internal server and block everything else at the firewall. We tried the Lotus Notes clone of AOLs AIM and it sucked (as everything Notes), apart from using encrypted line data.
I remember trying to get hold of a senior developer I was working with using plain old talk in a terminal and he didn't know it... He got the notification in his shell and called me instead. Sort of explains the renaissance of these dummy IM clients.
What is the sound of one hand clapping?
cat
If you are stating that Outlook client pass/fail filters are bad because (among other flaws) they need constant updating, then you are preaching to the choir. Until Exchange gets a good scoring filter, it makes sense to at least improve the flawed tools that are available to most corporate users.
[Set Cain on fire and steal his lute.]
My boss (hardcore BSD hacker and anti-spam activist) added a simple rule to our spam filters: more than 5 consonants in a row in the From: field and it's tagged as spam. I'm pretty sure if neccessary he can add a rulle to check how many characters in a sentence are vowels, consonants, digits and punctuation. more than x% of punctuation in a sentence plus y% digits and the filter tags as spam.
I'm not as good as him but I'm sure this can be done quite easily in perl with regexes.
What ? Me, worry ?
And I thought the main selling point of Windows was that it was easy enough that any baboon could install/user/administer it.
It is massively easy to admin a large number of similiar Windows machines.
As a part time thing, for charity, I admin a largish network for a non-profit in New England. Something like ~150 desktop PCs - running Win2k and WinXP and 3 Win2k Servers.
I do it all remotely, in about ~45 minutes or so weekly. When they need a new PC they get it straight from Dell, plug it in, and after a very simple operation (which, granted, required me writing out detailed instructions with pictures and lots of hand-holding), the PC is in the network. After a quick reboot, all the software is configured, printers configured, network access configured, and any of the 175 users can log in and experience the same consistent environment.
Patching machines is virtually painless, virus/trojans/spyware never gets through, e-mail is rock-solid, machines don't crash unless it's a hardware failure (quite common with Dell sadly..), the machines are locked down and unable to be user-f'd, and things are generally smooth.
They used to have a full-time fully-clueless IT guy. He went to a different career, and I took over a few years ago. After a single weekend of re-engineering I can say that the network operates without any trouble. The users are happy, things are reliable, all major maintenance is automated and scripted, and things *just work*.
Honestly, it all depends on the person. I've known networks with really bad UNIX-ish admins where nothing working, machines, crashed non-stop, etc etc. Same with Windows.
Don't mean to be immodest, but really, it just takes someone with a good grasp of IT and some Windows skills. My one power user on-site handles some of the hands-on stuff (unjamming printers, unpacking new PCs, changing backup tapes, etc).
Anyways... in this case, Linux would work except for about ~6 or so critical apps that are Windows-only. Bummer.
.-.--
Anti SPAM tools already include anti-obfuscation support. Here's one of many scripts for spamassassin.
- cnb
I got a random punctuation spam the other day. One line read like this: Guar,anteed 1.00% effecti;ve! Needless to say, my confidence in the product was not very high
I just got one of those "Millions of email addresses on a CD" spams. It includes the fax number required to request them.
Anyone in the 240 and 416 area codes that feels like clogging up someone's fax machine with tubgirl and goatse?
Here's the meat of this junk (I removed several hundred asterisks):
--quote begins--
DON'T YOU WANT TO KNOW!
PURCHASE OUR Email Addresses Directory ONLY
IF YOU WANT TO PURCHASE OUR Email Addresses Directory with
525 MILLION in 5-disk set.
Complete package 5-disk set only $99.00!!
DO NOT REPLY TO THIS EMAIL ADDRESS. TO ORDER, READ BELOW:
Fill out the Form below and fax it back to
1-240-371-0672 OR 416-467-8986