Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Predictions of 2004

Posted by michael on from the looking-forward dept.

scubacuda writes "Computer World's security predictions for 2004: R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n evading spam filters, Internet access filtering, better desktop management, enterprise personal firewall deployment, tools that securely scrub metadata, corporate policies against USB flash drives, Wi-Fi break-ins, Bluetooth abuses, cell phone hacking, centralized control over IM, public utility breakin publicized, government defense against cybercriminals, organized cybercrime, and a shorter time to exploitation."

15 of 326 comments (clear)

  1. Random Punctuation in spam by 91degrees · · Score: 5, Interesting

    This is a good thing. It makes it harder for the victims to read, and gives a lot of anomolies that any modern statistical filter will find extremely useful.

  2. Spam Spam Defeatable Spam by dorward · · Score: 5, Insightful
    Spam operators are getting more creative in their efforts to get around spam filters. R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n makes it nearly impossible to block spam messages by filtering keywords.

    It doesn't take very much CPU to s/\W//g

    Operators are changing to graphics interchange format images with no searchable text.

    Yeah! Block all email containing only graphics!

    Some spammers send in encoded formats, like Base64, to circumvent keyword filters altogether,

    Base64 isn't hard to decode... or to just bin.

    and relay through IP addresses that have no Domain Name System domains associated with them.

    I've never seen an email with an IP address based URI that wasn't spam. Trash em

    These recent developments are challenging spam-filter vendors and frustrating users.

    Not this user, or this user's spam filter. Spams using these techniques get the highest spam scores and when 5 is worthy of trashing, 35 is worthy of laughing at (at least until I get so much spam I'll put it in /dev/null rather then ~/mail/spam)

    1. Re:Spam Spam Defeatable Spam by Jugalator · · Score: 5, Informative

      According to SpamAssassin's default scores, these are all adding up to the spam score that apply to the examples above to "challenge spam filters":

      - Message text disguised using base64 encoding
      - Uses a numeric IP address in URL
      - Uses a dotted-decimal IP address in URL
      - HTML has over 9 kilopixels of images
      - HTML: images with 0-200 bytes of words
      - HTML has a low ratio of text to image area
      - The score from a bayesian filter, which would probably quickly increase for messages with tons of punctuation and still leave legit mail since you normally don't use tons of punctuation.

      Spam operators might get more creative, but I still think spam removal tools are several steps ahead.

      --
      Beware: In C++, your friends can see your privates!
    2. Re:Spam Spam Defeatable Spam by ---- · · Score: 5, Informative

      I run spamassassin too.

      I get 30-120 spam a day. (old account).

      Checking with my spamassassin filter, I see that it's bayesian filter is happy with 1,868,996 pieces of spam, and 386 pieces of ham (the good stuff, stuff I want to keep).

      I get maybe 1 spam thru to my normal inbox a month. Which I happily feed to the sa-learn tool (spamassassin's bayesian learning tool).

      I don't need any wacky products installed in my email client (which I change often).
      I access my email via imap over ssl.
      I use mozilla mail mostly, but have used mutt, outlook, pine, outlook express, kmail, and a large amount of others (that I've forgotten about now), all with spamassassin running happily on the mail server churning thru all incoming email.

      our mail server handles 4000-10,000 pieces of email a day for all our accounts, and spamassassin barely registers as a 'blip' on our cpu usage radar.

      It's really sweet.

      Oh yeah, I've had only 1 false positive, and it was due to a wise-ass friend that decided to send a piece of conversational email disguised as spam from a new email address. /* ---- */

  3. Re:Don't put your email address online by wiggys · · Score: 5, Insightful

    >Don't put your email address online, period

    That's like saying "Don't go out after 9pm or you deserve to get beaten/raped".

    Sorry, but my instincts are to fight the spamming bastards rather than give in to them.

    --

    Sorry, but my karma just ran over your dogma.

  4. What I encountered yesterday by quigonn · · Score: 5, Interesting

    Spammers actually seem to try defeating bayesian spam filters by "training" them with random words:

    From: Noah Poe
    Date: Sun, 04 Jan 2004 15:58:49 -0600
    To: a.konrad@aon.at
    Subject: canberra happen

    aides bone emmanuel rumania persistent josephine pencil majesty bottom
    anarch molecular cafe hepburn done ellipsoid monoceros chokeberry pungent decontrolled
    orphanage keel cessna lippincott drugstore onion inclement empire

    This is just sick.

    --
    A monkey is doing the real work for me.
  5. Dumb question - spell check the incoming mail? by MachDelta · · Score: 5, Interesting

    Ok, this is probably a dumb question, but why the hell doesn't anyone make a spell checking spam filter? Just set it to junk any incoming email with more than x% spelling mistakes, and voila! All y,o.ur.,. r,a.,n.d,.om.,,. p,.u,.nc,.tu,at,i.on and |33t 5p34k is fucked. Combine it with a regular spam filter, and you're set!
    It'd also have the added bonus of keeping idiots who can't spell worth crap out of your inbox. And since it would work off a dictionary (preferably the same one as your outgoing spell checker, if equipped), you could always add whatever names, phrases, and abbreviations you wanted, while still keeping the "0MG L1EK MAK UR P3N0R 9 INCHZ LONGR!!" crap out of your inbox.
    Surely we have the ability to create something like this. So where is it?

  6. On random punctuation by Richard+W.M.+Jones · · Score: 5, Interesting
    At my last job I wrote a chat server which was used by school age children.

    One of the requirements (coming from "concerned parents", of course) was to filter out swearing in the chat rooms. So if someone typed in, say, "you're a shit", what would actually appear for everyone else would be "you're a $!%^" or something similar.

    Eventually, of course, we got into an arms race with the kids, who would write "sh1t", "s.h.i.t", "sh*t" and so on.

    However, I came up with a program which generated a regexp which matched pretty much all the variations, and - to date - none of the kids have worked out a way around it.

    This is how it worked.

    (Actually, I can send anyone the original regexp generator code if they're interested - just mail me).

    The basic concept was to use a table of "equivalences", for, eg. "a" => [ "@", "4", "A", ....], "f" => [ "ph", .... ]

    For each swear word we generate a regexp with (r1|r2|r3|...) for each letter in the bad word, where r1, r2, r3, ... are the list of equivalences for that letter.

    That produces a list of swear word - matching regexps which we then combined into a super mega regexp which would match any of the 50 or so banned words.

    One interesting thing is that you can end up with a regexp which is too big for GNU regexp to handle ... But there are ways to get round that and you can code it up as a flex parser too which doesn't have any limits as far as I can tell.

    The actual code is slightly more complex and does a few more things than above (eg. it works for "s.h.1.t" too, or even "s---h--1----------t". And it has a concept of "obliterator characters", so "sh*t" can be banned also.

    If anyone's interested I can send the code.

    Rich.

    --
    libguestfs - tools for accessing and modifying virtual machine disk images
    1. Re:On random punctuation by miu · · Score: 5, Funny

      faux queue man!

      --

      [Set Cain on fire and steal his lute.]
  7. Re:Nearly impossible? by miu · · Score: 5, Insightful
    Why not filter out spam by anything with > 3 periods, and/or commas?

    What seems slightly more workable is to ignore punctuation in the subject when checking for 'spam' words. This would fit more in line with the extremely naive filtering available to Outlook users.

    Going simply by punctuation density could cause a lot of false positives based on acronyms and ellipses.

    --

    [Set Cain on fire and steal his lute.]
  8. Don't use your email online by kop · · Score: 5, Funny

    Stop spam at the source, stupid!

    Don't use your email address, period. Other solutions like filters only address part of the problem, I wrote a little Javascript Turing email blocker , which prevents you using email!
    No more email means no more spam, spam harvesters use viruses that collect email adresses from the computers of people that know you.
    People that don't know how to use bcc spread your adress all over the net. So dont give out your email adress at all. Just send lonely test messages to yourself. mmm, a dictionary attack could still find you..... Stop checking your email!!!
    Problem solved.

    An ounce of prevention...

  9. bayesian filters aren't fooled so easily by _Shorty-dammit · · Score: 5, Informative

    there are more parts to an email than just the subject line or the message body that still give away emails as spam. So even if random punctuation circumvents the spotting of something as specific as "viagra" by changing it to "v..1.,a,g.r,,a" or something similar it doesn't matter much. There are so many other hints that it's basically meaningless to do this, they still get caught because of those other clues. I'm still amazed at how well my bayesian filter of choice, popfile http://sourceforge.net/projects/popfile does with all my email needs. Filtering out spam, sorting out other emails into work, family, and a handful of other 'buckets' to get everything going where I'd like it to go. Spammers are indeed trying out different ideas all the time, but next to nothing ever gets through. And when something does manage to slip by on a rare occasion, well, you just made popfile that much better at catching the rest of the crap anyways. shrug. Been a long time (since I found popfile) since spam was even the slightest concern to me. There are quite a few different bayesian-based filtering methods out there, definitely a good idea to check at least one of them out. Popfile's a good choice, especially if you'd like to sort things besides spam too.

  10. Re:Nearly impossible? by miu · · Score: 5, Insightful
    If you need to keep changing your filter, the spammers have already won.

    If you are stating that Outlook client pass/fail filters are bad because (among other flaws) they need constant updating, then you are preaching to the choir. Until Exchange gets a good scoring filter, it makes sense to at least improve the flawed tools that are available to most corporate users.

    --

    [Set Cain on fire and steal his lute.]
  11. Re:Forget the flash drives... think USB HARD DRIVE by scottj · · Score: 5, Insightful
    Come to think of it, there's nothing to stop somebody with one of these Hard drives
    Come to think of it, this is nothing that I could not have done several years ago with my 20GB laptop. These USB drives are not a new threat in an environment where mobile computing is prominent. Not ALL of us use desktops. In fact, I don't have a single coworker who uses a desktop computer these days.
    --
    .-.--
  12. Re: defeating random punctuation by Black+Parrot · · Score: 5, Funny


    > My boss (hardcore BSD hacker and anti-spam activist) added a simple rule to our spam filters: more than 5 consonants in a row in the From: field and it's tagged as spam.

    Hope he's not expecting any important messages from anyone born in Eastern Europe...

    --
    Sheesh, evil *and* a jerk. -- Jade