Security Predictions of 2004 326
scubacuda writes "Computer World's security predictions for 2004: R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n evading spam filters, Internet access filtering, better desktop management, enterprise personal firewall deployment, tools that securely scrub metadata, corporate policies against USB flash drives, Wi-Fi break-ins, Bluetooth abuses, cell phone hacking, centralized control over IM, public utility breakin publicized, government defense against cybercriminals, organized cybercrime, and a shorter time to exploitation."
Nearly impossible? (Score:4, Insightful)
Can't the spam filters just remove it all? They don't really need the punctuation to check for Viagra advertisements anyway.
Spam Spam Defeatable Spam (Score:5, Insightful)
It doesn't take very much CPU to s/\W//g
Yeah! Block all email containing only graphics!
Base64 isn't hard to decode... or to just bin.
I've never seen an email with an IP address based URI that wasn't spam. Trash em
Not this user, or this user's spam filter [mirror.ac.uk]. Spams using these techniques get the highest spam scores and when 5 is worthy of trashing, 35 is worthy of laughing at (at least until I get so much spam I'll put it in /dev/null rather then ~/mail/spam)
Re:Nearly impossible? (Score:3, Insightful)
If the spelling and grammar of the email were to be checked and weighted as part of the filtering process you'd get around a lot of the deliberate misspelling of words.
Re:Don't put your email address online (Score:5, Insightful)
That's like saying "Don't go out after 9pm or you deserve to get beaten/raped".
Sorry, but my instincts are to fight the spamming bastards rather than give in to them.
Re:Desktop management (Score:3, Insightful)
This is understandable. There is a lot to read.
But in the end it will be possible to protect the systems against the user (somewhat) and still be able to manage them, even defragment.
So keep on studying!
Re:Don't put your email address online (Score:5, Insightful)
It comes down to a choice:
I don't want to put barriers in people's ways when they wish to contact me (OK, sometimes I do - 'No I will not fix your computer! I don't even know you!' - but generally I don't). Making people use a JavaScript enabled web browser AND answer a question is a barrier, and I don't want it.
Re:Nearly impossible? (Score:5, Insightful)
What seems slightly more workable is to ignore punctuation in the subject when checking for 'spam' words. This would fit more in line with the extremely naive filtering available to Outlook users.
Going simply by punctuation density could cause a lot of false positives based on acronyms and ellipses.
Re:Nearly impossible? (Score:4, Insightful)
It doesn't matter to the spammers if the user's filter can be trivially modified to filter out the spam. If they can get past the currently used filters, that's enough. If they keep doing this constantly, it will mean that users will have to constantly upgrade their spam filters. Many people will get tired after a while and just give up :(
Another article that needed modding down (Score:1, Insightful)
Second, whenever a new technology comes out, its developers generally do a poor job of designing security into it
That was true 5 years ago, but in general it's crap today. Most security problems are in re-implementations by Microsoft of old technology.
Browse through the RFCs issued in the last 5 years, which is where new Internet technology generally appears, and you'll find a generally excellent level of security design.
Corporate IM (Score:4, Insightful)
I expect the new IM worms to be the next major disaster to these tech companies, just like Slammer was for their unmanaged MS SQL installations.
It surprised me that noone listened to my suggestions on setting up an internal server. OK, not every luser knows IRC, but surely there are many IMs that can be set up to use an internal server and block everything else at the firewall. We tried the Lotus Notes clone of AOLs AIM and it sucked (as everything Notes), apart from using encrypted line data.
I remember trying to get hold of a senior developer I was working with using plain old talk in a terminal and he didn't know it... He got the notification in his shell and called me instead. Sort of explains the renaissance of these dummy IM clients.
Re:Nearly impossible? (Score:5, Insightful)
If you are stating that Outlook client pass/fail filters are bad because (among other flaws) they need constant updating, then you are preaching to the choir. Until Exchange gets a good scoring filter, it makes sense to at least improve the flawed tools that are available to most corporate users.
Re:Spam Spam Defeatable Spam (Score:5, Insightful)
tr/\W//d is faster if that's perl
Re:defeating random punctuation (Score:3, Insightful)
Short, broken, or oddly punctuated sentences, such as this, may wrongly trip the rule.
There are 1,000,000s of examples, of which this is 1.
Still, it's ugly English, so should perhaps be condemned as such and consigned to the spam-bin anyway.
More serious is how to define a sentence - if it's a phrase terminated with a period, then random punctuation is likely to generate many short sentences, and a sufficiently dedicated spammer ought to be able to bias the 'random' punctuation to defeat a conservatively set rule.
I'm not sure that anything can be done 'quite easily' in Perl...
Re:Forget the flash drives... think USB HARD DRIVE (Score:5, Insightful)
Re:On random punctuation (Score:2, Insightful)
What if some tries things like 'fcuk' or the like? Does it work also? Think of that english research done lately where it says it doesn't make much difference in which order the letters are, as long as the beginning and ending letter are correct. More about that here [cam.ac.uk].
Re:Spam Spam Defeatable Spam (Score:4, Insightful)
To a Bayesian filter such "cleverness" is even more damning than just stating plain-out what you want to say.
Probably my legitimate mail *seldom* talks about "viagra" or "refinancing", but the rarity of those words in my mail is nothing agains the unlikeliness that I'd write "v1@gr@" or "r3f|n@nc|ng".
In other words, such clever tricks migth work. Once.
Re:Nearly impossible? (Score:3, Insightful)
Ewan
Security headlines we need (Score:3, Insightful)
Three major spammers began their sentences today at the U.S. Federal Penitentiary at Allenwood, Pennsylvania. Their Romania-based operation had created several well-known viruses to assist in sending spam by breaking into the computers of others. Each was initially charged with 12,346,000 violations of the Computer Fraud and Abuse Act. The leader was also charged with operating an ongoing criminal enterprise. FBI and Homeland Security investigators located the spammers, and the U.S. Department of State arranged for their extradition to the US for trial. All pled guilty to reduced charges after being convinced that they could be put away for life. The leader will serve 25 years, and his assistants will serve 15 years each.
Over the last several years, NSA has quietly been enhancing NSA Secure Linux, and has now released a secure Linux distribution for general use by U.S. Government sites. In this system, information coming in from the Internet is automatically held at a low level of trust, and cannot corrupt other information on the machine. A compatible secure browser, mail server, web server, and DNS server are provided. Free, open source copies of this code are available.
New York State Attorney General Elliot Spitzer announces a $12.6 billion verdict against Microsoft in the "Blaster VIII" case. The court held that Microsoft violated New York's "reckless endangerment" law by distributing web browsers which automatically opened content that might contain viruses, resulting in the distribution of the "Blaster VIII" worm to over 200 million computers worldwide.
Dell today announced the recall of 1.2 million computers for a security flaw. Fear of a liability lawsuit prompted the move.
Re:Nearly impossible? (Score:3, Insightful)
I think that's about the only way my company would ever start spam-filtering in earnest: If Microsoft created an "official" (probably easily circumvented) server-side spam filter. It might still be a fight, even then.
Our "uber"-engineers and PHBs fear these server-side tools... They're afraid we'll get a false positive on the CEO's mailbox that will end up with the company losing money--and all of us losing our jobs. And maybe that could conceivably happen... But the sky could fall tomorrow, too. (This is also a good argument for a TEST ENVIRONMENT, a suggestion of mine that gets laughed down every time I bring it up.)
Of course, I keep trying to explain to them that very few legitimate customers use the phrase "increase you girth!" in legit business e-mails... But to no avail. As a result, EVERYBODY gets spam-bombed... You see, we finance student loans... And many people grow to loathe the organization that services their loans. We're the ones who send the bills. When they don't get paid, we're the ones who call to ask "Where's the money, doofus?" So you can imagine that our "Customer Service" e-mail addys have been added to every porno/spambag list there is.
Re:Spam IS a security issue (Score:4, Insightful)
Re:Forget the flash drives... think USB HARD DRIVE (Score:1, Insightful)
You should hire yourself out as a "Security Consultant" and get some $$$.
Re:Nearly impossible? (Score:3, Insightful)
- count runs of punctuation as tokens
- run a normal pass, then
- de-html-tag the text
- map "w,.o..r!#d_=s" into "words" (de-punctuate)
- run a second pass
- use individual words *and* pairs of adjacent words in the statistics database
Then we'll get even better filtering, and foil about 90% of the current techniques.Of course, then the spammers will start poking around for new techniques... But these are really easy to fix.