Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Security Predictions of 2004

michael posted more than 10 years ago | from the looking-forward dept.

Security 326

scubacuda writes "Computer World's security predictions for 2004: R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n evading spam filters, Internet access filtering, better desktop management, enterprise personal firewall deployment, tools that securely scrub metadata, corporate policies against USB flash drives, Wi-Fi break-ins, Bluetooth abuses, cell phone hacking, centralized control over IM, public utility breakin publicized, government defense against cybercriminals, organized cybercrime, and a shorter time to exploitation."

cancel ×

326 comments

Sorry! There are no comments related to the filter you selected.

fp (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7879527)

DRINK!

to all jews (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7879529)

burn in hell, israel

Re:to all jews (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7879555)

greetings from tel-aviv!

we are worrying!

sorry about 9/11! shortly we level our neighbors and we toast l'chaim to new era of israeli-chinese dominance!

First Post (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7879530)

As lame as this little internet tradition is, I can't believe I caught a /. post with no responses.

I rawk!

Re:First Post (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7879543)

Loser.

Re:First Post (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7879666)

cocksucker

security flaws (0)

Anonymous Coward | more than 10 years ago | (#7879531)

hopefully it is too pessimistic

Nearly impossible? (3, Insightful)

n0nsensical (633430) | more than 10 years ago | (#7879536)

R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n makes it nearly impossible to block spam messages by filtering keywords.

Can't the spam filters just remove it all? They don't really need the punctuation to check for Viagra advertisements anyway.

Re:Nearly impossible? (3, Funny)

jcuervo (715139) | more than 10 years ago | (#7879559)

My filter just checked for excessive punctuation.

\w[();\[\]:]\w

Re:Nearly impossible? (3, Insightful)

Stinky Glen20 (689507) | more than 10 years ago | (#7879566)

I agree - We chatted about something similar in our office the other day.

If the spelling and grammar of the email were to be checked and weighted as part of the filtering process you'd get around a lot of the deliberate misspelling of words.

Re:Nearly impossible? (4, Interesting)

wiggys (621350) | more than 10 years ago | (#7879569)

I already get some spam with random puncutation yet PopFile still manages to classify it as spam.

Why? Because it knows which combination of words, used together make it more likely the mails are for me, eg spammers only have my email address, they do not know my name... therefore any emails containing either my first name or surname (or better still, both together, will make PopFile flag the message up as "high probability non-spam mail". Of course it looks for other clues.

Anyway, if spammers do find a way to circumvent my filters (and at the moment I'm filtering spam with 99.62% accuracy) then my filtering software will be updated and will check for stupid punctuation tricks.

Re:Nearly impossible? (1, Interesting)

Crasoum (618885) | more than 10 years ago | (#7879570)

The thing I had thought is, most people use very little punctuation, if any at all.
Why not filter out spam by anything with > 3 periods, and/or commas?

Quick and simple work around, right?

In the subject line... (1)

Crasoum (618885) | more than 10 years ago | (#7879582)

why not filter for greater then certian number of punctuation marks, and in the body filter for anything greater then average letter to punctuation ratio? Sorry my previous post sounded confusing...

$?!!!@#!Th.,is./ ??is,!@@ sp!*($am!?..,.,;;:

Re:Nearly impossible? (5, Insightful)

miu (626917) | more than 10 years ago | (#7879622)

Why not filter out spam by anything with > 3 periods, and/or commas?

What seems slightly more workable is to ignore punctuation in the subject when checking for 'spam' words. This would fit more in line with the extremely naive filtering available to Outlook users.

Going simply by punctuation density could cause a lot of false positives based on acronyms and ellipses.

Re:Nearly impossible? (3, Insightful)

arvindn (542080) | more than 10 years ago | (#7879665)

If you need to keep changing your filter, the spammers have already won.

It doesn't matter to the spammers if the user's filter can be trivially modified to filter out the spam. If they can get past the currently used filters, that's enough. If they keep doing this constantly, it will mean that users will have to constantly upgrade their spam filters. Many people will get tired after a while and just give up :(

Re:Nearly impossible? (5, Insightful)

miu (626917) | more than 10 years ago | (#7879686)

If you need to keep changing your filter, the spammers have already won.

If you are stating that Outlook client pass/fail filters are bad because (among other flaws) they need constant updating, then you are preaching to the choir. Until Exchange gets a good scoring filter, it makes sense to at least improve the flawed tools that are available to most corporate users.

Re:Nearly impossible? (0)

n3rd (111397) | more than 10 years ago | (#7879677)

They don't really need the punctuation

This brings up a good point, and if you simply filter by the number of punctuation marks you filter the following types of messages:

1: Long stuff. I'm too lazy, err, busy to read all that!! Summarize it for me!

2: People who use a ton of things like ??????????? and !!!!!!!!!!!!. Those people tend to be stupid and I probably don't need to talk to them anyway.

3: Possibly some of they stuff they're talking about in the article. Looking at what's there e-mails containing long directory listings would probably get nuked (periods), or the underscores for numbers of the same file (read: MP3s, source). As for the commas, well, I don't like having to pause a ton when I read but that's just me.

Some would argue those things should not be communicated via e-mail but that's something you all can discuss if you would like.

Re:Nearly impossible? (2, Informative)

stevey (64018) | more than 10 years ago | (#7879741)

My solution to the punctuation and l33t-speak type spams is simply to run the incoming message through a spell checker.

Whilst lots of people make typos and use words not in my dictionary it does become obvious when the spelt-wrong/spelt-correctly ratio is high that it's likely spam.

Re:Nearly impossible? (1)

netsharc (195805) | more than 10 years ago | (#7879783)

I don't get it, won't this chaos make it hard to read the spam, and therefore from the point of view of the spammer, it would be a bad idea to do, because their message won't get through? Only idiots would buy something offered by spam, and if they can't/don't want to spend time to read it, poof, 0% profitability.

At this point the spam would turn from something that's useful for at least one party (the seller/spammer) to something that's just junk floating around on the internet.

Random Punctuation in spam (5, Interesting)

91degrees (207121) | more than 10 years ago | (#7879537)

This is a good thing. It makes it harder for the victims to read, and gives a lot of anomolies that any modern statistical filter will find extremely useful.

And #1 is... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#7879538)

- Windows doesn't get any more secure.

Re:And #1 is... (1)

The Clockwork Troll (655321) | more than 10 years ago | (#7879561)

nor do you, cliff craven

Wow. They must have crystal balls. (3, Funny)

dorward (129628) | more than 10 years ago | (#7879544)

OK... so they predict...

More Of The Same!

Astounding.

Remind you of something [slashdot.org] ?.

Re:Wow. They must have crystal balls. (3, Funny)

arvindn (542080) | more than 10 years ago | (#7879578)


Look at the bright side.

For the first time, slashdot has done a "predictions for 2004" story that doesn't have the word "SCO".

Re:Wow. They must have crystal balls. (1)

cpghost (719344) | more than 10 years ago | (#7879648)

They may have a reverse Chronoscope, as described in Asimov's "The Dead Past."

Re: Wow. They must have crystal balls. (3, Funny)

Black Parrot (19622) | more than 10 years ago | (#7879738)


> OK... so they predict... More Of The Same!

Naturally, 'cause it would take brass balls to predict something different!

Re:Wow. They must have crystal balls. (1)

-Maurice66- (728513) | more than 10 years ago | (#7879789)

I predict there will be a finance scandal involving an IT company... I am not saying which one...

Everyone: dump your stock now!

My prediction. (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#7879548)

Someone, pissed off at Debians policy of making "stable" software, will write a blaster worm that will ONLY affect Debians software versions, and will replace it with a REAL [mandrake.com] Linux distribution. This is not flamebait either, it is an insightful request from someone who hates debian (like 90% of linux users). Most of the linux sites such as gnu.org, mplayerhq.hu, savannah.org and debian.org that got hacked last year ran Debian.

randomness and other things (4, Interesting)

CAIMLAS (41445) | more than 10 years ago | (#7879550)

That random punctuation stuff is more difficult to read than 1337speak, and will continue to be: leetspeak, at least, has a fairly broad group of people that -want- to understand it and use it conversationally, and thus its more understood.

At any rate, I doubt such punctuation will be a problem. I've already seen a good deal of it get killed with bayesian filters anyway.

The other things though - very interesting. It's not like we can't predict these things ourselves, though - it's only a mattre of time before they happen, what with the increasingly dense levels of tech in our society.

Being the thrill-seeking geek that I am, the prospect alone of bluetooth hacking (wartoothing? :P) sends an adrenaline rush through me. I look forward to dealing with such attacks (either preventatively, directly, or for clients, etc.) - seriously. It's exciting stuff.

I can see there being a definate increase in the need for serious, intelligent, and knowledgeable computer security staff; they'll likely start supplanting what's left of IT staff, as well as replacing some of the positions that were dumped in the last several years. After IS? Who knows. Maybe we'll be batteries by then, or maybe fighting the machines.

Spam Spam Defeatable Spam (5, Insightful)

dorward (129628) | more than 10 years ago | (#7879558)

Spam operators are getting more creative in their efforts to get around spam filters. R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n makes it nearly impossible to block spam messages by filtering keywords.

It doesn't take very much CPU to s/\W//g

Operators are changing to graphics interchange format images with no searchable text.

Yeah! Block all email containing only graphics!

Some spammers send in encoded formats, like Base64, to circumvent keyword filters altogether,

Base64 isn't hard to decode... or to just bin.

and relay through IP addresses that have no Domain Name System domains associated with them.

I've never seen an email with an IP address based URI that wasn't spam. Trash em

These recent developments are challenging spam-filter vendors and frustrating users.

Not this user, or this user's spam filter [mirror.ac.uk] . Spams using these techniques get the highest spam scores and when 5 is worthy of trashing, 35 is worthy of laughing at (at least until I get so much spam I'll put it in /dev/null rather then ~/mail/spam)

Re:Spam Spam Defeatable Spam (1)

fruey (563914) | more than 10 years ago | (#7879664)

It doesn't take very much CPU to s/\W//g

Yes, but it takes rather more to convert | to i, @ to a, and all the other possible replacements. It's not impossible, but removing punctuation is only part of the battle.

Your whole post makes it sound like it's easy. If it were easy, we would stop a lot more spam. As it happens, it's difficult. Spammers are always going to keep ahead of the curve if they can, and as long as they're making money, they will continue to increase volume and keep on banging server CPU up and up in improved bayesian spam filtering.

Re:Spam Spam Defeatable Spam (3, Interesting)

dorward (129628) | more than 10 years ago | (#7879692)

Your whole post makes it sound like it's easy. If it were easy, we would stop a lot more spam.

In my experience, it is. I can't remember the last time I got a false positive or negative, and I haven't even bothered training the bayesian filter.

Maybe I just get targetted by clueless spammers, but spam is not a major problem for me.

Spammers are always going to keep ahead of the curve if they can, and as long as they're making money, they will continue to increase volume

Spammers make money becuase most people don't run spam filters, and some people are clueless enough to do what the spammer wants.

While the spam might be increasing, I don't see it until I go and look in my spamtrap Maildir, and I don't expect that to change any time soon.

Re:Spam Spam Defeatable Spam (1)

fruey (563914) | more than 10 years ago | (#7879755)

What sort of spam volumes are you getting? I get quite a lot, and I have filters. I just can't afford to go too crazy because running a company mail server means no false positives can be allowed until everyone learns what a separate SPAM inbox is.

Re:Spam Spam Defeatable Spam (1)

dorward (129628) | more than 10 years ago | (#7879774)

What sort of spam volumes are you getting?

A dozen or so a day - and yes, I know this isn't as much as many people, but a little spam a day over time is still a lot of spam, and the filters are working well.

Re:Spam Spam Defeatable Spam (1)

fruey (563914) | more than 10 years ago | (#7879790)

Well I'm getting a lot more than that. More than a hundred a day on my Yahoo! address that are filtered, 20+ that slip by each working weekday. I report as many as I can be bothered. I might end up having to retire my Yahoo! address if ever I can't keep near a connected machine.

As for company mail, well I'd say about 30 a day, and that's after some basic header (subject line) filtering, rejecting non existent domain names and poorly formed addresses...

Re:Spam Spam Defeatable Spam (4, Insightful)

the uNF cola (657200) | more than 10 years ago | (#7879694)


It doesn't take very much CPU to s/\W//g

tr/\W//d is faster if that's perl :)

Re:Spam Spam Defeatable Spam (5, Informative)

Jugalator (259273) | more than 10 years ago | (#7879758)

According to SpamAssassin's default scores [mirror.ac.uk] , these are all adding up to the spam score that apply to the examples above to "challenge spam filters":

- Message text disguised using base64 encoding
- Uses a numeric IP address in URL
- Uses a dotted-decimal IP address in URL
- HTML has over 9 kilopixels of images
- HTML: images with 0-200 bytes of words
- HTML has a low ratio of text to image area
- The score from a bayesian filter, which would probably quickly increase for messages with tons of punctuation and still leave legit mail since you normally don't use tons of punctuation.

Spam operators might get more creative, but I still think spam removal tools are several steps ahead.

Don't put your email address online (4, Interesting)

arvindn (542080) | more than 10 years ago | (#7879562)

Stop spam at the source, stupid!

Don't put your email address online, period. Other solutions like filters only address part of the problem, because you still have to pay for the bandwidth and there's the problem of false positives. I wrote a little Javascript Turing email obfuscator [ernet.in] , which prevents renders your email address invisible to bots, even those that can execute javascript.

An ounce of prevention...

Re:Don't put your email address online (5, Insightful)

wiggys (621350) | more than 10 years ago | (#7879577)

>Don't put your email address online, period

That's like saying "Don't go out after 9pm or you deserve to get beaten/raped".

Sorry, but my instincts are to fight the spamming bastards rather than give in to them.

Re:Don't put your email address online (1, Interesting)

arvindn (542080) | more than 10 years ago | (#7879597)

Bad analogy.

I never said anything about not fighting spammers. Please do fight them. But at the same time, also protect yourself. What you're saying is more like: "I'll go out at night alone and unarmed and I'll fight if I'm attacked." I'm just saying take a gun with you.

Not putting your email online doesn't mean not giving it out at all. It just means don't put it in nice cleartext which spambots can harvest. Obfuscate it so that humans can still gets it while bots can't.

Re:Don't put your email address online (0)

Anonymous Coward | more than 10 years ago | (#7879660)

What you're saying is more like: "I'll go out at night alone and unarmed and I'll fight if I'm attacked." I'm just saying take a gun with you.

Yeah, great idea - go out with a gun, and get refused entry to anywhere you might have wanted to go, and then end up in a cell for unlawful possession of a firearm. That's my idea of a good night out!

Re:Don't put your email address online (1)

adrianbaugh (696007) | more than 10 years ago | (#7879719)

It's not, really. My email address is not available online, but I'm still quite contactable via email - I have a perlscript (with the To: email hardcoded in and some sanity checking on the inputs) that allows people to email me without ever seeing the address.

Re:Don't put your email address online (1)

arvindn (542080) | more than 10 years ago | (#7879768)

Good idea, but...

Google for "blog spam". There are bots going around looking for Submit links in the most popular blogs and spamming them. Its probably only a matter of time before they extend that to the whole of the web.

Re:Don't put your email address online (4, Insightful)

dorward (129628) | more than 10 years ago | (#7879601)

Don't put your email address online, period. Other solutions like filters only address part of the problem, because you still have to pay for the bandwidth and there's the problem of false positives. I wrote a little Javascript Turing email obfuscator, which prevents renders your email address invisible to bots, even those that can execute javascript.

It comes down to a choice:

  • Get less spam
  • Make it harder for people to contact you

I don't want to put barriers in people's ways when they wish to contact me (OK, sometimes I do - 'No I will not fix your computer! I don't even know you!' - but generally I don't). Making people use a JavaScript enabled web browser AND answer a question is a barrier, and I don't want it.

Re:Don't put your email address online (1)

arvindn (542080) | more than 10 years ago | (#7879633)

Of course, its your choice.

You may want to consider two things though:

  • Spam continues to increase exponentially with no sign of slowing down. If you let them get your email now you'll regret it months, even years later.
  • The time to type a word into a textbox is nothing compared to writing an email. So that's not really a barrier. Javascript is though.

Don't use your email online (5, Funny)

kop (122772) | more than 10 years ago | (#7879626)

Stop spam at the source, stupid!

Don't use your email address, period. Other solutions like filters only address part of the problem, I wrote a little Javascript Turing email blocker , which prevents you using email!
No more email means no more spam, spam harvesters use viruses that collect email adresses from the computers of people that know you.
People that don't know how to use bcc spread your adress all over the net. So dont give out your email adress at all. Just send lonely test messages to yourself. mmm, a dictionary attack could still find you..... Stop checking your email!!!
Problem solved.

An ounce of prevention...

Re:Don't use your email online (1)

arvindn (542080) | more than 10 years ago | (#7879641)

Wow, don't you even read the posts that you reply to? I know this is slashdot, but still...

I was talking about making your email address invisible to bots, not humans.

Wait.. maybe you're a bot? Yes, that would explain everything.

easy-to-defeat (1)

autopr0n (534291) | more than 10 years ago | (#7879652)

If your Turing email protection scheme actualy worked, it would be easy to defeat. Spammers could harvest the XOR of the email, and use a dictionary attack.

Re:easy-to-defeat (1)

arvindn (542080) | more than 10 years ago | (#7879681)

You mean try all possible dictionary words to hit a single address? Yeah I'm sure spammers are desperate to do that.

What usually happens in a dictionary attack is you try a whole dictionary and get several thousand hits. That doesn't work here.

Re:easy-to-defeat (1)

C0vardeAn0nim0 (232451) | more than 10 years ago | (#7879753)

not a "single" address. thousands of it.

1- aim a large provider (sympatico.ca, uol.com.br, aol.com, and so on)
2- do a dictionary atack and log every address that responds "250".
3- build a spam list
4- sell it on CD
5- ...
6- profit

if it looks too professional and organized for a spammer i have bad news: they ARE getting professional and organized. even low-live scums like spammer can pull this out. mafia does. why can't spammers ?

Re:Don't put your email address online (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#7879669)

What is the name of our planet?

Terra? Gaia? Sol III? La Terre? Sekai? The world?

Whoops... looks like your filter filters out inventive or foreign humans, as well as computers.

Re:Don't put your email address online (3, Funny)

azaris (699901) | more than 10 years ago | (#7879723)

I wrote a little Javascript Turing email obfuscator, which prevents renders your email address invisible to bots, even those that can execute javascript.

That only works for people who think that sending you e-mail is such an enormous honor that they're willing to jump through flaming hoops backwards to accomplish it. The first spammer that's desperate enough to "decrypt" your e-mail address will add it to an address list and that's the end of that chapter.

Ever notice how entities that erect all sorts of extraneous barriers to communicating with them tend to get your blood boiling? I call it the "you must fax us this form in triplicate with a notarized form and a copy of your driver's license during office hours in Burma on the third tuesday of April during a leap year that doesn't have the number six in it"-syndrome.

Re:Don't put your email address online (0)

Anonymous Coward | more than 10 years ago | (#7879740)

Did you get rid of all your phones too?

Re:Don't put your email address online (1)

NanoGator (522640) | more than 10 years ago | (#7879742)

"Don't put your email address online, period."

Doesn't help you with a brute force or dictionary attack. Those are popular these days.

Desktop management (2, Funny)

Zog The Undeniable (632031) | more than 10 years ago | (#7879564)

My experince since we changed from Windows 3.1 to NT and now 2000 is that the few cases where users screwed up their PCs have been outweighed by the constant demands for an engineer visit to carry out a trivial task using the admin password. And no-one can defrag their hard disks. Ever.

Re:Desktop management (2, Insightful)

pe1chl (90186) | more than 10 years ago | (#7879581)

That means you (or the admins) have not yet fully understood how they can manage desktop systems.
This is understandable. There is a lot to read.
But in the end it will be possible to protect the systems against the user (somewhat) and still be able to manage them, even defragment.

So keep on studying!

Re:Desktop management (1)

TheMidget (512188) | more than 10 years ago | (#7879614)

That means you (or the admins) have not yet fully understood how they can manage desktop systems.

This is understandable. There is a lot to read.

But in the end it will be possible to protect the systems against the user (somewhat) and still be able to manage them, even defragment.

So keep on studying!

And I thought the main selling point of Windows was that it was easy enough that any baboon could install/user/administer it. If that is not actually true, wouldn't it make more sense to just install Linux instead? At least, you wouldn't need to defrag...

Re:Desktop management (1)

pe1chl (90186) | more than 10 years ago | (#7879693)

I fully agree: it is not at all true that Windows is easier to administer than Linux.
Usually, when folks claim the contrary they then come up with issues like those in the parent article.

I.e. they think it is simple, but that is only because they have not yet discovered the complexity. Kind of like considering a Mars rover simple because it is just a bouncing ball that unfolds and releases a radio controlled car that drives around.

Re:Desktop management (4, Interesting)

danheskett (178529) | more than 10 years ago | (#7879701)

And I thought the main selling point of Windows was that it was easy enough that any baboon could install/user/administer it.
It is massively easy to admin a large number of similiar Windows machines.

As a part time thing, for charity, I admin a largish network for a non-profit in New England. Something like ~150 desktop PCs - running Win2k and WinXP and 3 Win2k Servers.

I do it all remotely, in about ~45 minutes or so weekly. When they need a new PC they get it straight from Dell, plug it in, and after a very simple operation (which, granted, required me writing out detailed instructions with pictures and lots of hand-holding), the PC is in the network. After a quick reboot, all the software is configured, printers configured, network access configured, and any of the 175 users can log in and experience the same consistent environment.

Patching machines is virtually painless, virus/trojans/spyware never gets through, e-mail is rock-solid, machines don't crash unless it's a hardware failure (quite common with Dell sadly..), the machines are locked down and unable to be user-f'd, and things are generally smooth.

They used to have a full-time fully-clueless IT guy. He went to a different career, and I took over a few years ago. After a single weekend of re-engineering I can say that the network operates without any trouble. The users are happy, things are reliable, all major maintenance is automated and scripted, and things *just work*.

Honestly, it all depends on the person. I've known networks with really bad UNIX-ish admins where nothing working, machines, crashed non-stop, etc etc. Same with Windows.

Don't mean to be immodest, but really, it just takes someone with a good grasp of IT and some Windows skills. My one power user on-site handles some of the hands-on stuff (unjamming printers, unpacking new PCs, changing backup tapes, etc).

Anyways... in this case, Linux would work except for about ~6 or so critical apps that are Windows-only. Bummer.

Forget the flash drives... think USB HARD DRIVES (4, Interesting)

Neo-Rio-101 (700494) | more than 10 years ago | (#7879586)

I use a 2.5" 20GB USB hard drive when I move between branch offices for work as it carries all my data and stuff with me. I also use my HD as a kind of FTP directory when I want to install client software across a server network.

Come to think of it, there's nothing to stop somebody with one of these Hard drives from importing and exporting several CDs worth of data on it, and importing all kinds of strange software or even CD-copying software into the workplace to make nice CD ISO images or even whole drive dumps of code that should not be freely distributed.

The USB hard disk is probably way more risky than a flash drive, because 512MB while it can still hold a lot of info, is still expensive and is limited by its size.

Re:Forget the flash drives... think USB HARD DRIVE (2)

nighty5 (615965) | more than 10 years ago | (#7879698)

The problem is, USB thumb drives are more wide-spread, cheap as chips and, from a security stand-point, easy to loose.

Thankfully I havent lost any of my USB drives, I usually securely wipe them every few weeks JIC.

512 MB is very damaging, what corporations are scared of, are the copying of sensitive documents. Documents such as network diagrams, disaster recovery plans, security plans etc etc are usually no larger than 10 megs, but could deliver a damaging blow to business confidentality concerns.

I'm seeing a definate rise in large businesses I'm dealing with are already banning USB thumb drives.

Re:Forget the flash drives... think USB HARD DRIVE (5, Insightful)

scottj (7200) | more than 10 years ago | (#7879732)

Come to think of it, there's nothing to stop somebody with one of these Hard drives
Come to think of it, this is nothing that I could not have done several years ago with my 20GB laptop. These USB drives are not a new threat in an environment where mobile computing is prominent. Not ALL of us use desktops. In fact, I don't have a single coworker who uses a desktop computer these days.

heh (1)

autopr0n (534291) | more than 10 years ago | (#7879591)

Spam operators are getting more creative in their efforts to get around spam filters. R.a..n,d,o.,m p,u,,n,c.t,,u_a.t.1..0.n makes it nearly impossible to block spam messages by filtering keywords. Operators are changing to graphics interchange format images with no searchable text. Some spammers send in encoded formats, like Base64, to circumvent keyword filters altogether, and relay through IP addresses that have no Domain Name System domains associated with them.

Why on earth did they expand "GIF" there?

Oh well, the base-64, and even the image method are not immune from keyword and Baysian filters (in fact, you could theoreticaly write a Baysian filter based on image features, killing any "Ad-like" images!)

What I encountered yesterday (5, Interesting)

quigonn (80360) | more than 10 years ago | (#7879592)

Spammers actually seem to try defeating bayesian spam filters by "training" them with random words:

From: Noah Poe
Date: Sun, 04 Jan 2004 15:58:49 -0600
To: a.konrad@aon.at
Subject: canberra happen

aides bone emmanuel rumania persistent josephine pencil majesty bottom
anarch molecular cafe hepburn done ellipsoid monoceros chokeberry pungent decontrolled
orphanage keel cessna lippincott drugstore onion inclement empire

This is just sick.

Re:What I encountered yesterday (2, Interesting)

Anonymous Coward | more than 10 years ago | (#7879617)

I've been getting a lot of these too, and I wonder how easy it is to create a filter that calculates the amount of short (say 4 characters) in a message. If there aren't enough of these (and note the difference between what you posted and this post for example) then it's very likely spam.

And really, even if you use a Bayesian filter, how many emails contain the words "majesty" "ellipsoid" and "lippincott"? Is it really a problem to have these associated with spam? As long as you need a few of them to trigger the filter I don't see how this is going to cause false positives. In effect, the spammers are tagging their junk for us. Handy :-).

Lourens

Re: What I encountered yesterday (2, Funny)

Black Parrot (19622) | more than 10 years ago | (#7879750)


> And really, even if you use a Bayesian filter, how many emails contain the words "majesty" "ellipsoid" and "lippincott"?

Why, just yesterday I got one that said "Her Majesty wants you to polish the ellipsoid on her Lippincott, and then bring it around front."

I wondered what those were... (2, Interesting)

Skreech (131543) | more than 10 years ago | (#7879629)

Subject: fodder gallonage

neglecter appease luis seagram bratwurst bluet
burgundian seamstress adair embolden frontal
rhodonite bitwise neither clara mercy footstool delivery

or how about....

Subject: dewdrop

perspicuous dinosaur fluency depart colombia oaken balfour odometer
because propel bead cowry nihilism
melanesia down mccluskey cryostat elena alphameric

----

I wondered what these emails were, but trying to poison spam filters seems correct. I figured spammers were doing it, but I thought the reason was just to spite us all. I'm sure people are doing this to email addresses and selling lists of "prepared email addresses" with compromised spam filters for extra message penetration panel sandman eyeglass conclusion inhibition globular irrigate -- er, sorry... yes, yes I have been checking my mail lately, why do you ask?

Re:What I encountered yesterday (4, Interesting)

Texas Rose on Lava L (712928) | more than 10 years ago | (#7879680)

I don't think this will work too well for the spammers. When was the last time you got a legitimate email containing "lippincott" or "monoceros" or "emmanuel?" The Bayesian filter will notice that words like this only show up in spam, and the next email you get with "lippincott" in it goes to the spam folder. This is particularly true if the spammers get lazy and reuse the same set of "random" words.

As for spammers training your filter to accept spam, I think the spammers would have to be really sophisticated to pull that off. They would have to guess which words show up in your legitimate email but not in your spam. For my work email, for example, that would probably be things like technical jargon, coworkers' names, product names - stuff the spammers won't be able to guess (and that will vary from one person to the next). So even if spammers add random dictionary words to their spams, there will still be individual words that are far more common in legitimate email than they are in spam, and the spammers' plot will fail.

Re:What I encountered yesterday (3, Informative)

arivanov (12034) | more than 10 years ago | (#7879712)

Fairly stupid and will not work. At least with SPAM assassin. It does Bayes on two word combinations (unless you change one of the defaults). So random words will not get into the bayes dictionary anyway.

Dumb question - spell check the incoming mail? (5, Interesting)

MachDelta (704883) | more than 10 years ago | (#7879596)

Ok, this is probably a dumb question, but why the hell doesn't anyone make a spell checking spam filter? Just set it to junk any incoming email with more than x% spelling mistakes, and voila! All y,o.ur.,. r,a.,n.d,.om.,,. p,.u,.nc,.tu,at,i.on and |33t 5p34k is fucked. Combine it with a regular spam filter, and you're set!
It'd also have the added bonus of keeping idiots who can't spell worth crap out of your inbox. And since it would work off a dictionary (preferably the same one as your outgoing spell checker, if equipped), you could always add whatever names, phrases, and abbreviations you wanted, while still keeping the "0MG L1EK MAK UR P3N0R 9 INCHZ LONGR!!" crap out of your inbox.
Surely we have the ability to create something like this. So where is it?

Re:Dumb question - spell check the incoming mail? (3, Interesting)

Texas Rose on Lava L (712928) | more than 10 years ago | (#7879709)

From: Boss@personalispaccount.com
To: Employee@work.com
Priority: Extremely Urgent

Michael,
The TPS report for 3Q03 NPT TLAs is late. Please attach HEL and HPQ-4 to GNAA and send (w/TPS) to VP of Ops by EOD.

Thx, Ackbar

Re:Dumb question - spell check the incoming mail? (1)

tuggy (694581) | more than 10 years ago | (#7879711)

that's a good sugestion, but other problems arise.
For example, I receive e-mails from people that i use to talk on IRC.. and people use a lot of abbreviations there, which a spell checker my classify as errors.
And then there is the problem of having just one spell checker. Because i receive e-mails in more than just one language...

Re: Dumb question - spell check the incoming mail? (1)

Black Parrot (19622) | more than 10 years ago | (#7879764)


> Ok, this is probably a dumb question, but why the hell doesn't anyone make a spell checking spam filter? Just set it to junk any incoming email with more than x% spelling mistakes, and voila! All y,o.ur.,. r,a.,n.d,.om.,,. p,.u,.nc,.tu,at,i.on and |33t 5p34k is fucked.

> It'd also have the added bonus of keeping idiots who can't spell worth crap out of your inbox.

OK, but how about a solution that works for people who have programmers for friends?

On random punctuation (5, Interesting)

Richard W.M. Jones (591125) | more than 10 years ago | (#7879605)

At my last job I wrote a chat server which was used by school age children.

One of the requirements (coming from "concerned parents", of course) was to filter out swearing in the chat rooms. So if someone typed in, say, "you're a shit", what would actually appear for everyone else would be "you're a $!%^" or something similar.

Eventually, of course, we got into an arms race with the kids, who would write "sh1t", "s.h.i.t", "sh*t" and so on.

However, I came up with a program which generated a regexp which matched pretty much all the variations, and - to date - none of the kids have worked out a way around it.

This is how it worked.

(Actually, I can send anyone the original regexp generator code if they're interested - just mail me).

The basic concept was to use a table of "equivalences", for, eg. "a" => [ "@", "4", "A", ....], "f" => [ "ph", .... ]

For each swear word we generate a regexp with (r1|r2|r3|...) for each letter in the bad word, where r1, r2, r3, ... are the list of equivalences for that letter.

That produces a list of swear word - matching regexps which we then combined into a super mega regexp which would match any of the 50 or so banned words.

One interesting thing is that you can end up with a regexp which is too big for GNU regexp to handle ... But there are ways to get round that and you can code it up as a flex parser too which doesn't have any limits as far as I can tell.

The actual code is slightly more complex and does a few more things than above (eg. it works for "s.h.1.t" too, or even "s---h--1----------t". And it has a concept of "obliterator characters", so "sh*t" can be banned also.

If anyone's interested I can send the code.

Rich.

Re:On random punctuation (3, Funny)

^Bobby^ (10366) | more than 10 years ago | (#7879644)

So you're the one responsible for 'I was hit!' comming out 'I wa* ***!'

Filters like that ruin normal text.

Re:On random punctuation (5, Funny)

miu (626917) | more than 10 years ago | (#7879700)

faux queue man!

Re:On random punctuation (0)

Anonymous Coward | more than 10 years ago | (#7879720)

You know it's an arms race and still continue? Like kids depend on swear words to hurt other kids. Pathetic.

Re:On random punctuation (0)

Anonymous Coward | more than 10 years ago | (#7879725)

Wow, no sh*t?

Re:On random punctuation (2, Insightful)

DerPflanz (525793) | more than 10 years ago | (#7879736)

What if some tries things like 'fcuk' or the like? Does it work also? Think of that english research done lately where it says it doesn't make much difference in which order the letters are, as long as the beginning and ending letter are correct. More about that here [cam.ac.uk] .

Re:On random punctuation (1)

Richard W.M. Jones (591125) | more than 10 years ago | (#7879765)

"fcuk" ... no.

(That's a famous trademark in the UK, though :-)

It does work on things like fu(k though.

Rich.

Re:On random punctuation (1)

LittleBigLui (304739) | more than 10 years ago | (#7879763)

So your product is one of those mountains of clueless that changes "cocktail" to "man thingytail" in conversations and thereby causes heaps confusion first and plenty of laughter afterwards?

Oh well, and does your product catch the phrase "Sick my Duck"? (Sure should, that one might be the Next Big Thing TM amoung young swearers everywhere.)

(aiming for Funny here, not Troll!)

Re:On random punctuation (1)

Richard W.M. Jones (591125) | more than 10 years ago | (#7879773)

Actually, I think the whole issue of swear word filtering is silly.

However, I was doing my job and getting paid for it ...

If it helps to make a small dent in the quantity of v1@gra spam, then so much the better though.

Rich.

Re:On random punctuation (1)

Swofx (257812) | more than 10 years ago | (#7879797)

In the other Story about What You Can't Say [slashdot.org] the guy first asks the question if you should respond to the whish - banning swearing among children - at all. I wonder if this has been discussed in your case. Or did you go straight ahead trying to solve a social challenge with a few lines of code?

Re:On random punctuation (2, Funny)

Alioth (221270) | more than 10 years ago | (#7879810)

But will it filter the town name Scunthorpe as being offensive? AOL had this problem where people living in Scunthorpe suddenly found they could no longer use their town name.

Random punctuation (3, Informative)

JanneM (7445) | more than 10 years ago | (#7879620)

Sure, you can defeat spam filters by being obscure enough. Do random punctuation, embed your message in a mass of unrelated words and so on. But from my experience, spam is already approaching the "vanishing point" when it ceases to be comprehensible even to the humans that are supposed to react to the things. I have had spam that has been so obscure it's taken me several minutes do decipher what they are trying to sell (and they still get caught by Spamassassin).

Re:Random punctuation (0)

Anonymous Coward | more than 10 years ago | (#7879754)

d9dfj s-0d3 ddid8d dkd9ej v/xckd dkei0d dslkwe9 sldk3 ssl3 sslk3d dle00df d-dsl lwlwa9s slldie0 slsl00dd sl22 da s0del slslwl1.

Subject Lines (1)

vpscolo (737900) | more than 10 years ago | (#7879624)

I've seen a few of these punctuation type spams. Surely it wouldn't be to hard to work on the subject line delete all puncuation (apart from spaces) and then run it through a baysian filter? Rus

USB Flash Drives (1)

powlow (197142) | more than 10 years ago | (#7879656)

policies against usb flash drives are bad news.
but then again, if they can't even be smart enough to buy recordable cds at work, then you can expect them to just blanket ban things...

Another article that needed modding down (1, Insightful)

Anonymous Coward | more than 10 years ago | (#7879670)

From the article:
Second, whenever a new technology comes out, its developers generally do a poor job of designing security into it

That was true 5 years ago, but in general it's crap today. Most security problems are in re-implementations by Microsoft of old technology.

Browse through the RFCs issued in the last 5 years, which is where new Internet technology generally appears, and you'll find a generally excellent level of security design.

bayesian filters aren't fooled so easily (5, Informative)

_Shorty-dammit (555739) | more than 10 years ago | (#7879672)

there are more parts to an email than just the subject line or the message body that still give away emails as spam. So even if random punctuation circumvents the spotting of something as specific as "viagra" by changing it to "v..1.,a,g.r,,a" or something similar it doesn't matter much. There are so many other hints that it's basically meaningless to do this, they still get caught because of those other clues. I'm still amazed at how well my bayesian filter of choice, popfile http://sourceforge.net/projects/popfile does with all my email needs. Filtering out spam, sorting out other emails into work, family, and a handful of other 'buckets' to get everything going where I'd like it to go. Spammers are indeed trying out different ideas all the time, but next to nothing ever gets through. And when something does manage to slip by on a rare occasion, well, you just made popfile that much better at catching the rest of the crap anyways. shrug. Been a long time (since I found popfile) since spam was even the slightest concern to me. There are quite a few different bayesian-based filtering methods out there, definitely a good idea to check at least one of them out. Popfile's a good choice, especially if you'd like to sort things besides spam too.

Re:bayesian filters aren't fooled so easily (1)

pe1chl (90186) | more than 10 years ago | (#7879685)

Spammers have now begun to append a paragraph of normal text to spam messages.
(there is a short message about losing weight, some link to a site, and then a long text that is not at all related to the spam)

I suppose this is being done to fool the Bayesian filters.

Re:bayesian filters aren't fooled so easily (1)

_Shorty-dammit (555739) | more than 10 years ago | (#7879690)

but it doesn't work, because of all the other tell-tale signs it still gets flagged as spam and dealt with as such. No matter how much "real english" stuff gets tagged on, none of that stuff looks like "real email" stuff and it still has all the spam stuff anyways.

Corporate IM (4, Insightful)

ksp (203038) | more than 10 years ago | (#7879673)

I used to work in a global virtual team for a software company and I was (once again) shocked at the ignorance of the MIS department. A lot of people just decided to use MSN Messenger and so it suddenly became our standard communication program, so far it was even written into work procedures.

I expect the new IM worms to be the next major disaster to these tech companies, just like Slammer was for their unmanaged MS SQL installations.

It surprised me that noone listened to my suggestions on setting up an internal server. OK, not every luser knows IRC, but surely there are many IMs that can be set up to use an internal server and block everything else at the firewall. We tried the Lotus Notes clone of AOLs AIM and it sucked (as everything Notes), apart from using encrypted line data.

I remember trying to get hold of a senior developer I was working with using plain old talk in a terminal and he didn't know it... He got the notification in his shell and called me instead. Sort of explains the renaissance of these dummy IM clients.

defeating random punctuation (4, Interesting)

C0vardeAn0nim0 (232451) | more than 10 years ago | (#7879691)

My boss (hardcore BSD hacker and anti-spam activist) added a simple rule to our spam filters: more than 5 consonants in a row in the From: field and it's tagged as spam. I'm pretty sure if neccessary he can add a rulle to check how many characters in a sentence are vowels, consonants, digits and punctuation. more than x% of punctuation in a sentence plus y% digits and the filter tags as spam.

I'm not as good as him but I'm sure this can be done quite easily in perl with regexes.

Re:defeating random punctuation (3, Insightful)

BigBadBri (595126) | more than 10 years ago | (#7879728)

Unlikely.

Short, broken, or oddly punctuated sentences, such as this, may wrongly trip the rule.

There are 1,000,000s of examples, of which this is 1.

Still, it's ugly English, so should perhaps be condemned as such and consigned to the spam-bin anyway.

More serious is how to define a sentence - if it's a phrase terminated with a period, then random punctuation is likely to generate many short sentences, and a sufficiently dedicated spammer ought to be able to bias the 'random' punctuation to defeat a conservatively set rule.

I'm not sure that anything can be done 'quite easily' in Perl...

Re: defeating random punctuation (5, Funny)

Black Parrot (19622) | more than 10 years ago | (#7879756)


> My boss (hardcore BSD hacker and anti-spam activist) added a simple rule to our spam filters: more than 5 consonants in a row in the From: field and it's tagged as spam.

Hope he's not expecting any important messages from anyone born in Eastern Europe...

My predictions... (3, Funny)

Black Parrot (19622) | more than 10 years ago | (#7879696)

  • More virii.
  • More arguments over whether 'virii' is a word.

Virii is obviously two or more words.. (0)

Anonymous Coward | more than 10 years ago | (#7879766)

When you make it: viriies then you are clearly taking about the plural in the third person.

Lets stop this debate now.

Anti-Obfuscation script (4, Informative)

cnb (146606) | more than 10 years ago | (#7879744)

Anti SPAM tools already include anti-obfuscation support. Here's one [sandgnat.com] of many scripts for spamassassin.

- cnb

Spam ISN'T a security issue (0)

Spoing (152917) | more than 10 years ago | (#7879794)

Why is spam even on the list? Yes, it's annoying and a big waste of time dealing with. Spam is an abuse of resources, so if you consider any abuse a security issue, then pop-up and flash adds can also be considered security issues because they consume excessive network bandwith too.

Spammers exploiting systems to relay spam is a security issue. Spammers sending viruses is a security issue. Other abuses by spammers are potential security issues. T'hh-i.s i_s n,o.t, and neither is spam in general!

Spam is in it's own category of abuse, and I'm all for sending out thugs with hammers to get these bastards to stop. Don't clutter security concerns with this dreck. Keep focused Computerworld!

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>