Jargons of Info Tech industry

[Ross Bamford]

Yes, but with spam ANY communication with an unwanted stranger is a
nuisance.

<!-- etc -->

Roedy, I would just _love_ to see the response from the industry when you
tell them they should dump their whole mail infrastructure, and switch
over to a whole new system (new protocols, new security holes, new
problems start to finish). I gather that's the gist of the suggestion, a
new protocol with built in public key (a fine, well known, accepted term,
IMHO it doesn't need changing) cryptography and signature support?

IMAP is in many ways better than POP3, but you would be surprised at the
weight of an accepted standard I think.

 

[Roedy Green]

Viruses can mail out change of address messages to everyone in the
compromised machine's address book today.

Of course, viruses don't bother doing that - since it's stupid and
pointless.

A virus is interested in the address book mainly if there as a way it
can send itself to other machines, get at their address book in a
fission explosion and spread without human intervention.

The key that makes that possible is Microsoft's features for running
self-executing code in emails. That is the problem. It has nothing to
do with formatting or pictures.

 

[Roedy Green]

Suppose I wanted to gather industrial espionage about, oh, say Roedy
Green. If my virus could impersonate him, I could tell everyone in sight
that his email has changed to (e-mail address removed) (or wherever). I would
harvest his email

I would say by extrapolating the problem of spam and snooping that the
next level of email software needs to concentrate on the following:

1. routine and transparent encryption.

2. making spam no longer economic. Blocking all spam is, even in
theory, impossible. I sometimes read a message and am ambivalent
myself about whether I wanted to read or receive it. The key is to
provide efficient, transparent spam solutions. They can be layered to
filter higher and higher percentages of mail depending on how big your
spam problem is.

3. prevent phishing. When PayPal sends you an email, you want to know
for sure it really is from PayPal. This means corporate users at
least will all have digital ids, and all emails will be digitally
signed.

4. status tracking. Unless blocked by the receiver, the sender knows
if his message has been receiveived/read.

5. making it impossible for any incoming email to mount any sort of
attack. the only parts the email software processes are the data
parts. Any enclosed programs must be explicitly installed. The email
software would warn if any code were not digitally signed with proper
certificate to identify the author.

Especially with spam, there are no perfect solutions, but at least we
could do many times better than what we are living with and put the
spammers out of business.

 

[John Bokma]

I did write him, snail mail, and he responded giving us permission to
rewrite any of the algorithms in his famous set of books in to Java.

Like I quoted, he does even get (some) email (printed out that is) . But
I think snail mail is better.

 

[Keith Thompson]

Especially with spam, there are no perfect solutions, but at least we
could do many times better than what we are living with and put the
spammers out of business.

A partial solution to spam, or at least to pollution of Usenet
newsgroups, would be to STOP POSTING THIS STUFF TO NEWSGROUPS WHERE
IT'S NOT RELEVANT.

There are several newsgroups that deal with e-mail abuse. This
discussion isn't being posted to any of them. Please stop.

 

[Gordon Burditt]

Links

the only piece of that particularly dangerous is JavaScript. So long
as you have a scheme to unmask where links are really going links are
no more dangerous than they are in browser.

Browsers don't read unsolicited web sites. Email readers do, however,
read unsolicited email, and email from downright hostile correspondents.
And I consider "web bugs" and similar tracking methods to be a danger
for something that's supposed to be ONLY "formatted text".

Even a form is not dangerous. You have to fill it in and hit submit.

So where does the submitted data GO? And there's all kind of information
in there about what software I'm running.

Gordon L. Burditt

 

[Gordon Burditt]

I would say by extrapolating the problem of spam and snooping that the

next level of email software needs to concentrate on the following:

1. routine and transparent encryption.

OK, but the Feds are really going to hate that.

2. making spam no longer economic. Blocking all spam is, even in
theory, impossible. I sometimes read a message and am ambivalent
myself about whether I wanted to read or receive it. The key is to
provide efficient, transparent spam solutions. They can be layered to
filter higher and higher percentages of mail depending on how big your
spam problem is.

One way of making spam non-economic would be making it difficult to
use throw-away identities. If I block by someone's identity, it
stays blocked.

3. prevent phishing. When PayPal sends you an email, you want to know
for sure it really is from PayPal. This means corporate users at
least will all have digital ids, and all emails will be digitally
signed.

I'm assuming that email is supposed to be useful and usable for
*SAFELY* conducting a conversation (or negotiations) with someone
out to kill you or steal from you. (Consider union vs. management,
any husband vs. his ex-wife, the IRS vs. everyone, whistleblower
vs. employer, etc.)

4. status tracking. Unless blocked by the receiver, the sender knows
if his message has been receiveived/read.

I consider this an unacceptable risk to the receiver, unless the
acknowledgement is manually initiated. It also risks a lot of
confusion regarding what constitutes "read", especially if the user
saved it into a file without displaying it.

I'm assuming here that there are some people (e.g. George W. Bush) who
will attempt to try to turn an IP address into a geographic location
and launch missiles at it when he finds out Osama Bin Laden read his
email. At least when Osama *sends* email, he can click the send
button and run like hell.

5. making it impossible for any incoming email to mount any sort of
attack. the only parts the email software processes are the data
parts. Any enclosed programs must be explicitly installed. The email
software would warn if any code were not digitally signed with proper
certificate to identify the author.

In HTML, that means NO links, NO Javascript, NO forms, and NO references
to other files. Reading your email should not generate hits on
anything specified by the sender.

Gordon L. Burditt

 

[John Bokma]

There are several newsgroups that deal with e-mail abuse. This
discussion isn't being posted to any of them. Please stop.

This just adds to the noise, and isn't going to work. Just kill the entire
thread.

 

[Mike Meyer]

Except with Roedy's proposal, all the targets correspondents address
books would get updated automatically. It's got much the same effect
as filling a change of address at the locate post office for
someone. It's a nasty practical joke. But much nicer than some of the
things that viruses do today.

The key that makes that possible is Microsoft's features for running
self-executing code in emails. That is the problem. It has nothing to
do with formatting or pictures.

No, that's what makes email a vector for infection. What makes using
the address book - for whatever purpose - possible for viruses is
having an API that allows arbitrary code to access it. But you have to
have that API - your customers are going to insist that they be able
to use their address book from third party applications.

These days, viruses don't spread through a single vector; they use
mutliple vectors, and will try them all once they've infected a
machine. So you may cruse a web site that infects you, and the virus
will then mail copies of itself to everyone in your address book, as
well as infecting any web servers that may be running on the machine,
and probing random IP addresses close to yours, and so on.

<mike

 

[Mike Meyer]

3. prevent phishing. When PayPal sends you an email, you want to know
for sure it really is from PayPal. This means corporate users at
least will all have digital ids, and all emails will be digitally
signed.

That won't prevent phishing, that will just raise the threshhold a
little. The first hurdle you have to get past is that most mail agents
want to show a human name, not some random collection of symbols that
map to a unique address. Even if you do that, most readers aren't
going to pay attention to said random collection of symbols. Given
that, there are *lots* of tricks that can be used to disguise the
signed name, most of which phishers are already using. How many people
do you think will really notice that mail from "John Bath, PayPal
Customer Service Representative" ([email protected]) isn't really
from paypal?

Unicode makes things *really* interesting.

4. status tracking. Unless blocked by the receiver, the sender knows
if his message has been receiveived/read.

Got that already.

5. making it impossible for any incoming email to mount any sort of
attack. the only parts the email software processes are the data
parts. Any enclosed programs must be explicitly installed. The email
software would warn if any code were not digitally signed with proper
certificate to identify the author.

How 20th century of you. Making it impossible to send executable code
as content is a major step backwards from what we've got now, and
you're the last person I would have expected to do that.

The solution is to run the code in a sandbox. This is an old
technology, and fairly well understood. Except maybe in Redmond.

<mike

 

[Chris Head]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello? I don't think that should make any difference. I should be able
to visit absolutely any website on the Internet without any danger to my
computer or the data stored on it. Any browser which allows otherwise
has a bug. Javascript is not inherently a virus vector. Flawed
implementations might be; the language itself is not. Similarly for
anything else. In reality, with a properly-configured, good quality
operating system (probably a UNIX-type system), one ought to be able to
run full native code without any danger to one's computer or data
(think: under the NOBODY account on Linux).

Just my 1/50th of a dollar.

Chris

Gordon Burditt wrote:
[snip]

Browsers don't read unsolicited web sites. Email readers do, however,
read unsolicited email, and email from downright hostile correspondents.
And I consider "web bugs" and similar tracking methods to be a danger
for something that's supposed to be ONLY "formatted text".

[snip]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: GnuPT 2.7.2
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDTfb26ZGQ8LKA8nwRAo53AJ4gt1VeSkonnRC0f2eSdwLaJt85CACcDP5+
xVO8Y8uWFRzwY26H4EmmKDo=
=178i
-----END PGP SIGNATURE-----

 

[Chris Head]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thunderbird is nice that way. You can tell it to render HTML by default,
and even images if they're included in the body of the e-mail, but tell
it to NOT render anything which requires connections to external servers
unless you click a Show Images button. I think Hotmail does a similar thing.

Chris

Paul Rubin wrote:
[snip]

That's the worst of all. I certainly don't want my mail reader
opening network connections to arbitrary places when I read my mail.
I have no willingness at all to reveal my mail reading habits or IP
address to everyone who sends me email. If someone wants a return
receipt, they can use snail mail and fill out a form at the post
office for it.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: GnuPT 2.7.2
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDTfdO6ZGQ8LKA8nwRAuSGAJ4+U6oSZrrO500FptiEGuAYrtXZlwCfYpQP
1TEMkwZwjevSwh+GfR72BlA=
=Xpel
-----END PGP SIGNATURE-----

 

[Roedy Green]

That won't prevent phishing, that will just raise the threshhold a
little. The first hurdle you have to get past is that most mail agents
want to show a human name, not some random collection of symbols that
map to a unique address. Even if you do that, most readers aren't
going to pay attention to said random collection of symbols. Given
that, there are *lots* of tricks that can be used to disguise the
signed name, most of which phishers are already using. How many people
do you think will really notice that mail from "John Bath, PayPal
Customer Service Representative" ([email protected]) isn't really
from paypal?

I think it better than you imagine.

First of all Mr. Phish will come in as a new communicant begging an
audience. That is your first big clue. PayPal is already allowed in.
Next if Thawte issues certs, they won't allow Phish names such as
Paypol.com just as now for other certs.

Mr. Phish is coming in on a different account.

Next Mr. Phish had to present his passport etc when he got his Thawte
ID. Now Interpol has a much better handle on putting him in jail.
He can't repudiate his phishing attempt.

 

[Roedy Green]

A partial solution to spam, or at least to pollution of Usenet
newsgroups, would be to STOP POSTING THIS STUFF TO NEWSGROUPS WHERE
IT'S NOT RELEVANT.

Technically yes. But those folk in the appropriate newsgroups have had
years to solve this and all we hear is despair. They are too concerned
with the day to day alligator swamp draining to think about the big
picture.. Perhaps it is time to toss the problem in front of a less
beaten down group of potential problem solvers.

 

[Roedy Green]

No, that's what makes email a vector for infection. What makes using
the address book - for whatever purpose - possible for viruses is
having an API that allows arbitrary code to access it. But you have to
have that API - your customers are going to insist that they be able
to use their address book from third party applications.

An automated change of address is possible today. It would be LESS
easy to pull off under the scheme I proposed that requires digital
signatures.

Yes there are some downsides to a theoretical attack where phony
change of address messages are sent out. They don't propagate. They
don't corrupt. They are self healing when the original guy gets his
virus problem under control.

But you must balance that against the REAL downside of people's
address books being filled with obsolete email addresses. And of
course one of the reasons they are is people keep changing their email
addresses to hide on spam. I am just saving as lot of busy work
keeping them up to date.

 

[Roedy Green]

Yup, you solved an easy problem - designing a spam-proof email
system. That's been done any number of times. The hard part is a
deployment strategy that will actually get the world to transition to
such a system. That's why earlier nearly identical proposals got
rejected - nobody could come up with a workable transition plan.
Without a transition plan, a better email system is only of academic
interest - and not even much of that at this late date.

The big problem with any new system would be it cannot communicate
with others. So presumably your clients need to talk both old and new
protocols. Just say, YES, you need the old mail system too, but you
will find yourself using it less and less.

So how do you promote it given that you can't talk to everyone with
it?

1. confidentiality. -- All is encrypted. Sell it as something for
confidential intra-corporate communications. This just happens
transparently. This means you CAN'T accidentally reveal a company
secret by bungling the software or forgetting to encrypt.

2. faster -- presume both ends are online 24-7. Do everything 8-bit
transparent, compressed prior to encryption. All decrypting and
compressing/decompressing is transparent.

3. prestige -- for people whose time is too valuable to deal with
spam. Perhaps clients are designed so someone else can deal with
giving and revoking permissions for you and prioritising your mail.
The riffraff are not on this net, only those with certificates, people
of distinction. Software in designed so a secretary can monitor and
manage several other VIP's mail.

Recall that there were intra-net emails long before the Internet.

 

[Ross Bamford]

The big problem with any new system would be it cannot communicate
with others. So presumably your clients need to talk both old and new
protocols. Just say, YES, you need the old mail system too, but you
will find yourself using it less and less.

So how do you promote it given that you can't talk to everyone with
it?

1. confidentiality. -- All is encrypted. Sell it as something for
confidential intra-corporate communications. This just happens
transparently. This means you CAN'T accidentally reveal a company
secret by bungling the software or forgetting to encrypt.

2. faster -- presume both ends are online 24-7. Do everything 8-bit
transparent, compressed prior to encryption. All decrypting and
compressing/decompressing is transparent.

3. prestige -- for people whose time is too valuable to deal with
spam. Perhaps clients are designed so someone else can deal with
giving and revoking permissions for you and prioritising your mail.
The riffraff are not on this net, only those with certificates, people
of distinction. Software in designed so a secretary can monitor and
manage several other VIP's mail.

Recall that there were intra-net emails long before the Internet.

My that's a lot of off-topic mail today (and all going to several groups).

Roedy, please finish this thread (or someone else please kill it).
Evidently unlike some others, I exercise caution and so receive maybe two
items of spam (as in unwanted, irrelevant mail) a week. Thanks to this
thread, my weekly average has now been ruined.

 

[Paul Rubin]

Next Mr. Phish had to present his passport etc when he got his Thawte
ID. Now Interpol has a much better handle on putting him in jail.
He can't repudiate his phishing attempt.

Any underage drinker in a college town can tell you a hundred ways to
get sufficient fake ID to get around that.

See also: http://www.ahbl.org/funny/response1.php

I'll let others here fill in the blanks.

 

[Ross Bamford]

Any underage drinker in a college town can tell you a hundred ways to
get sufficient fake ID to get around that.

See also: http://www.ahbl.org/funny/response1.php

I'll let others here fill in the blanks.

 

[axel]

An automated change of address is possible today. It would be LESS
easy to pull off under the scheme I proposed that requires digital
signatures.

How? I keep my address book on my Palm as I send mail from different
computers? I suspect many other people do as well.

Axel