The Electronic Frontier Foundation charges that this weeks appeals court decision in U.S. vs Councilman gives your ISP the right to monitor your email.
The court brief is http://www.ca1.uscourts.gov/pdf.opinions/03-1383-01A.pdf
The defendant used procmail and sendmail to monitor email from Amazon to the booksellers and other email clients that used his mailserver. He used a form of store and forward to do this. I believe the courts have held that wiretapping is grabbing the message off the line with a sniffer. It is a different charge when the mail is in storage. The courts dismissed the charges against the defendant stating that at the time the message was copied it wasn’t in transit.
I agree that he is not guilty of wiretapping. I’ll have to go reread the Stored Communications Act to see if his claim of being a service provider is correct. I am currently in a cyberlaw class and we read the lower court ruling on US v Councilman a couple weeks ago. So I was pretty excited to see this case.
Archive for June 2004
U.S. vs Councilman opens door for admin snoops
Dubious Spyware Products
Broadband Reports has a link to a list of dubious spyware products.
http://www.spywarewarrior.com/rogue_anti-spyware.htm
Some anti-spyware products actually install spyware.
Some anti-spyware products are really just bad copies of established software like adaware and spybot search and destroy.
and Some just dont work very well.
So how do you tell the difference? Its best to stay with the established leaders like spybot and adaware, but sometimes they dont offer the features we need. This list is a great resource for what to watch out for.
New Phishing Attack Technique
The SANS Internet Storm Center is reporting a new Phishing technique where the body of the message consists of a single image. However if you click in the area of the logon button it does act as a link which takes you to the phishing website. Single image emails are much tougher to detect with antivirus and antispam efforts.
Ex-AOL Employee Arrested in Spam Caper
I’m sure by now you’ve seen the articles on the AOL employee who stole millions of screen names and sold them to spammers. Jason Smathers was not authorized to have access to the screen name list but used another employees access code to steal it.[1]
According to an article I saw posted over at Harry Waldron’s site, this is expected to be the first prosecution under the CAN SPAM act. The maximum penalties are 5 years $250k. I wonder if harsher penalties would be available if he was tried under theft of trade secrets or some unauthorized computer access law?
Hopefully many companies will take this as a sign that its time to review their layers of protection and review internal procedures to make sure stuff like this cannot happen. That is twice in recent months that AOL has been in the news because their employees have abused their position. Earlier a call center drone admitted to improperly using personal information belonging to celebrity customers to forge relationships with them under false pretenses.
Perhaps audit logs that track patterns of use would have caught the Mr Smathers as he stole an authorized users account.
[1]“Ex-AOL employee arrested in spam caper.” the Washington Times June 24th 2004 C8.
More Bad Reporting From ZDNET
A recent ZDNet article was titled “Porn spammers sneak images into Outlook.” I’ve also seen the article titled “Spammers Bypass Outlook 2003 Security”
http://www.zdnet.co.uk/print/?TYPE=story&AT=39158241-39020369t-10000025c
With a title like that, you might be justified in suspecting somehow Microsoft security has been thwarted. That years of preparation to create Outlook 2003 have been thwarted by placing the image inline.
This is ridiculous.
Do they really think that Microsoft did realize that you can paste pictures into the body of a message? I think the main goal is to stop webbugs. Webbugs are 1 by 1 images loaded from the spammers webserver that act as a beacon to announce you’ve opened the message.
The article does recognize that this is still the case. It also recognizes that it was cause the spammer to have to transfer a larger amount of data for each message incurring a longer cost and slow his ability to spam.
I do wonder if it will be easier or harder to detect spam. Often times a spammer will get “bulletproof” hosting in China. Then all we have to do is block messages that have html pointing to that server. Now, I wonder if the images embedded in the message will have a consistent digital look or if they will constantly be changing it.
The Rumor Mill
Microsoft rumored to be interested in acquiring Network Associates
http://www.broadbandreports.com/shownews/46417
http://www.securitypipeline.com/news/22101181
Network Associates is for sale, and Microsoft is rumored to be the buyer.
The maker of McAfee antivirus and security products has not made it public, but a “for sale” sign figuratively hangs from Network Associates’ front door, according to Wall Street sources and channel partners.
A public announcement concerning either the pending or closed sale of the company to a buyer could come as early as July 1 when Network Associates also plans to announce layoffs associated with the company’s for-sale status, these sources said.
After initially declining to comment, Network Associates spokesperson Jennifer Keavney said Tuesday the company was “not considering offers from Microsoft or any other company at this time.” She did say however that the company would “need to legally consider offers that benefit its owners, the shareholders of Network Associates.”
Security Managers Could Face Court Penalties
I posted back in May about the legal problems security professionals may find themselves in. There is an interesting article over at Yahoo! News! that relates to this.
Mark Rasch was head of the US Justice Departments Cybercrime Unit. He prosecuted Robert Morris, author of the Morris Worm as well as the Hanover Hackers (see Clifford Stoll, The Cuckoo’s Egg). Currently he is a VP at some company and makes money scaring people about cybersecurity.
He makes some good points to ponder:
Computer Crime is written too broadly such that any unauthorized access is a crime. Then when your company has a policy that employees routinely violate that opens your employees to a felony computer crime charge of unauthorized computer use.
His main admonition is that your routine efforts at security could blow up in your face in court. Lets say you have a memo listing necessary security steps to take. Then you don’t take all of them. That will not look good at trial!
For something to be protectable as a trade secret, you must have made some reasonable effort to secure it. If you didn’t do the items on your list, then you may lose when you try to get someone prosecuted for stealing trade secrets.
False Sense of Security
News.com has a pretty interesting article challenging security assumptions. One of the more common assumptions is that if you put up a firewall, install antivirus on computers and perhaps get an IDS than you’ll be all right. There is this assumption that hackers will always attack the way they did n 1995 with a little bit of reconnaissance, and some doorknob rattling.
The article says why run the full gauntlet of defenses when you can compromise a users home system and piggyback on the company VPN past all of the network security.
The principle of low hanging fruit does not apply, the article says, when you are trying to secure a valuable target. A determined hacker isn’t going to just move on to the next target. Thus you need defense in depth and defense at every level of connection.
The article concludes by admonishing against a false sense of security. Also awareness of network activity. Would you know today if one of your servers started behaving more like a client?
Will Microsoft Offer XP SP2 Security to Older Windows?
That is the question on everyone’s mind. There are a lot of security enhancements for Internet Explorer. A lot of shops haven’t seen the compelling need to upgrade to Windows XP from Windows 2000. But these new security enhancements for XP sound enticing.
Windows 2000 is heading toward maintenance mode, which means patching only. Given limited development resources, it is better to spend those resources on Longhorn and XP sp2, not trying to shoehorn it into previous versions.
An eWeek article says that this is still up in the air right now. It does say it is highly likely the Internet Explorer security enhancements will be part of Service Pack 5.
