The State of ‘Net Security: Nasty, Brutish, and Whiny

Main     Elsewhere     The Week in CrossNodes     The Week in Network News

“No arts, no letters, no society, and which is worst of all,
continual fear and danger of violent death, and the life of
man solitary, poor, nasty, brutish, and short.”

-Thomas Hobbes

The Leviathan. Part i. Chap. xviii.

When Mr. Hobbes penned “The Leviathan” 453 years ago, it was with a measure of satisfaction at the progress humans had made, and with some fear of the nature of human affairs when they’re bereft of some measure of civil protection.

In 2004, Mr. Hobbes has a proving ground in the form of the Internet, which science fiction luminary Bruce Sterling yesterday called “a dirty mess.” He outlined a situation no less dire than the one Hobbes imagined society reverting to in the absence of a king.

We can see his point: Between phishing, Nigerian scams, the virtual muggings of DDoS attacks, and a bevy of other illegal activities, the wide-open nature of the ‘net which is regulated less by the rule of law as it is the rules technical limitations impose has made it a conduit for a lot of nasty brutishness, and the life of an unprotected, unpatched server brought online is, well, short.

But while we’re having a little fun comparing Hobbes’ famous State of Nature with the Internet, Mr. Sterling is not. We weren’t at his talk, so we aren’t sure how tongue-in-cheek some of his commments might have been, but when we read passages like this in the coverage:

Sterling advocates an aggressive “blame and shame” campaign against spammers that would begin with an “arrest-a-spammer-a-day” effort. For Sterling, that campaign would begin in Boca Raton, Fla., home of many spammers and characterized by Sterling as the “Capone-Chicago of cyber fraud.”

“If they move out of the country, we’ll grab them and throw them into Guantanamo,” he said.

we can’t help but think there has to be a better answer than gulags for spammers.

In fact, we know there is, and it starts with network admins. When you’re dealing with a savage state of nature, hoping a parental authority will come along and knock heads certainly sounds appealing, but you also have to take some responsibility for locking your doors and barring your windows. Otherwise, carping for “get tough” policies is just so much whining. Our collective record as networkers isn’t so sterling in that regard, and it points to a need to work even harder to lock down our own nets.

This week’s article by Carla Schroder, for instance, points to an excellent tool for making sure your users don’t wander too far off the reservation. While we’re waiting for the Marines to build a “spammer tank” down on Gitmo, perhaps we can start implementing some technical solutions.


» Korgo, which takes advantage of the same Microsoft Windows vulnerability that fueled Sasser, is apparently getting nastier and more clever. Researchers say the amount of work going into new, stealthier variants is more than usual.

» AOL is telling e-mail service providers (ESPs) that if they want to stay on its whitelist, they’ll be integrating Sender Policy Framework (SPF) for their mail servers post haste:

SPF, or Sender Policy Framework, authenticates the identity of the sender of an e-mail. Since most spam has faked addresses, SPF could be a powerful weapon in fighting spam, spoofing [define] and phishing [define].

ESPs are scrambling to comply with the AOL edict.

“Many ESPs have already complied,” said Dave Lewis, co-chair of the E-Mail Service Provider Coalition (ESPC) vendor relations committee and VP of deliverability management for Digital Impact. Lewis said his firm is in the process of complying, as is another major ESP, Bigfoot Interactive, a spokesman confirmed. Other firms, such as EmailLabs and Socketware, are already in compliance.

Readers may remember SPF from a recent Network News Break that headlined the merger of SPF with Microsoft’s Caller ID for E-Mail. Yet another example of a technical solution that goes a long way to barring the windows and locking the doors.

» Add spim to your list of net nuisances (if you haven’t already):

“If the spim message is received from a recognized user who has been infected by a spim worm, such as “Osama found,” the click-through rate for links embedded in the message is very high, as the recipient invariably trusts any message that is received from a user in their buddy list. This high click-through rate is particularly attractive to those responsible for spim, which explains their growing interest in exploiting spim as a medium for their messages.

[ … ]

“With e-mail spam, click through rates are extremely low, being measured in factions of a single percent. Spim, however, offers much higher rates. To put this in perspective, a spam e-mail may need to be sent to 10,000 users in order to generate even five clickthroughs. Spim may be able to achieve the same clickthrough rate with only 10 or 15 messages. Given such efficient statistics, it’s no wonder that spammers are looking to become spimmers in short order.”

» A study of Fortune 500 firms indicates that the time employees spend sifting through spam has doubled in the last year. The firm conducting the study claims the fifteen minutes a day the average employee is spending comes out to about $2000 per employee per year for most large companies.

» The FCC says broadband use was up 42% in 2003. Cable is the preferred form of access among the 28.2 million broadband lines in use. According to the FCC, home and small business users drove most of the growth.

» PhatNet looks like an interesting network monitor, and you can run it from your PocketPC:

PhatNet is a real-time analyzer that decodes and filters data transported over virtually any kind of Local Area Network or Wide Area Network. It filters packet-based data by IP address, UDP port, TCP port, hardware address, or data string, and supports the creation of filters for difficult-to-diagnose network problems.

It’s $99 or $299 depending on the edition you buy, so maybe you should invest in the program that keeps track of expensable items, first.

» Speaking of the nasty, brutish, and short, here’s an opinion piece of interest about the unfortunate synergy between Wi-Fi and virus writers.

The Week in Network News

» Tuesday: Netgear’s Non-Fix: Another Black Eye for Off-the-Shelf WAPs

Netgear has thoughtfully patched a back door in one of its products with… another back door. Also: Cisco and Trend Micro team up to secure Cisco gear against viruses, domain registrations are on the rise, Gartner’s not so convinced about host authentication, and Apple rolls out a wireless toy you might soon see dangling from outlets around your cube farm.

» Monday: Microsoft to Make XP SP2 Free for All

Microsoft says it’s going to release XP ServicePack 2 for everybody… even the pirates. Also: Wi-Max standards in more depth, software to help with messaging archive compliance, a wardriver is faced with prison time, and why server authentication isn’t the be-all, end-all of anti-spam measures.

The Week in CrossNodes

» Squid Puts the Squeeze on Net Wrongdoers (Part 2)

Between online deathmatches, hearts tournaments, and sports bookies, your network might be looking more like a playground than a place to get work done. Here’s how to use Squid to button down the traffic and make sure your more slippery users don’t slide out of its grasp.

» Three
LDAP Browsers for the Asking

Getting your information in a directory is just half the
battle: The other half is finding it. Here are three LDAP browsers,
free of charge and up to the task of digging through your data.

» FaceTime
Makes IM as Safe as Talking Face-to-Face

With IM use at critical mass and growing, security and privacy
challenges abound. FaceTime’s enterprise-grade server suite monitors,
archives, and analyzes IM traffic for thousands of users without
requiring thousands of admin hours.

» Scripting Clinic: Dissecting a Live Python… Script

By examining a working script line by line, this edition of the
Scripting Clinic shows you how to put your own scripts together and
exposes a few Python quirks along the way.

Network News Break is
CrossNodes’ daily summary of networking news and opinion, served up fresh daily.
Please send your comments and suggestions to the editor.

Latest Articles

Follow Us On Social Media

Explore More