[govsec] Morris Worm and a Change in Direction

jmetz at intac.com jmetz at intac.com
Sat Nov 6 11:01:33 EST 2004 

Acknowledged this is not a simple answer but it is a needed direction.

Content variabilities and stenography have to be stripped from the content
and tagged at the mail server.In order that the security IT can follow it
back to the source and process it accordingly.

I offered a direction for new evaluation based on existing capabilities of
software that can still deliver content

All the other concepts including the different mail clients still leave
problems that a binary or trianiary attack can utilize to bypass internal
security (the links to additional data are part of the problem)

Government and industrial security needs are even higher than the civilian
population as a whole.

The basic problem is people management, social engineering is still the
most successful way to attack a system by getting the user to do something
that violates the procedure and opens the door to the attacker.

My suggestions to solving the problem is one method that limits the users
ability to link through to an outside site and still lets the important
necessary information get to the users in a usable form

Can anyone else address a solution that can do the same when dealing with
10,,100 or 1000 users

I understand that to properly implement(the concept) one would need to
install many additional mail servers/gateways all the way down to work
group levels.

but considering the cost it is small when compared to the man weeks needed
to resolve an infestation after it takes place my opinion is that the
price is cheap.

john metzger



>
> Translating content into what should be equivalent content in another form
> is used. Some of the problems recently seen with image formats containg
> exploits just shows that there are few safe data formats. jpeg <-> gif <->
> jpeg as an example could be done at the gateway to clean up images and
> remove steganography. Likewise mp3 <-> wma <-> mp3 could be used do the
> same.
>
> what are the requirements since they will define acceptable security.
>
>
>
> Lori
>
> _______________________________________________
> govsec mailing list
> govsec at attrition.org
> http://www.attrition.org/mailman/listinfo/govsec
>

More information about the govsec mailing list