On 10/27/10 10:29 PM, Chris Lewis wrote:
On 10/27/2010 6:29 AM, Rich Kulawiec wrote:
It doesn't matter. The entire issue of end-user authentication is
dead, dead, dead thanks to 100+ million zombies with keystroke loggers.
It doesn't matter how clever the tech is, how slick the UI is, how
minimal the effort is.
Oh, then, port 25 blocking and SMTP submit authentication is dead dead
dead too, predicated on the _same_ zombies and keyloggers?
Actually, it's not, at least on the sending side, because for various
reasons, botnet writers haven't (with only trivially small exceptions)
done it.
Compromised accounts sending spam through ISP's outbound servers is
steadily increasing. For some large providers, the number of accounts
have increased significantly. Botnets tend to avoid detection by
sending only a few messages through each account to stay within the
statistical noise.
The NoScript plugin for Firefox and Secunia's Personal Software
Inspector (PSI) are excellent tools for reducing exposure levels. Even
so, the online software industry operates in a reactive fashion where
weeks or months of exposure might exist between a zero-day exploit and a
security patch.
Social networks, email, and popular websites offering ad malware remain
popular tools of the botnet trade. At times, ad malware is the result
of malicious browser modification and not the visited website. The DNS
RPZ approach might become the Domain equivalent to that of an IP address
RBL.
-Doug
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg