On Mon, Dec 10, 2012 at 01:47:18PM +0000, Martijn Grooten wrote:
While not all bad things that can happen as a consequence of taking a
fake email to be real involve clicking links, I agree it would be very
helpful if we could somehow determine the legitimacy of links at the
MTA/MUA level.
However, we can't. [...]
Precisely. Moreover, there is no way to know that a link L, which is
good/legitimate/wholesome/nutritious at the moment at which some piece
of software examines it, will still be in that state at some later moment
when a user accesses it. We see examples all day, every day, of sites
that have been hijacked by attackers and now host malicious content where
formerly there was something innocuous.
I think this best approach to solving this problem is not to solve this
problem. Hmmm...perhaps "best" is a poor choice of words, as what I'm
about to suggest is, in practice, mediocre; but I'll stick with "best"
because I think it's the best available.
To wit: users should never follow "important" links in email. They
should (for example) bookmark their bank's web site, and *always*
use the bookmark. [1] Senders should never send "important" links
in email, e.g., banks should not include URLs in their messages.
I'll pause now while you all enjoy a hearty laugh at the prospect
of both of these things happening.
But the serious side is that the problem, as Martijn observes,
is unsolvable with software, so if we want to truly deal with it,
then (shudder) we need to deal with human behavior.
And I really do know how hard that is: I often quote Marcus Ranum's
Six Dumbest Ideas in Computer Security, and "Educating Users" is #5.
But I don't think we have any better alternatives. Do we?
---rsk
[1] Of course if the bookmark is altered by an attacker, they're
already 0wned, so this is no worse.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg