Blog Administration
Sunday, October 16. 2005
You didn't really want to read that anyway
Hold on folks, we're in for a bumpy ride.
Rumor has it that the vaunted Phase II of the Spam Flail-ex is about to begin. Several sources from an east coast facility say that "suspected spam" quarantining will start in the near future. As reported here earlier, users will have a fixed amount of time to respond to messages put into the quarantined area before it is deleted. If the user is unable, for whatever reason, to access his mailbox during the quarantine period, the E-mail is deleted. Messages determined to be "known spam", as opposed to suspected spam, will be dealt with even more swiftly -- it will be deleted immediately with no notification to the intended recipient.
We can only hope that the tagging debacle of a few months ago does not portend a quarantine storm where dozens of legitimate E-mails per day end up erroneously identified as spam.
Anyone who observed the monumental failure of spam tagging is surely holding their breath for the quarantine phase. We can only hope that the powers-that-be noticed the problems with tagging and have tweaked the spam identification process to prevent the same false-positive problem from occurring with this new phase.
We can always hope.
Rumor has it that the vaunted Phase II of the Spam Flail-ex is about to begin. Several sources from an east coast facility say that "suspected spam" quarantining will start in the near future. As reported here earlier, users will have a fixed amount of time to respond to messages put into the quarantined area before it is deleted. If the user is unable, for whatever reason, to access his mailbox during the quarantine period, the E-mail is deleted. Messages determined to be "known spam", as opposed to suspected spam, will be dealt with even more swiftly -- it will be deleted immediately with no notification to the intended recipient.
We can only hope that the tagging debacle of a few months ago does not portend a quarantine storm where dozens of legitimate E-mails per day end up erroneously identified as spam.
Anyone who observed the monumental failure of spam tagging is surely holding their breath for the quarantine phase. We can only hope that the powers-that-be noticed the problems with tagging and have tweaked the spam identification process to prevent the same false-positive problem from occurring with this new phase.
We can always hope.
Friday, October 14. 2005
Ya Who Not You
Once again we see fallacy in action. NMCI has apparently started blocking web access to Hotmail, Yahoo Mail, Google Mail and other on-line, web-based mail sites. So what could their reason be for such a drastic measure?
Very simply this is DoN policy. That's right folks, don't blame the good folks at EDS for this one. The Navy has deemed access to unofficial E-mail as an unacceptable risk to the integrity of their internal networks. Certainly users could unsuspectingly download a virus, worm, Trojan, malware or other Nasty in the form of an E-mail or attachment.
Yet one needs to ask, how is downloading such a threat from an E-mail site any more likely than acquiring one from a regular website? What makes web E-mail any more of a threat?
In fact, there are several things that make such a stance even more illogical and lay fallacy to the idea that web-based E-mail is a higher threat.
First, most large web-based E-mail services do scanning on attachments. Yahoo, AOL, Juno and others all scan their user's E-mail for suspicious items. So most of these sites are probably less likely to have dangerous code on them than millions of other regular websites.
Secondly, in the same vein, how are the file links on a regular website checked when a user clicks on them? Perhaps in the NMCI HTTP proxy system, but does this checking occur for SSL sites? Point is, if there is a threat on web mail sites, then there is a threat on all web sites. Maybe they should block access to everything except .mil and .gov sites. I know. Don't give them any ideas.
Third, many of the recent vulnerabilities publicized for Microsoft products do not need a user-executed code vector to do their business, they exploit flaws in the browser itself. There are several easily exploited weaknesses that Microsoft has been quick to address in its current Internet Explorer products and Windows XP-SP2. Once again we see the problems with having an outdated OS and application software on NMCI seats. So if the exploit is on the webpage itself, and has nothing to do with a user downloading a malicious attachment, some of the safest sites on the net would be reputable sites like Hotmail, Yahoo and AOL.
Lastly, we wonder where the NMCI proxy administrators got their list of web-based E-mail sites. How complete could it be? How many thousands of Squirrelmail sites and small ISP sites are out there?
Their method for "blocking" these sights appears to be little more than DNS modification. So someone at the central site has gone through the domain name servers and put manual entries in for things like mail.yahoo.com and www.hotmail.com. These new entries redirect the user to a warning banner instead of taking them to the requested mail web page. Of course this means that any local user (S&T .dev account not required) can modify their own hosts table to override these same DNS entries. For Windows 2000 users this means simply going into c:\winnt\system32\drivers\etc\hosts and placing a few entries like:
66.218.75.184 mail.yahoo.com
64.233.185.83 mail.google.com
In reality it would prove a little more difficult as many mail sites use many different host names and jump around during the user session. It all comes down to following the rules -- the admins can make things more difficult and keep out the casual user but if someone insists on breaking the rules, they will.
There was also widespread speculation that the stance resulted from (or the fear of) users forwarding Government E-mail to non-Government servers -- for whatever reason. This opens up the possibility of FOUO, Privacy Act, Procurement Sensitive and even classified data (which would point to bigger problems) being sent to servers outside the Government's control. The thought of NMCI going to Yahoo and asking them to wipe their terrabytes of hard drives simply to remove one FOUO memo is not something anyone wants to deal with. It is still unclear how restricting web access to these remote sites has anything to do with someone writing an auto-forward rule in Outlook. Keeping them from reading it is different than keeping them from sending it.
At some point it all comes back to trusting the users to follow the policy. If the policy states that DoN users are not allowed to access personal E-mail from an NMCI seat, then at some point that has to be good enough. People are going to put infected floppies, USB drives and CDs into their seats. People are going to forward inappropriate mail to outside addresses. People are going to visit compromised web sites with an outdated browser. People are going to open infected attachments received through NMCI/Outlook. Web-based E-mail is probably the least of our worries. Blocking major websites is nothing more than window dressing. Once again....
Very simply this is DoN policy. That's right folks, don't blame the good folks at EDS for this one. The Navy has deemed access to unofficial E-mail as an unacceptable risk to the integrity of their internal networks. Certainly users could unsuspectingly download a virus, worm, Trojan, malware or other Nasty in the form of an E-mail or attachment.
Yet one needs to ask, how is downloading such a threat from an E-mail site any more likely than acquiring one from a regular website? What makes web E-mail any more of a threat?
In fact, there are several things that make such a stance even more illogical and lay fallacy to the idea that web-based E-mail is a higher threat.
First, most large web-based E-mail services do scanning on attachments. Yahoo, AOL, Juno and others all scan their user's E-mail for suspicious items. So most of these sites are probably less likely to have dangerous code on them than millions of other regular websites.
Secondly, in the same vein, how are the file links on a regular website checked when a user clicks on them? Perhaps in the NMCI HTTP proxy system, but does this checking occur for SSL sites? Point is, if there is a threat on web mail sites, then there is a threat on all web sites. Maybe they should block access to everything except .mil and .gov sites. I know. Don't give them any ideas.
Third, many of the recent vulnerabilities publicized for Microsoft products do not need a user-executed code vector to do their business, they exploit flaws in the browser itself. There are several easily exploited weaknesses that Microsoft has been quick to address in its current Internet Explorer products and Windows XP-SP2. Once again we see the problems with having an outdated OS and application software on NMCI seats. So if the exploit is on the webpage itself, and has nothing to do with a user downloading a malicious attachment, some of the safest sites on the net would be reputable sites like Hotmail, Yahoo and AOL.
Lastly, we wonder where the NMCI proxy administrators got their list of web-based E-mail sites. How complete could it be? How many thousands of Squirrelmail sites and small ISP sites are out there?
Their method for "blocking" these sights appears to be little more than DNS modification. So someone at the central site has gone through the domain name servers and put manual entries in for things like mail.yahoo.com and www.hotmail.com. These new entries redirect the user to a warning banner instead of taking them to the requested mail web page. Of course this means that any local user (S&T .dev account not required) can modify their own hosts table to override these same DNS entries. For Windows 2000 users this means simply going into c:\winnt\system32\drivers\etc\hosts and placing a few entries like:
66.218.75.184 mail.yahoo.com
64.233.185.83 mail.google.com
In reality it would prove a little more difficult as many mail sites use many different host names and jump around during the user session. It all comes down to following the rules -- the admins can make things more difficult and keep out the casual user but if someone insists on breaking the rules, they will.
There was also widespread speculation that the stance resulted from (or the fear of) users forwarding Government E-mail to non-Government servers -- for whatever reason. This opens up the possibility of FOUO, Privacy Act, Procurement Sensitive and even classified data (which would point to bigger problems) being sent to servers outside the Government's control. The thought of NMCI going to Yahoo and asking them to wipe their terrabytes of hard drives simply to remove one FOUO memo is not something anyone wants to deal with. It is still unclear how restricting web access to these remote sites has anything to do with someone writing an auto-forward rule in Outlook. Keeping them from reading it is different than keeping them from sending it.
At some point it all comes back to trusting the users to follow the policy. If the policy states that DoN users are not allowed to access personal E-mail from an NMCI seat, then at some point that has to be good enough. People are going to put infected floppies, USB drives and CDs into their seats. People are going to forward inappropriate mail to outside addresses. People are going to visit compromised web sites with an outdated browser. People are going to open infected attachments received through NMCI/Outlook. Web-based E-mail is probably the least of our worries. Blocking major websites is nothing more than window dressing. Once again....
(Page 1 of 1, totaling 2 entries)
