Spoofing 1 Spoofing defined loosely Making an email
- Slides: 34
Spoofing 1
Spoofing defined (loosely) • Making an email appear to be from someone other than the actual sender • Common with spam for years – usually made-up addresses. Legitimate addresses in recent years • Almost expected with virus mail since mid 2004 – generally using valid addresses 2
Compare to postal mail (a very facetious example) • I want to send you some anthrax • I don’t want to get caught • I put Doug Sasser’s return address on the envelope • Is Doug now responsible for the problem? • If you received such an envelope “from” Doug, how likely would you be to open it? 3
A few minutes of fun • Handout 32 (which itself has questionable origins) • I’m not responsible for some of the thoughts/language here! Redistribute with discretion • Take just a moment to browse 4
Washington Post Mensa Invitational (supposedly) Readers are asked to take any word from the dictionary, alter it by adding, subtracting, or changing one letter, and supply a new definition 5
#3 Bozone (n. ) The substance surrounding stupid people that stops bright ideas from penetrating. The bozone layer, unfortunately, shows little sign of breaking down in the near future. Maybe a substance surrounding bright people that lets stupid ideas in? 6
#7 Sarchasm The gulf between the author of sarcastic wit and the person who doesn't get it 7
#14 Dopeler effect The tendency of stupid ideas to seem smarter when they come at you rapidly A key ingredient in spoofing, pfishing, and other deceit 8
Demailing (not from the Mensa list) Shutting off Internet access to people who forward bad jokes, pyramid schemes and anything that says "Send this to all your friends!" 9
OK, Back to our subject • Why does the “Dopeler” effect sometimes apply to really bright people? • Even those working for churches? The tendency of stupid ideas to seem smarter when they come at you rapidly 10
What should people know? (NOT what do they know!) • Some healthy suspicion (paranoia) • Doesn’t matter who an email appears to be from • Every attachment has some risk • Links in HTML messages have risk • Spammers are liars • Beware urgent appeals 11
Spoofing • Handout 17 • FROM addresses are not to be trusted • NDRs and other system messages need to be viewed suspiciously – Please don’t automatically ignore ALL system messages! (especially NDRs for messages you did send!) See handout 18 (later) • Psychology & deceit – watch out! 12
Attachment safety • • • Blocking (firewalls) is a great start Use other technologies as available Skip ahead to Handout 24 (Only Open) Consider these rules for your staff If not these rules, something similar 13
Some sample email messages 14
15
16
17
18
19
20
21
22
23
24
25
26
27
Recognizing spoofs • Sometimes you have to dig deeper and look at the headers. Refer back to handout 11 • Urgency is often a warning signal • Remember the “social engineering” discussion? 28
• Time for a breather. You might enjoy the story on the following slide. (sorry for the small print) 29
Dialog from a Tonight Show. . . Johnny Carson. . . His guest was Lee Marvin. Johnny said. . . "Lee, I'll bet a lot of people are unaware that you were a Marine in the initial landing at Iwo Jima. . . and that during the course of that action you earned the Navy Cross and were severely wounded. " And you know how Lee was. . . "Yeah, yeah. . . I got shot square in the a** and they gave me the Cross for securing a hot spot about halfway up Suribachi. Bad thing about getting shot up on a mountain is guys gettin' shot hauling you down. But Johnny, at Iwo I served under the bravest man I ever knew. . . We both got the Cross the same day but what he did for his Cross made mine look cheap in comparison. The dumb bastard actually stood up on Red Beach and directed his troops to move forward and get the hell off the beach. That Sgt. and I have been life long friends. . . When they brought me off Suribachi we passed the Sgt. and he lit a smoke and passed it to me lying on my belly on the litter. . . "Where'd they get you Lee? ". . "Well Bob. . . if you make it home before me, tell Mom to sell the outhouse. ". . . "Johnny, I'm not lying. . . Sgt. Keeshan was the bravest man I ever Knew – Bob Keeshan -- You and the world know him as Captain Kangaroo. " http: //www. snopes. com/military/keeshan. htm 30
Spam/Virus/Spyware merger? (anti-spam, malware, spoofing combined? ) • What if virus writers and spammers worked together to obtain more email addresses? • What if the spyware community joined in? • You might get “botnets” • What are the capabilities of millions of zombie machines, awaiting a command? 31
Botnets exist now • You probably receive mail from them every day (especially spam, for now) • How’s your protection system? 32
What’s the next action? • Any “take-aways? ” • Anything for your My Actions page? 33
34
- Well defined set example
- Apa itu spoofing
- Rfc 1631
- What is web spoofing
- "mitm" -man-in-the-middle -spoofing
- Hijacking attacks
- Peas for interactive english tutor
- Dhcp spoofing ettercap
- Spoofing
- Function of inferential claim
- Examples of oligarchy
- Highly aligned loosely coupled meaning
- Broad gently sloping volcano
- Action reaction and momentum conservation
- Free body diagram football
- Loosely framed shot
- Loosely organized groups who share interests and activities
- Draw the block diagram of 8086 microprocessor
- Netflix freedom and responsibility
- Steep sided volcano made of loosely packed tephra
- Delivering lines based loosely on the written
- Formal informal email
- Making inferences
- War making and state making as organized crime
- Sales resistance is defined as a buyer's:
- How is personality defined module 55
- An opsec indicator is defined as:
- Sdn vs traditional networking
- Four basic needs of material management
- Usability is defined by 5 quality components
- Customer defined service standards
- Elixir definition
- What does etvx stands for and where it is defined generally
- Customer defined service standards
- Learning can be defined as