Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.2  Email
           9  2.2.3  Vulnerabilities

Previous Topic/Section
Implementation Flaws
Previous Page
Pages in Current Topic/Section
1
2
Next Page
2.2.3.2  Hoaxes
Next Topic/Section

2.2.3.1  Spam
(Page 1 of 2)

Spam is a registered trademark of Hormel, a US food company that has been gracious enough to not make a legal issue of its trademark being used for what is officially known as UCE or Unsolicited Commercial Email. (Thank you, Hormel.) UCE begins by 'harvesting' email addresses from web sites and selling millions of them for a fee to offer products or services. Based on my (Tcat) inbox, it appears that the number one purchaser of email addresses is the adult entertainment industry or phony products that offer to either improve my sex life or make me more attractive. I guess with an unusual first name it is difficult to determine if I am male or female, so I get offers to make something bigger for both genders. Home mortgage offers seem to be leading over credit card offers, followed by some phone services. UCE comes in two types of email. They are plain text or HTML based.

Plain text is the easiest type of spam to filter out. I use key words to filter them out to a folder to delete en mass. HTML is quite a bit sneakier. Because HTML email can tell a site I opened an email at a certain date and time, the sponsor knows they have a valid email address that they resell at a higher price. It doesn't matter that I deleted it, since the mere opening of the email even in preview mode triggers a validation that the email has been received and read, validating the address.

(Tip: Turn off that Outlook “preview pane” to keep Outlook from automatically opening these HTML-based Spam messages. Yes, it’s an inconvenience when viewing desired mail. And more Spam, caused by Outlook reporting a valid address back to a spammer’s web server is quite possibly more of an inconvenience.)

[spacer]Spammers Getting Even More Slimly

Ed Foster of InfoWorld reported a new twist on getting user to agree to install a virus
176. Tcat has been a big fan of using a personal firewall to not allow any outbound port 80 traffic with email. While that is pretty effective, some of the spammers are just going deeper as we will see.


Figure 21: Outlook Express trying to connect back to a spammer’s server.

 


Figure 22: But wait! It gets worse. My second example is Spam sent attempting to sell Norton Utilities (a Symantec company).

 


Some spammers are adding piracy and black mail to the bag of tricks according to Symantec177. Out-law.com reports 80% of spam has tracking software178


 __________________

176. http://www.infoworld.com/articles/op/xml/02/11/04/021104opgripe.xml

177. http://www.internetweek.com/security02/showArticle.jhtml?articleID=7800052

178. http://www.out-law.com/php/page.php?page_id=pressrele3360&area=about

Previous Topic/Section
Implementation Flaws
Previous Page
Pages in Current Topic/Section
1
2
Next Page
2.2.3.2  Hoaxes
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.