Spam Flashcards
(26 cards)
What is email spam according to the Text Retrieval Conference?
Unsolicited, unwanted email sent indiscriminately by a sender with no current relationship with the recipient.
What is the prevalence of spam in internet emails?
90% of internet emails are spam. Akismet blocks 60 billion spams annually.
Which countries are major sources of spam, and what are their percentages?
India (12.19%), USA (7.06%), Italy (6.95%).
How are email addresses obtained for spam?
Harvested from websites, sold as lists, or obtained via malicious QR code links.
What is Web2.0 spam (Spam2.0)?
Junk posts, ads on blogs, malicious wiki edits, incorrect tags in documents/bookmarks to redirect traffic.
What was the first spam-fighting software, and how did spammers adapt?
CancelBot was the first. By 1997, spammers obfuscated spam to evade primitive filters, some of which were commercial.
How do Realtime Blacklists (RBLs) work to combat spam?
Use DNS lookups to check an email’s originating IP against a list of spammer networks, blocking traffic from identified sources.
What are the disadvantages of using RBLs?
Reactive, doesn’t stop initial spam floods; IPs change due to company takeovers; innocent IPs get listed due to malware. Use with SpamAssassin, not alone.
What are the ideal characteristics of malware from an author’s perspective?
Hard to detect, not easily removed, spreads widely, reinfects programs, easy to create, machine/OS independent, often one-time execution (e.g., email opening).
Describe the limousine reservation company hack and its impact.
Hackers exploited a ColdFusion vulnerability, exposing personal/financial data of 850,000 customers, including CEOs/celebrities’ credit card numbers, names, addresses, and travel plans.
What are the common delivery methods for malware?
Emails/documents with code, files, boot sectors, peer-to-peer sharing, remote exploitation of vulnerabilities, multiple methods combined.
Why is preventing viruses challenging with modern file types?
Executables hide in documents (e.g., .doc, spreadsheets) via embedded code. File type is hidden in a field, exploitable despite incorrect suffixes. Even read-only documents/pictures can conceal code.
How do air-gapped systems like SACCS enhance security?
Physically separated from the internet (no IP address). SACCS uses old computers, now with solid-state storage instead of floppies, maintained by specialists to ensure reliability/security.
What are safe electronic contact procedures to prevent malware?
Use trusted software, test on isolated systems/VMs with updated scanners, open only known safe attachments, avoid peculiar messages, maintain recoverable system images, back up executables, use updated virus detectors.
What are key information security standards mentioned?
NCSC’s Rainbow Books (e.g., Orange Book/TCSEC, C2 as de facto commercial standard), Common Criteria (2005, replaced TCSEC), ISO17799:2005 (code of practice). NCSC rates products for certification.
What is the difference between discretionary and mandatory access control?
Discretionary: User-controlled credentials (e.g., ID/password). Mandatory: System-controlled credentials (e.g., IP/MAC address).
How does discretionary access control (DAC) function?
Users with rights to an object can extend those rights to others. Subdirectories inherit rights. System enforces compliance (e.g., minimum 6-character passwords). C2 offers finer control than C1.
What are the C2 requirements for a trusted system?
Security policy, accountability, assurance, documentation. Ensures fine-grained DAC, individual accountability via login, resource isolation, and auditing.
What is the C2 security policy requirement?
Explicit policy enforces access rules for subjects/objects. Mandatory controls restrict sensitive data; discretionary controls limit access to selected users. TCB controls access and prevents unauthorized restoration.
What is the Trusted Computing Base (TCB)?
All protection mechanisms (hardware, software, firmware) in a system, ensuring integrity for processing sensitive information. Predictable behavior builds trust; a breach in one TCB can compromise networked systems.
What are the reference monitor and security kernel in a trusted system?
Reference monitor mediates object relationships, enforcing DAC. Security kernel (hardware/software) implements it, mediating all accesses, protecting itself from tampering.
What is the “need to know” principle in security?
Access to objects (e.g., files) is granted only if the requester has a legitimate need. Systems enforce controls to prevent circumvention.
How does C2 discretionary access control ensure security?
TCB controls access between named users/objects using mechanisms like access control lists, limiting sharing to authorized individuals/groups, with single-user granularity.
Why is object reuse prevention critical in C2 systems?
Prevents unauthorized restoration of deleted files or data, ensuring no residual data can be accessed by malicious users.
