gnupg encrypted mail and malware/spam
Sun May 11 15:30:03 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Sunday 11 May 2003 12:28 pm, Thomas Scheffczyk wrote:
> Perhaps I'm to pessimistic, but I do not share the opinion that it would
> to much work for spammers to encrypt (not sign) their messages. I can
> imagine that the success ratio of an encrypted spam would be remarkably
> higher compared with a unencrypted and often filtered message :-(
When the spam filters can still operate on the decrypted message, I can't see
that it would succeed. Encrypted does not have to mean unfiltered. It just
changes the location from server to user. With an open source email client,
you could even adjust the program source code to do this without intervention
- - in between decryption and display.
Your basic problem is user training. You seem frightened that if the server
filters are bypassed that users will open any attachment, run any program and
visit any site listed inside the email. If this is the case, your only real
recourse is training. Alternatively, move to a more secure filesystem like
Unix/Linux where the root and system files are simply not visible to users,
so limiting any possible damage to user files. Even then, users will still
have to be taught the consequences of casual and irresponsible behaviour.
You cannot protect the users from themselves and IMHO GnuPG should not be
twisted into a means to protect the careless from their own mistakes /
> I guess that my question was a little misleading and to spam centric. A
> graphical firewall and a gateway for checked files would be a possible
> solution. Another solution would be to accept encrypted messages only
> for functional (i.e. non personal) mail to avoid any kind of key escrow
> for personal keys.
Just how are you going to implement that??? Bounce every message until you get
a valid account?? There are personal spam firewalls out there that can work
that way but these can prove unpopular.
> 'I do not fear 'ordinary' viruses or other malware. What i really fear
> is a sophisticated attacker that send on a very slow rate backdoors to
> single users in my network. I can not guarantee the really no user will
> start the program. If it is started, it's easy to create a backchannel
> over allowed traffic like http.'
You mean a Trojan? Or a root-kit? Then use an intrusion detection system, you
simply cannot cover every possibility that someone may use, to deliberately
install something like this, any other way. Email is not the only way to get
rooted - I wouldn't even think it was the most common.
> Does nobody fear this, too? I'm very surprised that this threat was
> never discussed in the context of public key infrastructures. I know a
The threat is nothing to do with GnuPG. You seem to be talking about a general
network security issue that is more related to keeping the OS up to date with
patches and general system maintenance. You are in danger of blaming the
messenger. Have you excluded all other routes? Instant Messaging? IRC?
Deliberate introduction by users? Known exploits?
'A sophisticated attacker' will not want to rely on a method that, in turn,
relies totally on a user decrypting a message and launching the attachment.
There would need to be some kind of inside knowledge that a specific user
would be likely to ignore all the basic security rules and willfully
compromise their own system. An attacker willing to put in that much work is
not going to stop if that method fails. Other attackers wouldn't even bother
with the encrypted route, there are far easier targets on a system.
> couple of big institutions (please apologize that I don't list the
> institutions right here) that do allow personal use of encryption, but
Probably because they don't understand it and / or are anxious to read all
outgoing mail. (Note lack of smiley - some companies would love to filter all
outgoing mail and probably already do.)
> only one (a health insurance company) was aware of this problem. (Their
> solution is to allow cryptography only for special messages like data
> exchange with universities ;-)
Then it sounds like they don't understand the issue. Personal encryption can
be as much about prevention of identity fraud as 'subterfuge'. I sign emails
because I don't want anyone else to be able to pose as me. I encrypt personal
data so that it cannot be used to allow an attack to proceed beyond the
compromised machine. (There may be other ways for an attacker to get to the
next machine but it won't be by finding copies of passwords etc. lying around
on the system.) Encryption can be part of your security and can be used to
halt an incursion that has been made using other methods. If all users
encrypted their passwords and other personal ID data with their own personal
keys, it could be made much harder for attackers to move from one compromised
machine to the next. (Assuming of course, that the original passwords are
half-way decent in the first place and not going to be cracked with a simple
No one program or principle can give you security - the point is to target the
weakest link. Only worry about encrypted emails when all other targets are
removed. In the meantime, get an intrusion detection program.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----