Wednesday, March 25, 2009

Wireless service "steals" and proxies emails

Wireless (swisscom) at hotel steals my email messages and relays through a proxy rather than my MTA! WTF!!

Even "experts" can be fooled.

I automatically clicked "YES" on accepting the SSL certificate, I'm ashamed!

I know it is self-signed and therefore gives an error (I installed a new mail client).
Regardless of it being the first time, I would have liked the violations (self-signed and unknown) to be written in red, on separate lines. Make it a bit more user friendly so that at least folks who care about security are not tempted to act as lusers and click "yesyesyes".

No wonder a friend bounced my emails, they were being relayed from a non-authoritative MTA for
: host[] said: 554 5.7.1
: Client host rejected:
Access denied (in reply to RCPT TO command)

linuxbox's log file:
Mar 25 ... linuxbox ...>, proto=ESMTP, daemon=MTA, []


Worse still, this is the first time in ages I use a GUI client, so my mistake was installing it for the first time on a wireless hotel network.

Well, we learn.

These are called "transparent proxies" and apparently "everyone" does that. It helps, among other things, control outgoing spam from users.

One suggestion was to use submission on port 587 with STARTTLS

Update #2:
So I didn't click "yesyesyes" after all, I configured it wrong.
In Thunderbird I needed to set up encryption for SMTP regardless of what I set for the account. I was set to "tls, if available" so I was never alerted.

Gadi Evron,

Follow me on twitter!

Phishing attacks against ISPs (also with Google translations)

In this email message I'd like to discuss two subjects:
a. Phishing against ISPs.
b. Phishing in different languages against ISPs as soon as Google adds a new translation module.

[My apologies to those who receive this email more than once.]

In the past few weeks there has been an increasing number of phishing attacks against clients of Israeli ISPs. I've only seen a few of these, but the local ISPs confirm it's happening across the board.

In all these cases, the phishing email is in Hebrew.

While we have seen ISP phishing and Hebrew phishing before, these attacks started when Google added translation into Hebrew.

Is this a trend? Have other countries (or populations) been targeted when Google added a translation module for more languages?

a. Some Israeli ISPs emailed their clients warning against such attacks. Saying they'd never ask for their password, etc.

b. While I was certainly heavily involved with phishing originally and even started the first coordination group to deal with the issue, I am somewhat removed from it now, dealing more with phishing/banking Trojan horses.
Can anyone educate me as to how often ISPs get phished, if at all?

c. If you get phished, what strategies if any have you taken to prevent the attacks/respond to them/educate your clients? What worked?

d. I wonder if these translation misuses could eventually translate into some intelligence we will see in Google security reports, such as on malware.

Gadi Evron,

Follow me on twitter!

Friday, March 20, 2009

My Blog on Dark Reading

I recently started blogging for Dark Reading, I will still be blogging here, but what I write there is for Dark Reading alone.

I noticed that because I didn't write for a while, my writing became rather poor (in my taste). I constantly move between between official and personal language, and find it more difficult to write short, and to the point. But I'm getting there.

So far I posted two blogs:
German Intelligence Caught Red-Handed In Computer Spying, Analysis
According to German Web site Der Spiegel, the German foreign intelligence agency BND has supposedly been spying on computer systems around the world in the past couple of years.

Everyone does it. Why not governments?

Authoritatively, Who Was Behind The Estonian Attacks?
In the past couple of weeks the press has been humoring a couple of rumors about who was behind the 2007 cyberattacks against Estonia [PDF]. During these attacks, Estonia's infrastructure, which relies heavily on the Internet, nearly collapsed.

This is not the first time such baseless attributions were made.

I was in Estonia when the attacks occurred. I wrote the post-mortem analysis and recommendations for the Estonian CERT, and I am going to authoritatively show you why these claims are baseless. I will list these accusations and responsibility claims, and show you why they should be ridiculed.
Gadi Evron,

Follow me on twitter!

Wednesday, March 11, 2009

Parliamentary debate at an Anime convention

Today I came across an event announcement for Anime-expo, which was:
A debate tournament. At an Anime con! :)

I considered implementing something similar myself for defcon (THE security and hacking conference).

I've just shared this with about 500 other con organizers in the scifi and Anime realms, so I think things are about to become interesting.

Finding it, I had to share, it's a grand idea!

You will be hearing more from me on this. Perhaps a plan on how to combine a British Parliamentary Debate with a fan convention is an article I need to write?

Gadi Evron,

Follow me on twitter!

Monday, March 02, 2009

Deceptive use of language in conference advertisement [and on the difference between communication and manipulation]

[This was originally written for a community of science fiction con runners, which is why it has that clear theme. I altered it to fit the subject I ended up with.]

I just came across a blog post (linked at the bottom of my post), where the author discusses an email he received, advertising a conference in a deceptively persuasive fashion.

While I use the "scarcity" "trick" myself, I make sure and use it only when seats really are running out, and once at the beginning--Alerting people to how many seats we have as they all already know we will run out very quickly.

That of course refers to another "trick" the author mentions--social proof. Looking back at my "spam" emails I don't abuse it beyond the mentioning the seats available, in any advertisement. But I do make use of it, I know people who go to the con enjoy themselves, and discuss it amongst themselves and with their peers. I enjoy the back-lash email bombardment of "I really wanted to make it" as it helps me help others make it next time.

There is a downside to understanding persuasion. Our knowledge of it.

After being exposed to quite a bit of manipulation, especially in corporate environments and around Washington DC, I became _aware_ (apologies for use of new age terminology) that it "exists". Later on I was disturbed by finding out the same tools in my repertoire (or weapons in my arsenal if you like) I've used in good communication are used in manipulation as well. This made me think quite a bit if others, and myself, are acting in a manipulative fashion.

The difference between communication and manipulation is tricky at best. It is in Intent (of attacker) and Perspective (of victim), and we can add a third category of examination, the X, or Asimov "Mule", factor--Specific incident--which might change our normal understanding in specific odd-ball cases. Both in the decent meaning of influence, in good communication, and in the "evil" one, manipulation, noticing that I, or others, say or do something which answers to one of these possible "tricks" of influence immediately puts it under scrutiny of self-awareness (apologies for new-agey term) if it makes use of any of these "tricks".

Robert Cialdini in his book "Influence: Psychology of Persuasion" takes apart a sub-set of the world of influence and helpfully puts it into clearly defined and named categories by the use of terminology. That, not the text, is the greatest asset of the book.

He often mentions how all these tools of persuasion are really normal tools humans use to avoid over-loading with needless, indeed countless, decisions that spam our daily lives, and to make better decisions to boot (everybody buys an iphone, it *must* be better! it sure is cool, though). Knowing about how these work though, means the con artists, sales people, etc. will use them against us.

But as people who run conventions and conferences, how do we both use, and abuse, these "tricks" of influence? How can we make better use of them, and avoid being deceptive?

Notice yourself using it in your advertisement? Feeling left out as you are not a convention/conference manager? Have any anecdote from your position.. or daily life?

You can view the discussed blog which inspired this post, here:

Gadi Evron,

Follow me on twitter!