Outline for November 22, 2005

Reading: "FBI Alerts Public to Recent E-Mail Scheme," Federal Bureau of Investigation, Department of Justice (Nov. 21, 2005).

  1. Virus Defenses
    1. Can constrain case enough to locate specific malicious logic, using:
      1. Type checking (data vs. instructions)
      2. Limiting rights (sandboxing)
      3. Limiting sharing
      4. Preventing or detecting changes to files
      5. Prevent code from acting beyond specification (proof carrying code)
      6. Check statistical characteristics of programs (more authors than known, constructs in object files not corresponding to anything in the source)
  2. Safety on the Web: WWW
    1. Unfriendly applets
    2. Unfriendly images and pixels
    3. Site and content filtering software
    4. PHP, CGI, and all that: server side problems
    5. Redirection
    6. Naming problems
  3. Safety on the Web: Email
    1. Attachments, worms, and viruses
    2. Spam
      1. Joe jobs
      2. Relaying through third parties
      3. Zombies
    3. Anti-spam technologies
      1. Authentication and authorization services
      2. Reputation services
      3. Challenge-response
      4. Port blocking and rate limiting
      5. Preventing relaying
      6. Spam filtering
      7. Image blocking
    4. Phishing

Puzzle of the Day

When you examine a system for security problems, or design a system with strengthened security, creativity in anticipating problems is a major factor in the success of your work. Here are some creative answers to the riddle, "Why did the chicken cross the road?" A child might answer: "To get to the other side." But what would others answer?



Karl Marx:

Timothy Leary:

Captain James T. Kirk:


Jack Nicholson:

Oliver Stone:

Albert Einstein:

Ralph Waldo Emerson:

Ernest Hemingway:

Colonel Sanders:


Here is a PDF version of this document.