Squishing Worms

By Larry Seltzer  |  Posted 2004-01-12 Print this article Print

..."> The transitional period for Domain Keys would also bring its share of problems. In the end, presumably any unsigned mail would need to be treated as untrusted; so once the switch is thrown and respectable people start enforcing authentication, anyone who doesnt implement the system will be unable to send e-mail to the respectable e-mail world. Trust me, Domain Keys would be on the front pages of every newspaper and even featured in an episode of Friends (or take your pick of a Top Ten show since Friends ends in May). Yet when it happens, expect that there will still be lots of people outraged that they didnt get sufficient notice. Look for lawsuits to commence.

Yahoo! disagrees on this point. In the news article linked above, Brad Garlinghouse, vice president for communication products at Yahoo said: "If we can get only a small percentage of the industry to buy in, we think it can have a dent."
Ive heard the same theory from other serious people in the industry. So, perhaps Im over reacting.

Yahoos plan goes beyond stopping spam. Halting phishing attacks and certain worms is also a major motivation for Yahoo. Consider the e-mail worms that appear to come from some address at Microsoft, such as Xombe, the most recent one, which appears to come from windowsupdate@microsoft.com. This kind of attack would never get through even the first time under Domain Keys, because it wouldnt actually come from the address it now appears to come from.

Speaking of worms, its worth noting that one of the major innovations in e-mail worm technology a couple of years ago was the inclusion of an SMTP engine as part of the worm code itself. All of these attacks would have to be upgraded by hackers to even attempt to function under domain keys. Domain Keys stops these worms from using their current mode of operation, which is to harvest addresses off the victims system and use them both as the senders address and the recipients. Since the worm wouldnt have access to the private key for the From: address domain, its progress is mostly stopped. The best the worm author could do (correct me if Im wrong) is to hard-code the private key for one domain or multiple domains to which he or she has access to the private key. This would be a bad idea (for them) for a couple reasons: one, it might make it easier to trace the author of the worm; two, either the site could be taken down or the keys regenerated and the worm would die quickly.

Next page: Can Yahoo Actually Do It?

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel