Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Spam pinning... or something like that

621 views

Published on

My BruCON 2011 lightning talk slide deck. Introducing my new research project. Feedback welcome!

Simplistic design of this slide deck was used for a reason.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Spam pinning... or something like that

  1. 1. SPAM pinning... Tomasz Miklas @tomaszmiklas BruCON 2011 or something like that
  2. 2. Why? <ul><li>Almost every on-line service wants yo know your e-mail addres </li></ul><ul><li>Deja'vu - It' not a matter of “IF”, it's a matter of “WHEN”... </li></ul><ul><li>Whatever the reason, result is the same - you get more spam :-( </li></ul><ul><li>You want to track all those leaks but... how do you do it?! </li></ul>
  3. 3. Idea #1 <ul><li>Use different e-mail address </li></ul><ul><li>for every on-line service </li></ul><ul><li>you sign up for! </li></ul>
  4. 4. Idea #2 <ul><li>Have one real account, </li></ul><ul><li>use '+' to differentiate/filter </li></ul><ul><li>[email_address] </li></ul>
  5. 5. Idea #3 <ul><li>Use disposable e-mail addresses </li></ul>
  6. 6. SPAM pinning <ul><li>... to be able to point finger at someone </li></ul><ul><li>knowing he/she/they did it ... </li></ul>
  7. 7. honeymail.net <ul><li>Merge all of the ideas in one place... </li></ul><ul><li>Make it relatively easy to use (I hope) </li></ul><ul><li>Dig into meta data </li></ul>
  8. 8. What it does? <ul><li>Generate one-off email alias and forward </li></ul><ul><li>all emails received to the alias owner </li></ul><ul><li>Warn them when comes from </li></ul><ul><li>an “unexpected” source </li></ul>
  9. 9. Current status <ul><li>Project is running for 1 week so far... </li></ul><ul><li>Some people find it entertaining :-o </li></ul>
  10. 10. Interesting fact! <ul><li>honeymail.net registered on 1 June 2011 </li></ul><ul><li>On 1 September 2011 </li></ul><ul><li>~20 spam mails per day! </li></ul>
  11. 11. What next? <ul><li>More analysis ideas coming up </li></ul><ul><li>all based only on headers </li></ul><ul><li>New ideas/feedback welcome – share yours </li></ul>
  12. 12. Before you ask... <ul><li>Yes Sherlock... scripts can and do read </li></ul><ul><li>your e-mails (headers only) </li></ul><ul><li>to decide what to do next </li></ul><ul><li>Results: Forward/Drop </li></ul>
  13. 13. If you speak Perl <ul><li>sub processMessage($) { </li></ul><ul><li>open (MSG, $_[0]); </li></ul><ul><li>my $email = Email::MIME->new(join '',(<MSG>)); </li></ul><ul><li>close (MSG); </li></ul><ul><li>my $full_from = $email->header(&quot;From&quot;); </li></ul><ul><li>my ($from) = $full_from =~ /<(.*?@.*?)>/; </li></ul><ul><li>my $full_to = $email->header(&quot;To&quot;); </li></ul><ul><li>my ($to) = $email->header(&quot;To&quot;) =~ /<(.*?@.*?)>/ ? $email->header(&quot;To&quot;) =~ /<(.*?@.*?)>/ : $email->header(&quot;To&quot;); </li></ul><ul><li>my ($subject) = $email->header(&quot;Subject&quot;); </li></ul><ul><li>return ('full_from'=>$full_from, 'from'=>$from, 'full_to'=>$full_to, 'to'=>$to, 'subject'=>$subject); </li></ul><ul><li>} </li></ul>
  14. 14. … and if you don't <ul><li>Ask someone that does... </li></ul><ul><li>… or trust me :-P </li></ul>
  15. 15. Where do I start? <ul><li>Some updates at @HoneymailNet </li></ul>
  16. 16. Questions? <ul><li>Grab me after the talk </li></ul><ul><li>or follow me on Twitter </li></ul><ul><li>@tomaszmiklas </li></ul>

×