funsec mailing list archives
Re: Department of Defense Now Blocking HTML Email
From: "Dr. Neal Krawetz" <hf () hackerfactor com>
Date: Thu, 28 Dec 2006 11:54:11 -0700 (MST)
On Wed Dec 27 18:04:33 2006, Paul Vixie wrote:
it's about time.
:-) Actually, some gov groups (including DoD) have been doing this for months, and a few have been doing it for years. It's only become public-knowledge recently. However, there are some dos and don'ts that are not mentioned in the /. article. 1. If you need to send them a URL, don't just include it. Something like "http://it.slashdot.org/article.pl?sid=06/12/24/1922216" in a plain text document is likely to have the entire email filtered. Instead, add spaces to bypass the spam filter: http :// it.slashdot.org /article.pl ?sid =06/12/24/ 1922216 Be sure to state something like "spaces added to bypass spam filters." This way, if an admin looks at the funny email, they will clearly see that it is not spam and not trying to hide anything. Other tricks include using "ptth://", changing slashes to underscores, or base64-encoding the entire URL: Try this site! (It's base64 encoded to bypass spam filters.) aHR0cDovL2l0LnNsYXNoZG90Lm9yZy9hcnRpY2xlLnBsP3NpZD0wNi8xMi8yNC8xOTIyMjE2 2. Don't include attachments. Some gov groups are more picky than others. From my experience, any ZIP, RAR, TAR, archive attachment is a sure-fire way to be blocked. Even encrypted zip files get stopped by some gov filters. Your best bet? PGP -- these get through. A PGP encrypted attachment is fine. Alternately, encrypt the archive and put it on your web site, then send them the URL (with spaces). The encryption prevents someone else from reading the data. 3. If the source is available publicly, send them the URL (with spaces). Some people like to use Outlook to forward copies of web sites -- don't do this because it will be filtered. 4. If you use Outlook, TURN OFF the send-as-HTML option. Outlook allows you to send emails as text, HTML, RTF, or some combination. Just use plain text. (A better option? Don't use Outlook.) 5. An amazingly large number of gov people also have gmail, yahoo, and hushmail accounts. If you ask for a non-".gov" email address, you can probably send them HTML documents. However, I strongly recommend AGAINST sending any secret/sensitive documents to these non-gov addresses. (E.g., Does anyone else know that Gmail stores emails indefinitely? And if you delete the email, they still hold it for at least 2 months?) Some side notes: - Yes, sensitive information IS still being sent via email. Live with it. - Don't start a contact with a non-gov email address. Start with a gov address and then move to a non-gov. Otherwise, you are ripe for being phished, owned, etc. 6. Don't use return-receipt or disposition notifications in your emails. IMHO, they have never generated replies from gov groups and could trigger spam filters. When email is rejected, you usually get a bounce message. (Makes them ripe for a smurf-by-email attack.) However, some gov filters silently drop. Be sure to ask for confirmation if the email is important to you. (Some groups, like the FBI, are notorious for silently receiving emails. Even if you ask for an ACK, they won't reply. This does not mean that it was not received, only that they didn't ACK.) If you are a Gov person, consider sending a simple "Got it" or "Received" email so the sender isn't left hanging and wondering about your filter. This doesn't need to be a wordy paragraph or status update, just a simple confirmation of receipt. It also shouldn't be automated since you don't want to ACK spam emails. :-) -Neal -- Neal Krawetz, Ph.D. Hacker Factor Solutions http://www.hackerfactor.com/ Author of "Introduction to Network Security" (Charles River Media, 2006) and "Hacking Ubuntu" (Wiley, 2007)
http://it.slashdot.org/article.pl?sid=06/12/24/1922216 "The Department of Defense (DoD) has taken the step of blocking HTML-based email. They are also banning the use of Outlook Web Access email clients. The DoD is making this move because HTML messages can easily be infected with spyware and executable lines of code that enable hackers to access DoD networks, according to an article in Federal Computer Week by Bob Brewin . A spokesman for the Joint Task Force for Global Network Operations (JTF-GNO) claims that this is a response to an increased network threat condition. The network threat condition has risen from Information Condition 5 to Information Condition 4 (also called Infocon 4). InfoCon 5 is normal operating conditions and Infocon 4 comes as a result of 'continuing and sophisticated threats' against DoD Networks. The change to Infocon 4 came in mid-November, after the Naval War College suffered devastating attacks that required their entire system be taken offline, but the JTF-GNO spokesman claims there is no connection."
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Department of Defense Now Blocking HTML Email Paul Vixie (Dec 27)
- Re: Department of Defense Now Blocking HTML Email Dr. Neal Krawetz (Dec 28)