Re: Department of Defense Now Blocking HTML Email

["Dr. Neal Krawetz" <hf () hackerfactor com>]

On Wed Dec 27 18:04:33 2006, Paul Vixie wrote:
> it's about time.

:-)
Actually, some gov groups (including DoD) have been doing this for
months, and a few have been doing it for years.
It's only become public-knowledge recently.

However, there are some dos and don'ts that are not mentioned in the /.
article.

1. If you need to send them a URL, don't just include it.
   Something like "http://it.slashdot.org/article.pl?sid=06/12/24/1922216";
   in a plain text document is likely to have the entire email filtered.
   Instead, add spaces to bypass the spam filter:
     http :// it.slashdot.org /article.pl ?sid =06/12/24/ 1922216

   Be sure to state something like "spaces added to bypass spam filters."
   This way, if an admin looks at the funny email, they will clearly see
   that it is not spam and not trying to hide anything.

   Other tricks include using "ptth://", changing slashes to underscores,
   or base64-encoding the entire URL:
     Try this site!  (It's base64 encoded to bypass spam filters.)
     aHR0cDovL2l0LnNsYXNoZG90Lm9yZy9hcnRpY2xlLnBsP3NpZD0wNi8xMi8yNC8xOTIyMjE2

2. Don't include attachments.  Some gov groups are more picky than others.
   From my experience, any ZIP, RAR, TAR, archive attachment is a sure-fire
   way to be blocked.  Even encrypted zip files get stopped by some
   gov filters.
   Your best bet?  PGP -- these get through.  A PGP encrypted attachment
   is fine.
   Alternately, encrypt the archive and put it on your web site, then
   send them the URL (with spaces).
   The encryption prevents someone else from reading the data.

3. If the source is available publicly, send them the URL (with spaces).
   Some people like to use Outlook to forward copies of web sites -- don't
   do this because it will be filtered.

4. If you use Outlook, TURN OFF the send-as-HTML option.
   Outlook allows you to send emails as text, HTML, RTF, or some
   combination.  Just use plain text.
   (A better option?  Don't use Outlook.)

5. An amazingly large number of gov people also have gmail, yahoo, and
   hushmail accounts.  If you ask for a non-".gov" email address, you can
   probably send them HTML documents.  However, I strongly recommend
   AGAINST sending any secret/sensitive documents to these non-gov addresses.
   (E.g., Does anyone else know that Gmail stores emails indefinitely?
   And if you delete the email, they still hold it for at least 2 months?)
   Some side notes:
   - Yes, sensitive information IS still being sent via email.  Live with it.
   - Don't start a contact with a non-gov email address.  Start with a
     gov address and then move to a non-gov.  Otherwise, you are ripe for
     being phished, owned, etc.

6. Don't use return-receipt or disposition notifications in your emails.
   IMHO, they have never generated replies from gov groups and could trigger
   spam filters.

When email is rejected, you usually get a bounce message.  (Makes them
ripe for a smurf-by-email attack.)  However, some gov filters silently
drop.  Be sure to ask for confirmation if the email is important to you.
(Some groups, like the FBI, are notorious for silently receiving emails.
Even if you ask for an ACK, they won't reply.  This does not mean that it
was not received, only that they didn't ACK.)

If you are a Gov person, consider sending a simple "Got it" or "Received"
email so the sender isn't left hanging and wondering about your filter.
This doesn't need to be a wordy paragraph or status update, just a simple
confirmation of receipt.  It also shouldn't be automated since you don't
want to ACK spam emails.

:-)

                                        -Neal
--
Neal Krawetz, Ph.D.
Hacker Factor Solutions
http://www.hackerfactor.com/
Author of "Introduction to Network Security" (Charles River Media, 2006)
and "Hacking Ubuntu" (Wiley, 2007)


> http://it.slashdot.org/article.pl?sid=06/12/24/1922216
>
> "The Department of Defense (DoD) has taken the step of blocking HTML-based
> email. They are also banning the use of Outlook Web Access email clients. The
> DoD is making this move because HTML messages can easily be infected with
> spyware and executable lines of code that enable hackers to access DoD
> networks, according to an article in Federal Computer Week by Bob Brewin . A
> spokesman for the Joint Task Force for Global Network Operations (JTF-GNO)
> claims that this is a response to an increased network threat condition. The
> network threat condition has risen from Information Condition 5 to Information
> Condition 4 (also called Infocon 4). InfoCon 5 is normal operating conditions
> and Infocon 4 comes as a result of 'continuing and sophisticated threats'
> against DoD Networks. The change to Infocon 4 came in mid-November, after the
> Naval War College suffered devastating attacks that required their entire
> system be taken offline, but the JTF-GNO spokesman claims there is no
> connection."

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.