Monday, June 23, 2008

E-mail spoofing

E-mail spoofing is a term used to describe fraudulent email activity in which the sender address and other parts of the email header are altered to appear as though the email originated from a different source. E-mail spoofing is a technique commonly used for spam e-mail and phishing to hide the origin of an e-mail message. By changing certain properties of the e-mail, such as the From, Return-Path and Reply-To fields (which can be found in the message header), ill-intentioned users can make the e-mail appear to be from someone other than the actual sender. It is often associated with website spoofing which mimics an actual, well-known website but are run by another party either with fraudulent intentions or as a means of criticism of the organization's activities. The result is that, although the e-mail appears to come from the email indicated in the "From" field (found in the email headers) it actually comes from another e-mail address, probably the same one indicated in the "Reply To" field; if the initial e-mail is replied to, the delivery will be sent to the "Reply To" e-mail, that is, to the spammer's email.

Monday, June 16, 2008

Difficulties with e-mail forwarding

There are some additional details when an e-mail forwarder is involved. Forwarders perform a useful service in allowing you to have one simple permanent address, even if you change jobs or ISPs. List servers perform a similar function, forwarding e-mail to many receivers on behalf of one sender. Forwarders pose no problem for an end-to-end authentication method like DKIM and DomainKeys, as long as the signed message is not modified (some lists do this).

CSV limits its focus to one-hop authentications. SPF and SenderID have in essence the same limitation, they don't work directly behind the "border" ( MX ) of the receiver. For SPF forwarders to third parties could rewrite the Return-Path (MAIL FROM) in a similar way like mailing lists. This approach emulates the SMTP behaviour before RFC 1123 deprecated source routes; for a technical explanation see SRS.

For SenderID, forwarders to third parties and mailing lists are asked to add a Sender: or Resent-Sender: header. For many mailing lists, the former is already the case, but other forwarders avoid any modifications of the mail in addition to the mandatory Received-timestamp line.

Use of a forwarder prevents the receiver from directly seeing the sender's IP address. The incoming IP packets have only the forwarder's IP address. Two solutions are possible if one can trust all forwarders. Either one trusts the forwarder to authenticate the sender, or one trusts the forwarder to at least accurately record the incoming IP address and pass it on, so one can do their own authentication.

The situation gets complicated when there is more than one forwarder. A sender can explicitly authorize a forwarder to send on its behalf, in effect extending its boundary to the public Internet. A receiver can trust a forwarder that it pays to handle e-mail, in effect designating a new receiver. There may be additional "MTA relays" in the middle, however. These are sometimes used for administrative control, traffic aggregation, and routing control. All it takes is one broken link in the chain-of-trust from sender to receiver, and it is no longer possible to authenticate the sender.

Forwarders have one other responsibility, and that is to route Bounce messages (a.k.a. DSNs) in case the forwarding fails (or if it is requested anyway). E-mail forwarding is different from remailing when it comes to which address should receive DSNs. Spam bounces should not be sent to any address that may be forged. These bounces may go back by the same path they came, if that path has been authenticated.

Wednesday, June 11, 2008

Concurrent Versions System

In the field of software development, the Concurrent Versions System (CVS), also known as the Concurrent Versioning System, provides a version control system based on open-source code. Version control system software keeps track of all work and all changes in a set of files, and allows several developers (potentially widely separated in space and/or time) to collaborate. Dick Grune developed CVS in the 1980s. CVS has become popular in the open source software world and is released under the GNU General Public License.

Monday, June 02, 2008

Robot software

Robot software is the coded commands that tell a mechanical device (known as a robot) what tasks to perform and control its actions. Robot software is used to perform tasks and automate tasks to be performed. Programming robots is a non-trivial task. Many software systems and frameworks have been proposed to make programming robots easier.

Some robot software aims at developing intelligent mechanical devices. Though common in science fiction stories, such programs are yet to become common-place in reality and much development is yet required in the field of artificial intelligence before they even begin to approach the science fiction possibilities. Pre-programmed hardware may include feedback loops such that it can interact with its environment, but does not display actual intelligence.

Currently, malicious programming of robots is of some concern, particularly in large industrial robots. The power and size of industrial robots mean they are capable of inflicting severe injury if programmed incorrectly or used in an unsafe manner. One such incident occurred on 21 July 1984 when a man was crushed to death by an industrial robot. That incident was an accident, but shows the potential risks of working with robots. In science fiction, the Three Laws of Robotics were developed for robots to obey and avoid malicious actions.