OSU CS373 - Defense Against the Dark Arts

These final weeks will pivot from personal computers to mobile devices. It is worth noting how new the technology is despise the overwhelming presence in today's society. source: lecture slides, Defense Against the Dark Arts, CS373, Oregon State University There are a couple of ways to get around the system's security. In iOS, jailbreaking can be done to run third party applications. In Android, the OS can be rooted which allows root access to the system. Android security has had enhancements with every new version of the operating system. The following timeline is outdated but it gives a nice overview of the beginning of mobile platforms. source: lecture slides, Defense Against the Dark Arts, CS373, Oregon State University Timeline of mobile malware: The first botnet called YXES was detected in Symbian in 2009, the malware was passed via SMS IKEE - first iIS malware detected in November 2009. It only targeted jailbroken iPhones. FakePlayer was the first Android ...

This week we will be focusing on messaging security, or email security. Several terms will be defined and used this week. Spam - illegitimate email message that is phishing or intending to do harm Ham - legitimate email message Spamtrap/honeypot - an email address or domain that doesn't have any filtering on it to collect spam. The spam is then analyzed to study spam trends Botnet - a collection of computers that have been hijacked to perform an action (such as spamming) that the end user does not condone Snowshoe spam - distributed spamming efforts across a broad footprint Phishing - a general spam message that tries to get information that targets a wide demographic Spear Phishing - a targeted phishing attack against a specific person or demographic Realtime Blackhole List (RBL) - a list of known IPs that send spam Heuristics - a spam detection technique that uses basic feature matches (strings, sender, etc) to detect spam. If a message matches the phrase "buy <...