On Fri, 2011-03-18 at 20:58 -0700, jdow wrote:
> On 2011/03/18 19:08, Karsten Bräckelmann wrote:
> > Or, tell your users to *never* write down their password or any other
> > account details in mail -- by policy, violation warrants getting fired
> > next day.
>
> Bingo, you've hit on an outgoing anti-phish filter trick. Filter
Unfortunately, no. That's not original work, someone else stated it
years ago.
> all email sent from any account on the system for, at the very
> least, the passwords to several critical accounts. (Run the words
> through the password hash and look for patches to root, admin group
> members, CEO, etc and specifically the sender's account.) Reflect
> messages containing a match to CEO, root, CIO, and the user with
> big nasty red words up front about sending passwords.
>
> It's not fool proof. It will eat machine time in retail bulk lots.
> And it might drive a message home.
Hah! Yeah, I thought about that, though hashing any possible word in
mails (which might include spaces, thus needs to cover multi-words, too)
really would require quite a rack of beefy hardware.
> Other obvious information to be filtered would include SSNs. For
> privacy reasons filter for numbers that look like SSNs, reflect to
> user with a were you sure wrapper, and if the user responds yes send
> it out in the original format.
The SSN trick already has been included in ClamAV, I believe. And no, it
doesn't cover internationalization.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
