This is the project blog for the Dario La email obfuscation project at university of edinburgh

Monday, October 03, 2005

Plan of Attack 

Plan of attack for Honours Project.

TRY TO DO SIMPLE VERSION OF 1 OR 2 IN TIME FOR PROJECT MEETING

1.  Build a simple obfuscation tool based on user choice of techniques.
Suitable for users that only have static pages.
a.  simple Javascript - executing Javascript on client computes mailto tag
b.  translate e-mail name into an image
Emphasis here is on stitching existing tools together for easy use

[DO THIS FIRST]

2.  Experiment
Generate fresh e-mail names via different techniques and see which
generate spam.
a.  Control case - name in clear
b.  simple Javascript (as with 1a)
c.  image (as with 1b)
d.  in clear in pdf document
e.  current Informatics technique (name @ inf.ed.ac.uk) (purpose of this
is to check how effective current technique is)

[DO THIS SECOND -- SO AS TO MAXIMIZE TIME TO ACCUMULATE DATA]

3.  PDF e-mail obfuscation tool

[TECHNOLOGICALLY STRAIGHTFORWARD, BUT PERSONALLY, PHIL COULD MAKE USE OF
THIS]

4.  Diagnostic tool -- at users request, crawl their website and report
vulnerabilities [DO NOT RELEASE AS OPEN SOURCE]

[TECHNOLOGICALLY STRAIGHTFORWARD, PERSONALLY PHIL IS LESS INTERESTED IN
THIS]

5.  Study obfuscated code techniques and apply them to generate a more
sophisticated Javascript obfuscator

[THIS HAS MOST ACADEMIC CONTENT]

6.  Consider alternative to Javascript (e.g., challenge-response running
on server) for clients that do not have Javascript -- this probably
requires that user have CGI capability.

[TECHNOLOGICALLY STRAIGHTFORWARD]

7. User-engineer a site distributing these tools in order to make it
popular.  Count downloads to measure success.

[RELEVANT TO INFORMATICS, BUT USES DIFFERENT MUSCLES]

8. Apply AJAX techniques, possibly using Captcha and/or using self
modifyng code.

[PERSONALLY INTERESTING TO PHIL, MAY BE PRETTY CHALLENGING]

9. Build well-engineered tool

10.  Study which techniques are effective -- what sort of things will
spambots easily do (e.g., perhaps, execute Javascript) and not easily do
(e.g., if Javascript is expensive when will they stop)?

Overall plan:

Start with something simple, so you have a definite result under your
belt: 1, 2, 9, start 7.

Then spend bulk of time on something intellectually challenging, such as
5 or perhaps 8.

posted by daVe =p at 4:10 PM

0 Comments:

Post a Comment

<< Home