I get quite a lot of virus-spawned junk mail of the form:

Your Message has been Quarantined. Mail [this robot] back with the passcode [foo] in order to unlock your mail and pass it to the recipient.

…and it strikes me that this is just the same old 3-way handshake in TCP. Well, maybe not precisely the same as the 3-way handshake, but someone[1] recently asked of me that “isn’t SNMP just a ‘blog for network devices?” — which demonstrates an interesting train of thought, amongst the stately carriages of which it begs the question of I wonder which is more secure?).

Personally I believe that RSS, Atom and their peers:

• Will be overhyped in 2004/2005.
• May temporarily undermine HTML by trying to wrap it in XML, and will fail because there are too many non-programmers in the world, whom will not be swayed or enticed if their attempts at basic HTML “look OK”.
• Will persist long term, but in the short term risk creating business startups which will probably go the way of those that sought to sell push technology if anyone here remembers the hype about that.

…but WTF do I know?

The above is predicated on my belief that XML is nothing special, and that when all you know is XML, anything that is not wrapped in <TAGS> must be quite terrifying, in a deep, subconscious way.

eg: One can only wonder how all those RFC822-formatted mail messages manage to get delivered anywhere when they’re not in XML format; there is no IETF DTD, there are no tags in the body… surely no software still exists that can parse such arcane and unstructured data?

Anyway: back to the three-way handshake analogy.

Having struck me, it made me wonder:

How long before we see fully-fledged virus- or spam-driven Social Engineering Stacks[2] for want of a better description, including auto-responders that are designed to answer such quarantine challenges in order to drive the content through to the remote host?

Do they already exist?

Would they be part of a virus / distributed spam network, where:

A sends mail to B, with a source address of C which is the autoresponder elsewhere; there would be timeouts, backoff, retransmit, and all manner of other neat stuff.

I suggest that these tools would constitute Social Engineering Stacks because they operate in lieu of actors/people in the protocol, to bypass tools that attempt to mandate human action.

Would/could such tools be considered a “real” extension to the Layer-7 network stack (as opposed to any number of t-shirt spoof layers, like Political and Administrative)?

I doubt the OSI/ISO people would approve an additional Human-Spoofing layer, but that is essentially what we are talking about here.

We’re talking about ego (viruses) and money (spam) – both of which are considerable forces in driving innovation.

Marcus Ranum has, (on several occasions, often when we’ve both been rather drunk at USENIX) cited Ranum’s Law to me:

You can’t fix social problems with software.

…and following from that, Social Engineering Stacks seem to be the obvious next step in the arms race.

Footnotes:
[1] …who will probably read this…
[2] Do I get to create an acronym? SES?