|
|
|
Basic Steps To Optimize Your Internet Security
After seeing many people complain about their weak Internet security I decided to write down some things that will help you for your Internet security. First, here are some tips to make windows safer : For basic security and update patches install...
ContentWatch Announces “Family Safe” Recognition for Family Safe Web Sites on the Internet
SALT LAKE CITY – September 15, 2004 – ContentWatch, Inc., a trusted provider of Internet filter and protection tools, today announced the launch of its Family Safe Program, a list of Web sites that have been identified and recognized by...
How Did I Get Started Online?
In this article, I'm revealing my personal experience of how I started my online business and who influenced me the most with regards to Internet business. Unlike other articles on Internet business, I'm not going to talk about how to write HTML...
Microsoft Great Plains Partner Selection – overview
Microsoft Great Plains, Navision, Solomon and Axapta are Microsoft Business Solutions ERP applications, serving to the whole spectrum of vertical and horizontal markets. Assuming that you already have one of these systems installed and...
Push Button Publishing Product Review
Bryan Winters of Push Button Publishing.com offers you everything you will need to start, build, and run your own online business, regardless of your experience level. Push Button Publishing is an all-in-one solution to the problems, questions, and...
|
|
| |
|
|
|
|
|
|
Email Wiretapping- Don't be a victim
On the face of it, does email wiretapping sound scary? Yes? Yes
it is scary and you should now how it's done and how to combat
it.
A little while ago the known (but not known with a load presence)
organisation called "The US based Privacy Foundation" became
aware of a as un-yet widely known security hole in the latest
incarnations of email clients produced by Microsoft and Netscape.
The security loophole essentially allows the sender of an email
message to see what has been written when the message is
forwarded with comments to other recipients. This procedure has
been nickname "email wiretapping". As you can imagine this leads
to surreptitiously monitoring of written messages attached
and/or forwarded messages. Some not so pleasant uses involve:
1) In a sensitive business negotiation conducted via normal email,
one party can learn inside information from the other parties as
the proposal is discussed through the recipient company's
internal email system.
2) A seeded email message could capture thousands of email
addresses as the forwarded message is sent around the world.
Seeded with what? JavaScript is the answer and it can easily
hide in any HTML email. Of course the JavaScript capability has
to be enabled within the email client. Typical email readers with
JavaScript functionality include Outlook, Outlook Express, and
Netscape 6 Mail. Earlier versions of the Netscape mail readers
are not affected because they do not fully support all the
intricacies of JavaScript. Eudora and the AOL 6.0 series of email
readers are not affected because JavaScript is turned off by
default (but are vulnerable if turned on of course). Hotmail and
other web-based email systems automatically strip out JavaScript
programs from incoming email messages and therefore are
not
vulnerable.
The loophole is made possible because JavaScript is able to read
text in an email message. If a message is forwarded to someone
else, the hidden JavaScript code can read any text that has been
added to the message when it is forwarded. This JavaScript code
executes when the forwarded message is read. The JavaScript code
then silently sends off this text using a hidden form to a web
server belonging to the original sender of the message. The
original sender can then retrieve the text at their convenience
and read it.
A "wiretapped" email message is difficult to detect. An
individual can avoid the email wiretap by turning off JavaScript
in the email reader. However, if the individual forwards the
message to someone who has JavaScript turned on, that
recipient's forwarded messages can still be" wiretapped".
Additionally, copying the original message into a new email,
rather than forwarding it, may not defeat the problem.
What can users can do?
It is possible to partially eliminate the email wiretapping
problem by turning off JavaScript in HTML email messages. You
can visit the home webpage for your appropriate browser package
if you are not sure on how to do this.
Switching off the JavaScript is only a partial solution because
a "wiretapped" message will still work if it is replied to, or
forwarded, to someone whose email program is vulnerable to the
malicious JavaScript. The best policy is some form of group or
corporate agreement on how to tackle this, especial where
commercially sensitive material is involved.
About the Author
Neville French
E-Inform is centred around email marketing, producing it's own
software products and resources + bespoke solutions for a
diverse range of clients.
http://www.1einform.com
|
|
|
|
|
|