 |
Further
Reading ...
|
|
There's a NEW Mafia in Town
By now you may or may not have heard about a new company called Habeas. If not, let me briefly explain to you what all the hoopla is about. Habeas is offering all of us "protection" from the bad guys (i.e. spammers), and on the surface it sounds all...
Google's SEO Advice For Your Website: Content
The web pages actually at the top of Google have only one thing clearly in common: good writing. Don't get so caught up in the usual SEO sacred cows and bugbears, such as PageRank, frames, and JavaScript, that you forget your site's content. I was...
Do You Have An Evil Twin?
What you don't know can hurt you. Next time you connect to one of them, be very observant you're connecting to a legitimate one and not an evil twin.
What is an evil twin?
They are fake Internet gateways posing as a legitimate wifi hotspots....
Security, Stability, and Interoperability Issues on VoIP Implementation
Now we have accepted that VoIP is no longer just a phone service, it has become feature rich as it merges with computer configurations. The VoIP's existence has changed considerably over the last few years, coupled with the availability of broadband...
|
|
|
Email Wiretapping- Don't be a victim
|
 |
Written By:
Neville French
|
|
|
On the face of it, does email wiretapping sound scary? Yes? Yes
it is scary and you should now how it's done and how to combat
it.
A little while ago the known (but not known with a load presence)
organisation called "The US based Privacy Foundation" became
aware of a as un-yet widely known security hole in the latest
incarnations of email clients produced by Microsoft and Netscape.
The security loophole essentially allows the sender of an email
message to see what has been written when the message is
forwarded with comments to other recipients. This procedure has
been nickname "email wiretapping". As you can imagine this leads
to surreptitiously monitoring of written messages attached
and/or forwarded messages. Some not so pleasant uses involve:
1) In a sensitive business negotiation conducted via normal email,
one party can learn inside information from the other parties as
the proposal is discussed through the recipient company's
internal email system.
2) A seeded email message could capture thousands of email
addresses as the forwarded message is sent around the world.
Seeded with what? JavaScript is the answer and it can easily
hide in any HTML email. Of course the JavaScript capability has
to be enabled within the email client. Typical email readers with
JavaScript functionality include Outlook, Outlook Express, and
Netscape 6 Mail. Earlier versions of the Netscape mail readers
are not affected because they do not fully support all the
intricacies of JavaScript. Eudora and the AOL 6.0 series of email
readers are not affected because JavaScript is turned off by
default (but are vulnerable if turned on of course). Hotmail and
other web-based email systems automatically strip out JavaScript
programs from incoming email messages and therefore are - continued below ...
|
|
|
continued ...
not
vulnerable.
The loophole is made possible because JavaScript is able to read
text in an email message. If a message is forwarded to someone
else, the hidden JavaScript code can read any text that has been
added to the message when it is forwarded. This JavaScript code
executes when the forwarded message is read. The JavaScript code
then silently sends off this text using a hidden form to a web
server belonging to the original sender of the message. The
original sender can then retrieve the text at their convenience
and read it.
A "wiretapped" email message is difficult to detect. An
individual can avoid the email wiretap by turning off JavaScript
in the email reader. However, if the individual forwards the
message to someone who has JavaScript turned on, that
recipient's forwarded messages can still be" wiretapped".
Additionally, copying the original message into a new email,
rather than forwarding it, may not defeat the problem.
What can users can do?
It is possible to partially eliminate the email wiretapping
problem by turning off JavaScript in HTML email messages. You
can visit the home webpage for your appropriate browser package
if you are not sure on how to do this.
Switching off the JavaScript is only a partial solution because
a "wiretapped" message will still work if it is replied to, or
forwarded, to someone whose email program is vulnerable to the
malicious JavaScript. The best policy is some form of group or
corporate agreement on how to tackle this, especial where
commercially sensitive material is involved.
About the Author
Neville French
E-Inform is centred around email marketing, producing it's own
software products and resources + bespoke solutions for a
diverse range of clients.
http://www.1einform.com
|
|
|
|
 |
|
|
| _Additional Resources ... |
|
The Net vs. Nature.
Over the last few days, I've noticed many disturbances on the Internet. Mail has been going missing, a lot of sites have been down. It seems to be a global thing. It can make life pretty difficult if you are building and maintaining sites, or are...
AACE International, Inc. selects upgrade and PSA for gomembers’ solution
[Herndon, VA] --- gomembers™, Inc. (http://www.gomembers.com) announced this week that AACE International, Inc. (http://www.aacei.org) has opted to upgrade its pinnacle solution to the newest version 5.91 and apply a PSA (Preferred Support...
The Secret to Return Traffic on Your Website
Okay, if you are reading this, you are probably a hard-charging, stay-up-til-all-hours-working-on-the site, make-another-pot-of-coffee webmaster looking for ideas on how to build return traffic. Well, we've done very well with enticing visitors...
|
|
|
|
|
|
|
|
|
|
