A snooping technology which allows someone sending an email to see what the recipient wrote when it is forwarded to a third party is one of a range of subtle, new attacks, says a Wellington security specialist.
The head of Lower Hutt-based Scientific Software and Systems, Bill Tonkin, says the exploit, brought to light by a US privacy group, is a sophisticated attack of which network administrators need to be aware.
“We’ve moved on from the operational threats where a virus might simply destroy data or cause mayhem, to a strategic threat; one where passwords or data might be stolen and passed on. This kind of exploit is an example of this new breed.”
According to its discoverer, Denver-based Privacy Foundation technology chief Richard Smith, the exploit amounts to a wire tap and it's "very illegal and very easy to do". The vulnerability exists in mail that uses HTML (hypertext markup language).
Further information on the exploit can be viewed at www.privacyfoundation.org/.