New email snoop threatens privacy

A snooping technology which allows someone sending an email to see what the recipient wrote when it is forwarded to a third party is one of a range of subtle, new attacks, says a Wellington security specialist.

A snooping technology which allows someone sending an email to see what the recipient wrote when it is forwarded to a third party is one of a range of subtle, new attacks, says a Wellington security specialist.

The head of Lower Hutt-based Scientific Software and Systems, Bill Tonkin, says the exploit, brought to light by a US privacy group, is a sophisticated attack of which network administrators need to be aware.

“We’ve moved on from the operational threats where a virus might simply destroy data or cause mayhem, to a strategic threat; one where passwords or data might be stolen and passed on. This kind of exploit is an example of this new breed.”

According to its discoverer, Denver-based Privacy Foundation technology chief Richard Smith, the exploit amounts to a wire tap and it's "very illegal and very easy to do". The vulnerability exists in mail that uses HTML (hypertext markup language).

A few lines of JavaScript can be embedded in an email message that allows the recipient's mail to be returned to the original sender. It only works, however, if the recipient's email program is set to read JavaScript.

Computer scientists from the Privacy Foundation have learned that the exploit only works when the recipient is using an HTML/JavaScript-enabled email reader such as Microsoft's Outlook, Outlook Express or version 6 of Netscape's web browser package.

Further information on the exploit can be viewed at www.privacyfoundation.org/.

Join the newsletter!

Error: Please check your email address.

More about BillMicrosoftPrivacy FoundationScientific Software

Show Comments
[]