Search: The Web or BeYoND-THe-iLLuSioN Only 
From: Steve Wingate 
Subject: SNET: 'E-mail wiretap' method exposed by privacy group
Date: 5 Feb 2001 18:32:06 -0500
To: IUFO , SNETNEWS ,
        CTRL@LISTSERV.AOL.COM

->  SNETNEWS  Mailing List

'E-mail wiretap' method exposed by privacy group  

By D. IAN HOPPER, Associated Press  

WASHINGTON (February 5, 2001 5:29 p.m. EST 
http://www.nandotimes.com) - Many of the most popular e-mail programs 
are subject to a form of online spying via embedded scripts that can send 
your comments to unintended recipients, a privacy group said Monday.  

This newfound method - called an e-mail wiretap - works when someone 
receives a note with the hidden scripts and forwards the message to 
others. As the e-mail moves from one person to another, their messages 
are secretly sent to the original sender.  

E-mail wiretaps could be used to note off-color remarks from governmental 
officials, by a spamming company to gather e-mail addresses, or by a 
boss to find out what you're saying about him.  

"You really would never know that this is occurring, unless you could view 
the source code and know what it meant," said Stephen Keating, executive 
director of the Privacy Foundation.  

The foundation, associated with the University of Denver, and its chief 
technology officer Richard Smith, found out about the situation from 
computer engineer Carl Voth, who discovered it in 1998.  

Though Voth posted an explanation of what he calls the "Reaper Exploit" 
on his Web site, he kept quiet about it until contacting the Privacy 
Foundation recently.  

Smith said e-mail wiretaps may become even more common than viruses.  

"People like to snoop," he said. "Most people won't send viruses to their 
friends, because that's over the line. But they might want to see what 
people say behind their backs."  

Keating said that while publicizing the method may lead people to use it, 
the effort also will educate the public on how to stop it.  

"There is an arms race aspect with the Internet and privacy and security. If 
there weren't really a fix for it, we might be more hesitant in pointing it out," 
Keating said. "But I don't think there's really anything gained by not 
acknowledging that it exists."  

If an e-mail recipient disables the Javascript programming language in 
Microsoft Outlook, Outlook Express, or Netscape 6 mail, the added 
comments are no longer forwarded to the e-mail originator.  

But if a user does remember to disable Javascript, only he is protected. If 
he forwards the message, the tap will continue to work if the recipient 
doesn't also disable Javascript.  

The problem doesn't affect people who use Eudora, America Online's e-
mail program or Web-based e-mail, such as Hotmail or Yahoo! Mail.  

Microsoft has also made a downloadable software patch available for 
Outlook - intended for another security issue - that takes care of the wiretap 
problem as well.  

The Privacy Foundation notified both Microsoft and Netscape about the 
issue before coming forward. Microsoft spokesman Ryan James said the 
newest downloadable update to Outlook Express, version 5.5, is not 
affected because JavaScript is off by default.  

Netscape spokeswoman Catherine Corre said the company is working on 
a patch to stop the wiretaps, which will be available "within the next several 
days." In the interim, Corre said Netscape users should disable Javascript 
in the Messenger program.  

Smith suggested that someone may use the wiretap method to change e-
mails, too. The ability exists, he said, for an e-mail sender to change its 
contents each time it's forwarded, causing havoc for each new sender who 
finds new words put in his mouth.  

Last year, Smith brought attention to the use of "Web bugs," invisible 
images embedded in e-mail or Web sites that can be used to track 
viewers. While it was thought to be a new discovery, it was later found that 
a man had used it to see who viewed his online resume, and many 
companies now use them to surreptitiously monitor Web traffic.  

"Once you identify it, then it becomes easier to tell who's using it," Keating 
said.  


ANOMALOUS IMAGES AND UFO FILES
http://www.anomalous-images.com


-> To unsubscribe send email to snetnews-unsubscribe@topica.com

____________________________________________________________
T O P I C A  -- Learn More. Surf Less. 
Newsletters, Tips and Discussions on Topics You Choose.
http://www.topica.com/partner/tag01

Disclaimer: The file contained in the box above or displayed in a separate window from a link in the box above is NOT owned nor implied to be owned by BeYoND THe iLLuSioN. Most files at BeYoND THe iLLuSioN are originally from public Bulletin Board Systems (BBS) which were popular in the days before the Internet or from gopher, web, and FTP sites from the early days of the Internet which no longer exist today. Essentially, all files were acquired from the public domain in one for or another.

However, there have been occasions when copyright protected material has appeared on BeYoND THe iLLuSIoN without permission of the copyright holder. In these instances, we have and will continue to remove the copyright protected file as soon as it is brought to our attention. This can now be done using our Report Copyright Material form. Fill out the form, and the webmaster will be notified of the situation.

There are also times when files found on BeYoND THe iLLuSioN have a real home somewhere else on the Internet. In these instances, we will gladly replace the file with a link to its true home whenever it is brought to our attention. If you know of the true home of any of these files, you can use our Report Original URL form to bring it yo our attention.