Date: Tue, 6 Feb 2001 23:11:47 +0000
Reply-To: TOURBUS-Request@LISTSERV.AOL.COM
Sender: The Internet TourBus - A virtual tour of cyberspace
From: Bob Rankin
Subject: TOURBUS - 06 Feb 01 - Email Wiretapping
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
----------------------------------------------------------------------
TOURBUS Volume 6, Number 57 -- 6 Feb 2001
----------------------------------------------------------------------
[ Tip: Use a monospace font like Courier when reading this message ]
__________ ____________ ________ __________ ________________ _
/ | / | | / | \
| WHY SURF WHEN YOU CAN RIDE THE BUS? / | \
|__________|__________/__________|__________|___________/_____| \
/ |----\
| FIVE YEARS of Searchable Archives |////|
| at http://www.TOURBUS.com |////|
\_______________________________________________________________|____|
/ \ / \ / \
\___/ \___/ T h e I n t e r n e t T o u r B u s \___/
TODAY'S TOURBUS TOPIC: Email Wiretapping
"I recently learned about a new snooping technology for email that
made me fall out of my chair. It allows someone who sends you an email
to see what you wrote when you forward the email to someone else. In
other words, a wiretap. It's very illegal, but it's also very easy to
do." -- Richard M. Smith, The Privacy Foundation. Learn all about
email wiretapping in today's TOURBUS!
+------------------ NEW! FREE FULL-SERVICE ISP -------------------+
This NEW Concept in ISPs combines both FREE & FULL SERVICE
Worldwide Internet Services. UNLIMITED use is FREE! NO Banners.
NO Commercials. You Receive PREMIUM Service at Start-up.
THERE IS NO CATCH. Virtual office / ICQ e-mail / Expense reports
Marketing Center / Auto-responder / Fax / Auto-Cassifieds.
FREE ISP - CLICK HERE and keep your $20 a Month!
+------------------------------------------------------------------+
+--------------- Get a NEW Car Price Quote, FREE!! --------------+
Thinking about buying a new vehicle? Don't pay more than you
should! Our FREE Price Quote allows you to build the exact car
you want, get Invoice Pricing and receive the best possible
price from an accredited dealer.
CLICK HERE
+----------------------------------------------------------------+
=============================
EMAIL WIRETAPPING EXPLAINED
=============================
The Privacy Foundation, a group that exists to educate the public
about communications technologies and services that may pose a threat
to personal privacy, reported on Feb. 5th about a technique that
allows the sender of an email message to see what has been written
when the message is forwarded to others. In other words, if someone
sends you a message that contains hidden email wiretapping code, that
person may be able to spy on you and others who receive the bugged
message when it is forwarded or replied to. The Privacy Foundation
lists some of the possible ways that this exploit might be used:
> Monitoring the path of a confidential email message and written
> comments attached.
> In a business negotiation conducted via email, one side can learn
> inside information from the other side as the proposal is
> discussed by the recipient and colleagues.
> A bugged email message could capture thousands of email addresses
> as the forwarded message is sent around the world. (Another
> reason not to forward silly hoaxes and urban legends.)
===================
Are You Affected?
===================
Fortunately, this email wiretapping code does not affect all email
readers. You ARE at risk if you use HTML-enabled email software that
also has JavaScript turned on. Translation for the
technology-impaired follows...
WORRY: Microsoft Outlook 2000, Outlook Express 5, Netscape Messenger 6
BE HAPPY: Almost everything else. Specifically, earlier versions of
Netscape Mail, Eudora, AOL, Web-based email such as Hotmail, Yahoo,
etc. are NOT affected.
If you do use one of the affected email readers, you can (partially)
protect yourself by turning off JavaScript in the email reader. Why
do I say partially? It's like this - the text of your replies will
not be sent to the Evil Wiretapper, but if you forward the message to
someone who DOES use a vulnerable email reader, that person will be
affected.
==============================
How You Can Protect Yourself
==============================
If you have a Wiretap-Enabled (Memo to Bill Gates: I'm trademarking
that, so forget about it) email program, you can use the instructions
for turning off Javascript in your email program here:
http://privacyfoundation.org/advisories/advemailwiretap.html
IMPORTANT NOTE #1: Turning off JavaScript in your email program does
not affect your Web browser's ability to use JavaScript. That's a
Good Thing (oops, I owe Martha Stewart a dollar) because many websites
use JavaScript to add interactive features.
Even if you use an email program that is not affected, you may pass
along the wiretap code without executing it when you forward or reply
to a bugged message. So in order to COMPLETELY protect against this
problem, you and all your correspondents need to take corrective
action (turn off JavaScript or switch to a non-affected email
program).
Or you can wait for your software vendor to release a patch that fixes
the problem. If you work in an office setting, it's probably best to
check with your Computer Guy or Gal before doing anything drastic.
Netscape has announced that a fix will be available in a few days, but
so far Microsoft has not. Check the Privacy Foundation website for
further news on this situation as it becomes available.
http://privacyfoundation.org
That's all for now, see you next time! --Bob Rankin
=====================[ Tourbus Rider Information ]===================
The Internet Tourbus - U.S. Library of Congress ISSN #1094-2238
Copyright 1995-2001, Crispen & Rankin - All rights reserved
Help the hungry, poor and sick - for free! http://FreeDonation.com
Subscribe, Signoff, Archives, Free Stuff and More at the
Tourbus Website - http://www.TOURBUS.com
=====================================================================