On Wed, Sep 03, 2003 at 01:04:16AM -0300, Andreas Saurwein wrote
At 2/9/2003 15:16 Tuesday, Yakov Shafranovich wrote:
This CNN article
(http://www.cnn.com/2003/TECH/internet/09/01/spam.chainletter/index.html)
discusses a possible tactic used by spammers to collect email addresses -
chain letters.
... and then there was the hope that all the mails with the valuable
address information "somehow" comes back to the spammer, right?
IMHO this theory is totaly unreasonable - when the spammer is not
included in the replies, there is not much hope that they will ever
receive these mails. Except, of course, when they are caught off
a mailserver.
Or am I missing something here?
## Begin quote
Email Bug Threatens Privacy
A relatively simple bit of coding can make email messages vulnerable to
spying.
By Jack Karp
A security loophole in many email programs is being publicized by the
Privacy Foundation in an effort to prevent email snooping.
In an advisory dated February 5 (2001) and posted on the Denver-based
organization's website, the group warns that the loophole "allows the
sender of an email message to see what has been written when the message
is forwarded with comments to other recipients."
Privacy Foundation executive director Stephen Keating told CyberCrime
that the loophole allows potential spies with access to a Web server to
intercept and read all the replies and forwards sent in connection with
an email message and to see a recipient list.
## End quote
The full story, and details of the exploit, are at...
http://www.techtv.com/cybercrime/privacy/story/0,23008,3310007,00.html
Note that only one recipient needs to have javascript enabled in email
(bleagh!!!) and the spy can see that one message, and get all the
recipients off it.
--
Walter Dnes <waltdnes(_at_)waltdnes(_dot_)org>
Email users are divided into two classes;
1) Those who have effective spam-blocking
2) Those who wish they did
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg