North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Read an email, lose your privacy
- From: Steve Sobol
- Date: Mon Jan 10 22:49:48 2000
"Henry R. Linneweh" wrote:
With an excellent, and I think appropriate, quote from Sun CEO Scott
McNealy at the top of the article.
>while I hope Scott McNealy is using hyperbole when he says, "You
>have zero privacy now. Get over it" (the PC Week "Quote of the
>Week," Feb. 1, 1999), it's not at all clear that he is.
I hardly think McNealy is exaggerating. Our privacy has been
disappearing for years already.
> Thank you;
> | Thinking is a learned process so is UNIX |
> Henry R. Linneweh
> Advertisement: Support SunWorld, click here!
> Read an email,
> lose your
> Email can be
> spammer's weapon
> in more ways
> than one
> to fix
> in Web
> us why
> only a
> of the
> May Be Peril to
> Privacy" from
> the business
> section's front
> page in the San
> Reading the
> December 4
> article by
> Associated Press
> writer Kalpana
> Srinivasan, I
> was happy to see
> the issue
> getting some attention but hardly surprised to hear about yet another
> privacy threat. David Brin, the author of The Transparent Society,
> writes that a lack of privacy is inevitable. Although I don't agree
> with everything he says, the odds look pretty good that Brin might be
> right about this.
> And while I hope Scott McNealy is using hyperbole when he says, "You
> have zero privacy now. Get over it" (the PC Week "Quote of the Week,"
> Feb. 1, 1999), it's not at all clear that he is. Every time I'm asked
> to have my signature digitized for posterity during a credit card
> purchase (which I refuse, as a matter of principle), I am reminded of
> just how invasive our society has become.
> Hiding HTML links in email
> Enough generalized paranoia, however. Let's look at some specific
> Most Web browsers hide the HTML portion of a link, showing only a
> highlighted word or two. Many email clients, particularly those
> embedded in Web browsers, perform this service as well.
> It is a useful feature, in most cases. After all, HTML code is both
> bulky and mysterious; most email users have neither the expertise,
> time, nor motivation to analyze every incoming bit of HTML.
> Unfortunately, however, it can leave an unwary user open to privacy
> Let's say I get a piece of spam from a porn site, containing includes
> the following bit of HTML:
> <A HREF="http://www.smuttystuff.com">www.smuttystuff.com</A>
> No problem so far: www.smuttystuff.com is just a Website, so I should
> be pretty anonymous visiting it. All the site will get from my visit,
> in general, is an IP number or perhaps a domain name. The site can't
> use either of those to send me more spam or identify me as a visitor.
> Unfortunately, URLs can contain other items, including parameters that
> can be transmitted back to the site:
> <A HREF="http://firstname.lastname@example.org">www.smuttystuff.com</A>
> If I take the bait and visit the site, my email address, email@example.com,
> can be put on a hot list. Of course, the site managers had already
> obtained my address from an existing list, but they didn't know I
> would take the offered bait. Now they do.
> It gets worse. If I am using such a Web browser to handle my email,
> even opening the email message may be enough to initiate a serious
> loss of privacy. Many Web browsers are capable of enhancing email
> messages with all sorts of (possibly invisible) images, retrieving
> them when a message is opened from any specified URL. The spammer is
> free to include an IMG tag that includes my email address in a
> parameter, as follows:
> <IMG SRC="http://firstname.lastname@example.org">
> Wanna cookie?
> The spammer now knows that I opened his message, but even that's not
> the worst part. The Website can also return a cookie to my browser
> containing my (possibly disguised) email address. This means that any
> future visit I make to his site (or other, cooperating sites) can be
> recorded and indexed to my email address.
> In short, my privacy will have been severely compromised by my email
> software, without my knowledge or permission. For more information on
> this specific kind of attack, see the Electronic Frontier Foundation's
> press release or the technical report by security expert Richard M.
> Smith (in Resources, below).
> These sorts of attacks can take many forms. For instance, it is quite
> possible to eliminate the need for a parameter altogether. Let's say
> the image request looks like this:
> <IMG SRC="http://www.smuttystuff.com/blonds/susie_q.jpg">
> That seems pretty innocent, from a privacy perspective, but it might
> not be. In one possible scenario, the spammer could generate a unique
> URL for each outgoing email message, joining random names (susie,
> tammy, ...) with random letters (q, r, and so on). As each piece of
> email is sent, the spammer saves the outgoing email address in a
> database, keyed by the unique portion (susie_q) of the URL.
> When the image request is received, a hidden CGI script
> (http://www.smuttystuff.com/blonds) can record the request in the
> database, send me an identifying cookie, and so on. In short, any
> image request could be tagged.
> Finally, if I am foolish enough to click on an unknown URL, the
> spammer doesn't need parameters or even "hidden" HTML:
> The same logic applies: because the spammer knows whom he told about
> susie_q, he knows who is asking to see the Web page. Welcome to
> spamland, sucker.
> One moral of this story, like that of Ken Thompson's classic paper,
> "Reflections on Trusting Trust" (see Resources), is that Trojan horses
> can come in many guises, and one should not trust a stranger's
> offerings, even if they contain no visible threats.
> Another moral is that convenient "features," made possible by
> aggregating pieces of software (in this case, email and Web clients),
> can lead to unexpected security holes. Microsoft is the most obvious
> perpetrator here, but Netscape and others have contributed to the
> In an environment where random miscreants can send email to
> unsuspecting victims, keeping a few barriers in place seems only
> prudent. The spate of emailed "macro viruses" provides a clear example
> of the reasons.
> Putting macros -- interpretable code -- into word processors and other
> programs is clearly a powerful and useful idea. Having email software
> start up a copy of the word processor, so you can read formatted mail,
> is also quite convenient. Unfortunately, the combination means that
> ill-wishers can run macros on a victim's machine merely by sending
> I don't have any global solutions to offer, but I can offer some
> advice: Don't use Web browsers or highly integrated systems, such as
> Microsoft Outlook, as email clients; they're far too accommodating to
> If you must use unsafe email software, try to use it in a conservative
> manner. Turn off any automated features, such as automated program
> invocation, that might allow others to take over your machine. Until
> the vendors add some real security, the risks far outweigh any
> possible convenience.
> Editor's note: The domain name Smuttystuff.com was not registered at
> the time this article was published. Any similarity to an existing
> domain name or Website is purely coincidental. [Image]
> About the author
> Rich Morin operates Canta Forda Computer Laboratory, a
> [Image]computer consulting firm specializing in open source
> software. He lives in San Bruno, Calif., on the San Francisco
> Home | Next Story | Mail this Story | Printer-Friendly Version |
> Comment on this Story | Resources and Related Links
> Advertisement: Support SunWorld, click here!
> [Image]Resources and Related Links
> * The Transparent Society, David Brin (Perseus Books, 1999):
> * Prepublication version of Chapter 1:
> * "The Cookie Leak Security Hole in HTML Email Messages," Richard
> M. Smith:
> * Electronic Frontier Foundation press release:
> * "Reflections on Trusting Trust," Ken Thompson (Communication of
> the ACM, August 1984):
> Additional SunWorld resources
> * Previous Silicon Carny columns in SunWorld:
> * The SunWorld Topical Index -- a comprehensive listing of all
> SunWorld articles by subject:
> * Visit sunWHERE -- launchpad to hundreds of online resources for
> Sun users:
> * Explore back issues of SunWorld:
> * IDG.net, your one-stop IT resource:
> [Image] Tell Us What You Thought of This Story
> -Very worth reading -Too long -Too technical
> -Worth reading -Just right -Just right
> -Not worth reading -Too short -Not technical enough
> [(c) Copyright 2000 Web Publishing Inc., and IDG Communication company]
> If you have technical problems with this magazine, contact
> URL: http://www.sunworld.com/swol-01-2000/swol-01-silicon.html
> Last modified: Friday, January 07, 2000
North Shore Technologies Corporation - Steven J. Sobol, President & Head
815 Superior Avenue #610, Cleveland, Ohio 44114, USA Phone +1
Owned and loved by the dogs of Jaymist Chinese Shar-Pei, Montville,
Alcohol and calculus don't mix.. Never drink and derive.