| |
 |
E-mail glitch allows spying
|
THE Privacy Foundation, an Internet privacy watchdog organization, confirmed on Monday the existence of an "e-mail wiretapping" bug that enables users to spy on other users' e-mail.
The group is planning public demonstrations at its Denver, Colorado headquarters on Monday that will demonstrate the ease with which this bug may be implemented. In doing so, the group also plans to publicize the clear illegality of its use.
On the Privacy Foundation web site, chief technology officer Richard Smith wrote that his organization discovered the bug by chance, after a Canadian computer scientist expanded on previous research about a web page bug, which allows information from a web page to be transmitted to a remote computer.
The computer scientist surmised that e-mail programs reading HTML-based messages might be vulnerable to the same bug. Privacy Foundation operatives then spent the last two weeks proving the scientist's hypothesis.
Smith told news sources: "I looked at this, and I said, 'Whoa,' because it lets you spy on people so [easily]."
The e-mail wiretap works by inserting JavaScript code into HTML-formatted e-mail messages, acting as a sort of "jury-rigged cookie", Jupiter Media Metrix analyst Christopher Todd told news sources.
As the e-mail continues on its path, either through a reply or being forwarded, a remote computer can keep tabs on the information being passed around. Though the bug doesn't affect users who have disabled JavaScript in their e-mail applications or who use AOL or other non-HTML e-mail, the script can still be subsequently forwarded to computers using HTML, allowing the snoopers to continue to tag correspondence.
Todd said that companies can implement this technology in myriad ways: E-commerce companies can use it to target a customer's purchasing history or to collect thousands of e-mail addresses; consumers can use it to track complaints sent to an e-commerce company; and businesses can use it to offer snooping services.
"It's more than what marketers need and what consumers want," said Todd. "There is an obvious concern, but any reputable company's policy will [have a provision] letting users know that [the e-mail tap] is being implemented."
"Nonetheless, these loopholes must be discovered and corrected," Todd said.
(SD-Agencies)
|
|
|
|
