ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Compliance Toolkit

New loophole makes email spying easy

Matthew Broersma ZDNet.co.uk

Published: 05 Feb 2001 13:28 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

A newly-discovered email loophole could allow for widespread snooping of other people's online messages, adding to concerns over Internet privacy.

The loophole lets an unscrupulous individual essentially "bug" an email sent to any email client that can accept HTML messages with JavaScript, a simple programming language. Such clients include recent versions of Netscape Messenger, Microsoft Outlook and Qualcomm's Eudora.

The method, uncovered by US group the Privacy Foundation, requires only a few lines of JavaScript to be inserted into an email message. If the message is received by a JavaScript-enabled client, any reply containing the original message will be forwarded back to the original sender.

That means, for example, that someone could send a message to a colleague, and if the message is forwarded to others, each forwarded message or reply would be copied and sent to the original sender, according to the Privacy Foundation.

Even if a user turns off JavaScript, the "email wiretap" code would take effect when received by another user who had not turned off the feature. The Privacy Foundation is campaigning for email clients to be sold with JavaScript turned off as the default.

The group believes spying on others' conversations could become common using this loophole. "Most of us won't release a computer virus, but this is something people would use, particularly if a service started offering it," chief technology officer Richard M Smith told the New York Times. "It's just kind of human nature."

The Privacy Foundation plans to publicise its discovery Monday.

They can see you... Find out how and why in Surveillance, a ZDNet News Special.

Is your PC safe? Find out at the Hackers News Special

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the ZDNet News forum.

Let the editors know what you think in the Mailroom. And read what others have said.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
57 out of 81 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Compliance



Company/Topic Alerts

Create a new alert from the list below:










Related Jobs

Front End Developer XHTML, CSS, Javascript, W3C

Front End Developer XHTML, CSS, Javascript, W3C Reports to Functional Head of Visual Design and relevant Project Manager Type of position: Perm ...

HTML, XHTML, JAVASCRIPT and CSS UI Development Media

HTML, XHTML, JAVASCRIPT and CSS UI Development Media Huxley Associates media client based in the Centre of London are looking to add a UI developer ...

JavaScript / AJAX / Web 2.0 development role

They are using technologies such as XSLT, CSS and JavaScript and XML. They are looking for someone who is a VERY technically adept at JavaScript and ...

Loading Video Player ....

Featured Talkback

There will be further activation issues to watch out for as Microsoft plans to offer a similar service to independent software vendors whereby they can "control" licensing through activation and other measures similar to the Software Protection Platform.

By: DefenceIT

Read full story:
Microsoft outage down to 'human error'

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

2 comments