-Caveat Lector- 'E-mail wiretap' method exposed by privacy group By D. IAN HOPPER, Associated Press WASHINGTON (February 5, 2001 5:29 p.m. EST http://www.nandotimes.com) - Many of the most popular e-mail programs are subject to a form of online spying via embedded scripts that can send your comments to unintended recipients, a privacy group said Monday. This newfound method - called an e-mail wiretap - works when someone receives a note with the hidden scripts and forwards the message to others. As the e-mail moves from one person to another, their messages are secretly sent to the original sender. E-mail wiretaps could be used to note off-color remarks from governmental officials, by a spamming company to gather e-mail addresses, or by a boss to find out what you're saying about him. "You really would never know that this is occurring, unless you could view the source code and know what it meant," said Stephen Keating, executive director of the Privacy Foundation. The foundation, associated with the University of Denver, and its chief technology officer Richard Smith, found out about the situation from computer engineer Carl Voth, who discovered it in 1998. Though Voth posted an explanation of what he calls the "Reaper Exploit" on his Web site, he kept quiet about it until contacting the Privacy Foundation recently. Smith said e-mail wiretaps may become even more common than viruses. "People like to snoop," he said. "Most people won't send viruses to their friends, because that's over the line. But they might want to see what people say behind their backs." Keating said that while publicizing the method may lead people to use it, the effort also will educate the public on how to stop it. "There is an arms race aspect with the Internet and privacy and security. If there weren't really a fix for it, we might be more hesitant in pointing it out," Keating said. "But I don't think there's really anything gained by not acknowledging that it exists." If an e-mail recipient disables the Javascript programming language in Microsoft Outlook, Outlook Express, or Netscape 6 mail, the added comments are no longer forwarded to the e-mail originator. But if a user does remember to disable Javascript, only he is protected. If he forwards the message, the tap will continue to work if the recipient doesn't also disable Javascript. The problem doesn't affect people who use Eudora, America Online's e- mail program or Web-based e-mail, such as Hotmail or Yahoo! Mail. Microsoft has also made a downloadable software patch available for Outlook - intended for another security issue - that takes care of the wiretap problem as well. The Privacy Foundation notified both Microsoft and Netscape about the issue before coming forward. Microsoft spokesman Ryan James said the newest downloadable update to Outlook Express, version 5.5, is not affected because JavaScript is off by default. Netscape spokeswoman Catherine Corre said the company is working on a patch to stop the wiretaps, which will be available "within the next several days." In the interim, Corre said Netscape users should disable Javascript in the Messenger program. Smith suggested that someone may use the wiretap method to change e- mails, too. The ability exists, he said, for an e-mail sender to change its contents each time it's forwarded, causing havoc for each new sender who finds new words put in his mouth. Last year, Smith brought attention to the use of "Web bugs," invisible images embedded in e-mail or Web sites that can be used to track viewers. While it was thought to be a new discovery, it was later found that a man had used it to see who viewed his online resume, and many companies now use them to surreptitiously monitor Web traffic. "Once you identify it, then it becomes easier to tell who's using it," Keating said. ANOMALOUS IMAGES AND UFO FILES http://www.anomalous-images.com <A HREF="http://www.ctrl.org/">www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance�not soap-boxing�please! These are sordid matters and 'conspiracy theory'�with its many half-truths, mis- directions and outright frauds�is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html">Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/">ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
