For example, if your network break at once as a cracker attacking your computer by purpose, then the cracker get your IP (many users surfing in the share network and only one out IP, it is easy) so easy, and your email box is under his control now!!
There is no difficulty for a newbie to get your entry url by hash of sqwebmail and then go to your mailbox and do everything as his will ! even for the user under ssl protection. only one, only the entry url for this box. Jerry ----- Original Message ----- From: "Sam Varshavchik" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, January 05, 2003 12:39 AM Subject: [sqwebmail] Re: --suggestion-- add a cookie anti-url-leak of sqwebmail > Jerry Chou writes: > > > I enter webmail.inter7.com, the demo of sqwebmail, > > and then I copy a url of Inbox to clipper: > > > > <URL:http://webmail.inter7.com/cgi-bin/sqwebmail/login/webmail%40webmail.co > > m.authvchkpw/6A13E43A47D97286E16B3129710333C2/1041669179?&form=folder&folde > > r=INBOX>http://webmail.inter7.com/cgi-bin/sqwebmail/login/webmail%40webmail > > .com.authvchkpw/6A13E43A47D97286E16B3129710333C2/1041669179?&form=folder&fo > > lder=INBOX > > > > then I close the browser (sometimes by chance, or by sb's bad habit) > > then you open a new browser -- > > paste this url copy in this new browser, enter.... > > > > you could see the Inbox again of webmail.inter7.com!!! > > > > it is very unsafe, if your mail user has such habit or > > just the url seen by some cracker.... > > It's perfectly safe. Try it again, in an hour or two, and see if it works. > > > and even sb use the same share computer, he could open the same > > email-box easily by browser's history. > > If you cannot secure your computer for at least a couple of hours, and you > are not capable of logging out completely, then you have no business reading > confidential mail from an insecure terminal. > > >
