Associated Press
WASHINGTON — Imagine a large corporation wants to acquire a small Web company. The corporation sends an e-mail with a price proposal to the target — and includes a few lines of invisible computer code.
As the target’s executives pass the message around, the corporation gets a copy each time it’s forwarded — with all the supposedly private comments attached.
Yesterday, a privacy group started demonstrating this new method to listen in on e-mail that works on the most popular programs.
Called an e-mail wiretap, it could be used to note off-color remarks from governmental officials, by a spamming company to gather e-mail addresses, or by a boss to find out what you’re saying about him.
"You really would never know that this is occurring, unless you could view the source code and know what it meant," said Stephen Keating, Executive Director of the Privacy Foundation.
The foundation, associated with the University of Denver, and its chief technology officer, Richard Smith, found out about the situation from computer engineer Carl Voth, who discovered it in 1998. Though Voth posted an explanation on his Web site, he kept quiet about it until contacting the Privacy Foundation recently.
Smith said e-mail wiretaps may become even more common than viruses.
"People like to snoop," he said. "Most people won’t send viruses to their friends, because that’s over the line. But they might want to see what people say behind their backs."
Keating said that while publicizing the method may lead people to use it, the effort also will educate the public on how to stop it.
"There is an arms race aspect with the Internet and privacy and security. If there weren’t really a fix for it, we might be more hesitant in pointing it out," Keating said.
If an e-mail recipient disables the Javascript programming language in Microsoft Outlook, Outlook Express, or Netscape 6 Mail, the added comments are no longer forwarded to the e-mail originator.
But if a user does remember to disable Javascript, only he is protected.
If he forwards the message, the tap will continue to work if the recipient doesn’t also disable Javascript.
The problem doesn’t affect people who use Eudora, America Online’s e-mail program or Web-based e-mail, such as Hotmail or Yahoo! Mail.
Microsoft has also made a downloadable software patch available for Outlook — intended for another security issue — that takes care of the wiretap problem as well.
The Privacy Foundation notified both Microsoft and Netscape about the issue before coming forward.
[back to top] |
