North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Read an email, lose your privacy

  • From: Steve Sobol
  • Date: Mon Jan 10 22:49:48 2000

"Henry R. Linneweh" wrote:

With an excellent, and I think appropriate, quote from Sun CEO Scott 
McNealy at the top of the article.

>while I hope Scott McNealy is using hyperbole when he says, "You 
>have zero privacy now. Get over it" (the PC Week "Quote of the 
>Week," Feb. 1, 1999), it's not at all clear that he is. 

I hardly think McNealy is exaggerating. Our privacy has been
disappearing for years already.

> Thank you;
> |--------------------------------------------|
> | Thinking is a learned process so is UNIX   |
> |--------------------------------------------|
> Henry R. Linneweh
>     ---------------------------------------------------------------
>              Advertisement: Support SunWorld, click here!
>                                                        Read an email,
>                                                           lose your
>                                                           privacy
>                                                         Email can be
>                                                       spammer's weapon
>                                                         in more ways
>                                                           than one
>                                                            Summary
>                                                            Assorted
>                                                            cyberprivacy
>                                                            organizations
>                                                            are
>                                                            asking
>                                                            regulators
>                                                            to fix
>                                                            a
>                                                            privacy
>                                                            leak
>                                                            in Web
>                                                            browser
>                                                            software.
>                                                            Rich
>                                                            Morin
>                                                            tells
>                                                            us why
>                                                            leaks
>                                                            are
>                                                            only a
>                                                            small
>                                                            part
>                                                            of the
>                                                            problem.
>                                                            (1,000
>                                                            words)
>                                                       ----------------
>                                                           he
>                                                           headline
>                                                       shouted
>                                                       "E-Mail
>                                                       May Be Peril to
>                                                       Privacy" from
>                                                       the business
>                                                       section's front
>                                                       page in the San
>                                                       Francisco
>                                                       Chronicle.
>                                                       Reading the
>                                                       December 4
>                                                       article by
>                                                       Associated Press
>                                                       writer Kalpana
>                                                       Srinivasan, I
>                                                       was happy to see
>                                                       the issue
> getting some attention but hardly surprised to hear about yet another
> privacy threat. David Brin, the author of The Transparent Society,
> writes that a lack of privacy is inevitable. Although I don't agree
> with everything he says, the odds look pretty good that Brin might be
> right about this.
> And while I hope Scott McNealy is using hyperbole when he says, "You
> have zero privacy now. Get over it" (the PC Week "Quote of the Week,"
> Feb. 1, 1999), it's not at all clear that he is. Every time I'm asked
> to have my signature digitized for posterity during a credit card
> purchase (which I refuse, as a matter of principle), I am reminded of
> just how invasive our society has become.
> Hiding HTML links in email
> Enough generalized paranoia, however. Let's look at some specific
> threats.
> Most Web browsers hide the HTML portion of a link, showing only a
> highlighted word or two. Many email clients, particularly those
> embedded in Web browsers, perform this service as well.
> It is a useful feature, in most cases. After all, HTML code is both
> bulky and mysterious; most email users have neither the expertise,
> time, nor motivation to analyze every incoming bit of HTML.
> Unfortunately, however, it can leave an unwary user open to privacy
> attacks.
> Let's say I get a piece of spam from a porn site, containing includes
> the following bit of HTML:
>    <A HREF="";></A>
> No problem so far: is just a Website, so I should
> be pretty anonymous visiting it. All the site will get from my visit,
> in general, is an IP number or perhaps a domain name. The site can't
> use either of those to send me more spam or identify me as a visitor.
> Unfortunately, URLs can contain other items, including parameters that
> can be transmitted back to the site:
>    <A HREF="http://[email protected]";></A>
> If I take the bait and visit the site, my email address, [email protected],
> can be put on a hot list. Of course, the site managers had already
> obtained my address from an existing list, but they didn't know I
> would take the offered bait. Now they do.
> It gets worse. If I am using such a Web browser to handle my email,
> even opening the email message may be enough to initiate a serious
> loss of privacy. Many Web browsers are capable of enhancing email
> messages with all sorts of (possibly invisible) images, retrieving
> them when a message is opened from any specified URL. The spammer is
> free to include an IMG tag that includes my email address in a
> parameter, as follows:
>    <IMG SRC="[email protected]";>
> Wanna cookie?
> The spammer now knows that I opened his message, but even that's not
> the worst part. The Website can also return a cookie to my browser
> containing my (possibly disguised) email address. This means that any
> future visit I make to his site (or other, cooperating sites) can be
> recorded and indexed to my email address.
> In short, my privacy will have been severely compromised by my email
> software, without my knowledge or permission. For more information on
> this specific kind of attack, see the Electronic Frontier Foundation's
> press release or the technical report by security expert Richard M.
> Smith (in Resources, below).
> Variations
> These sorts of attacks can take many forms. For instance, it is quite
> possible to eliminate the need for a parameter altogether. Let's say
> the image request looks like this:
>    <IMG SRC="";>
> That seems pretty innocent, from a privacy perspective, but it might
> not be. In one possible scenario, the spammer could generate a unique
> URL for each outgoing email message, joining random names (susie,
> tammy, ...) with random letters (q, r, and so on). As each piece of
> email is sent, the spammer saves the outgoing email address in a
> database, keyed by the unique portion (susie_q) of the URL.
> When the image request is received, a hidden CGI script
> ( can record the request in the
> database, send me an identifying cookie, and so on. In short, any
> image request could be tagged.
> Finally, if I am foolish enough to click on an unknown URL, the
> spammer doesn't need parameters or even "hidden" HTML:
> The same logic applies: because the spammer knows whom he told about
> susie_q, he knows who is asking to see the Web page. Welcome to
> spamland, sucker.
> Conclusions
> One moral of this story, like that of Ken Thompson's classic paper,
> "Reflections on Trusting Trust" (see Resources), is that Trojan horses
> can come in many guises, and one should not trust a stranger's
> offerings, even if they contain no visible threats.
> Another moral is that convenient "features," made possible by
> aggregating pieces of software (in this case, email and Web clients),
> can lead to unexpected security holes. Microsoft is the most obvious
> perpetrator here, but Netscape and others have contributed to the
> situation.
> In an environment where random miscreants can send email to
> unsuspecting victims, keeping a few barriers in place seems only
> prudent. The spate of emailed "macro viruses" provides a clear example
> of the reasons.
> Putting macros -- interpretable code -- into word processors and other
> programs is clearly a powerful and useful idea. Having email software
> start up a copy of the word processor, so you can read formatted mail,
> is also quite convenient. Unfortunately, the combination means that
> ill-wishers can run macros on a victim's machine merely by sending
> email.
> I don't have any global solutions to offer, but I can offer some
> advice: Don't use Web browsers or highly integrated systems, such as
> Microsoft Outlook, as email clients; they're far too accommodating to
> spammers.
> If you must use unsafe email software, try to use it in a conservative
> manner. Turn off any automated features, such as automated program
> invocation, that might allow others to take over your machine. Until
> the vendors add some real security, the risks far outweigh any
> possible convenience.
> Editor's note: The domain name was not registered at
> the time this article was published. Any similarity to an existing
> domain name or Website is purely coincidental. [Image]
>         About the author
>         Rich Morin operates Canta Forda Computer Laboratory, a
>  [Image]computer consulting firm specializing in open source
>         software. He lives in San Bruno, Calif., on the San Francisco
>         peninsula.
>    Home | Next Story | Mail this Story | Printer-Friendly Version |
>          Comment on this Story | Resources and Related Links
>              Advertisement: Support SunWorld, click here!
> [Image]Resources and Related Links
>           * The Transparent Society, David Brin (Perseus Books, 1999):
>           * Prepublication version of Chapter 1:
>           * "The Cookie Leak Security Hole in HTML Email Messages," Richard
>             M. Smith:
>           * Electronic Frontier Foundation press release:
>           * "Reflections on Trusting Trust," Ken Thompson (Communication of
>             the ACM, August 1984):
>        Additional SunWorld resources
>           * Previous Silicon Carny columns in SunWorld:
>           * The SunWorld Topical Index -- a comprehensive listing of all
>             SunWorld articles by subject:
>           * Visit sunWHERE -- launchpad to hundreds of online resources for
>             Sun users:
>           * Explore back issues of SunWorld:
>           *, your one-stop IT resource:
> [Image] Tell Us What You Thought of This Story
>         -Very worth reading    -Too long    -Too technical
>         -Worth reading         -Just right  -Just right
>         -Not worth reading     -Too short   -Not technical enough
> [(c) Copyright 2000 Web Publishing Inc., and IDG Communication company]
> If you have technical problems with this magazine, contact
> [email protected]
> URL:
> Last modified: Friday, January 07, 2000

North Shore Technologies Corporation - Steven J. Sobol, President & Head
815 Superior Avenue #610, Cleveland, Ohio 44114, USA    Phone +1
[email protected]
Owned and loved by the dogs of Jaymist Chinese Shar-Pei, Montville,
Ohio   :)

Alcohol and calculus don't mix.. Never drink and derive.