Microsoft, Netscape Email Flaw Uncovered
February 7, 2001
A flaw has been uncovered in Microsoft's Outlook and Netscape's Mail email software, that allows senders to surreptitiously track when their messages are opened and whether they are forwarded to other recipients.
According to an alert by US organisation the Privacy Foundation, the snooping technology could be exploited if both sender and recipient are using either Microsoft Outlook, Outlook Express or Netscape 6 Mail.
Richard Smith, technical director at the Foundation, said: "It underscores the systematic privacy vulnerabilities of the internet. The possibility of email wiretapping is one of the most egregious violations imaginable and therefore opens up a nefarious business opportunity that should be watched closely."
Officials at both Microsoft and Netscape acknowledged the existence of the flaw, but Netscape claimed that there have been no known instances of the security hole being exploited.
A Microsoft spokesman said the company released a patch for the flaw a year ago, while a Netscape spokeswoman said an update for Netscape 6 Mail would be available within the next few days. Users of Netscape Communicator are not at risk, she added.
Smith warned that the exploit could be used to "listen in" on internal company conversations as messages are passed between recipients, or to harvest thousands of email addresses as messages are forwarded around the world.
To see more of VNUNet go to http://www.vnunet.com
© 2001 VNU Business Online Limited (UK)