E-mail wiretapping exposes forwarded messages
February 5, 2001
Privacy experts said Monday that they have discovered a security glitch that allows an e-mail author to read private comments attached to the original message as it gets forwarded to new recipients.
The Denver-based Privacy Foundation has nicknamed the problem "e-mail wiretapping." The watchdog group posted an advisory about the exploit Monday.
The eavesdropping glitch affects so-called HTML-enabled e-mail clients, which allow messages to appear--much like Web pages--with graphics and hyperlinks.
E-mail customers affected include people who use Microsoft's Outlook, its Outlook Express or AOL Time Warner's Netscape 6 Mail, according to the Privacy Foundation advisory.
"Netscape takes all privacy issues seriously," she added.
The message content could also be sent to a spying reader using invisible tags, sometimes called "Web bugs." A Web bug is a hidden image used to transmit information from a browser back to a Web server being used by the spying reader. This method is not easily detectable.
"This is a pretty significant problem," said Richard Smith, chief technology officer at the Privacy Foundation and author of the advisory. "People wouldn't normally send a virus in their e-mail to other people. But human beings do like to snoop. If a company offered this as a type of service, we think a lot of users would want to use it."
© 2001 Stefanie Olsen, News.com