Skip to content
BOL Conferences
Thread Options
#16284 - 04/25/02 08:56 PM Email security
Anonymous
Unregistered

We are in a discussion over the security of email. We have all been told that you should treat email as if you were sending a message on a postcard, i.e., make sure it is something that you don't mind anyone reading. But how realistic is it that someone could read an unencrypted email I sent outside of a secure intranet? (I have heard it called e-mail sniffing)

If you think someone with a computer and the appropriate software can sniff my email messages, in specific terms tell me how do they do it. Do you have any documented cases of it happening? Would the hacker have to place software on the sender's or receiver's computer or with your ISP to do this or can they just sit at their computer and snoop around?

It was explained to me that an email is like jigsaw puzzle pieces being loaded on several different trucks and sent out on several different highways. Then all of the trucks arrive at their destination and the pieces are all put together. I was told that without sniffing software on the ISP or on a computer used in the transmission or receipt of the email, that it would be nearly impossible to sniff, even randomly, any piece of the email that would give you anything.

Return to Top
eBanking / Technology
#16285 - 04/25/02 10:31 PM Re: Email security
Anonymous
Unregistered

I like the truck analogy and I think it's basically accurate.

But sniffers aren't the only threat. Sometimes the danger comes from being too tired to type accurately, or choosing the wrong entry in an email address book. Instead of the intended recipient getting your email, it reaches someone else entirely.

A couple of years ago a lawyer thought he was sending an email to a friend. It said something to the effect of, "Well, wish me luck. I'll be out of town this weekend. And that wedding of my friend I was supposed to be going to? Called off. Something about a temporary restraining order. I'll fill you in on the details later."

He filled the "To" line by clicking on an entry in his email address book. Unfortunately, it was the line BELOW his friend's address. Turned out to be a legal listserve he subscribed to, and the email went out to hundreds of lawyers across the country. He was mortified when he realized his mistake and immediately sent another message apologizing and saying he knew none of us were interested in his friend's wedding woes. Actually, we were all pretty intrigued and there were several good-natured replies to the list.

The moral of the story is that your message is only ever one keystroke away from the wrong audience. If it were snail mail, there's federal law prohibiting someone other than the named addressee from opening it. If it lands in the wrong email in-box, however, it's pretty much fair game.

Return to Top
#16286 - 04/26/02 01:25 AM Re: Email security
Andy_Z Offline
10K Club
Andy_Z
Joined: Oct 2000
Posts: 27,748
On the Net
I haven't read of any documented cases involving a bank, but it wouldn't be highly publicized.

The thing is, it isn't hard to do, or so I am told. Think of the servers it goes through and where it may be subject to a back-up programs. It doesn't even have to sniffed out.

I also encourage people to password protect the attachments they use, especially Word and Excel. I demo'd this at the ABA Grad School and showed how a cracker program can easily open those with simple words or few characters.

I also showed an Excel attachment I have received a few times because the sender doesn't understand domain addresses. I sent them notices, but when they send me HMO reports on a bank with a similar address time and again, they became teaching samples.

I have received Putnam 401k information, names and SSANs to access credit reports, sales presentations, secutity sales requests. Lots of neat stuff.

Why would I get this you ask? I don't sniff this out, but anything sent to a nonexistant e-mail address to one of our domains comes to me as Webmaster. Mis-sent e-mail doesn't always bounce back.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell

Return to Top

Moderator:  Andy_Z