Web Mail's Malicious Exploitation
Free Web-based email allows others to send email that can be traced to you. But is this threat really frightening? No. Read why.
"Let me have men about me that are fat,
Sleek-headed men, and such as sleep o' nights:
Yond Cassius has a lean and hungry look;
He thinks too much: such men are dangerous."
William Shakespeare
Julius Cæsar
Sending Messages without Knowing It
C|net has reported that a "Web email bug bites the Net".
Bennett Haselton, founder of PEACEFIRE and fighting Internet censorship, demonstrated how Web based email can be exploited to send email that appears to originate from somebody else (who need not even have an account at the email provider).
Naturally, Haselton used Hotmail, the most popular free email service to show the trick. Using an innocent-looking Web page containing not-so-innocent JavaScript it is possible to make somebody look like the initiator of an email message sent from a Hotmail account that is not hers.
Haselton did not give any details to prevent exploitation of the "bug". A closer look at the way sending messages at Hotmail -- or any other Web-based email service -- works is most probably how Haselton found out and chances are some others would (did?) so, too. But wait! Hotmail has implemented patch and the other service providers will certainly follow shortly.
Hotmail keeps track of its users by their IP address. Every computer on the Internet -- even you logging on through your modem -- has a unique IP number by which it can be addressed -- and identified. This is how you can assign a message sent through Hotmail to somebody. Just make her computer, her IP address press the send button.
Next page > Dangerous Potential > Page 1, 2, 3
