Creating Pop Ups and Tips on Using Them Creating Pop Ups and Tips on Using Them As I said before, it's a proven fact that the use of pop up windows is a highly effective marketing technique that produces great results. Below, is an example of a popup window that you can use to gain new ... Hints All the Way One of the best ways to make your site easier to use is to provide hints to your visitors everywhere you can. You might think that sounds simple enough, but the amount of time required to do it and the number of things to consider puts a lot of web ... Xss Vulnerabilities, So Understimated, So Dangerous In this little paper I will try to convince admins, webmaster and in general everyone is concerned to secure a web site of how dangerous can be a XSS hole. I will not cover in depth what XSS is because there's a huge library on this topic available on ...
Email Wiretapping- Don't be a victim
it is scary and you should now how it's done and how to combat it.
A little while ago the known (but not known with a load presence) organisation called "The US based Privacy Foundation" became aware of a as un-yet widely known security hole in the latest incarnations of email clients produced by Microsoft and Netscape.
The security loophole essentially allows the sender of an email message to see what has been written when the message is forwarded with comments to other recipients. This procedure has been nickname "email wiretapping". As you can imagine this leads to surreptitiously monitoring of written messages attached and/or forwarded messages. Some not so pleasant uses involve:
1) In a sensitive business negotiation conducted via normal email, one party can learn inside information from the other parties as the proposal is discussed through the recipient company's internal email system.
2) A seeded email message could capture thousands of email addresses as the forwarded message is sent around the world.
Seeded with what? JavaScript is the answer and it can easily hide in any HTML email. Of course the JavaScript capability has to be enabled within the email client. Typical email readers with JavaScript functionality include Outlook, Outlook Express, and Netscape 6 Mail. Earlier versions of the Netscape mail readers are not affected because they do not fully support all the intricacies of JavaScript. Eudora and the AOL 6.0 series of email readers are not affected because JavaScript is turned off by default (but are vulnerable if turned on of course). Hotmail and other web-based email systems automatically strip out JavaScript programs from incoming email messages and therefore are not vulnerable.
The loophole is made possible because JavaScript is able to read text in an email message. If a message is forwarded to someone else, the hidden JavaScript code can read any text that has been added to the message when it is forwarded. This JavaScript code executes when the forwarded message is read. The JavaScript code then silently sends off this text using a hidden form to a web server belonging to the original sender of the message. The original sender can then retrieve the text at their convenience and read it.
A "wiretapped" email message is difficult to detect. An individual can avoid the email wiretap by turning off JavaScript in the email reader. However, if the individual forwards the message to someone who has JavaScript turned on, that recipient's forwarded messages can still be" wiretapped". Additionally, copying the original message into a new email, rather than forwarding it, may not defeat the problem.
What can users can do?
It is possible to partially eliminate the email wiretapping problem by turning off JavaScript in HTML email messages. You can visit the home webpage for your appropriate browser package if you are not sure on how to do this.
Switching off the JavaScript is only a partial solution because a "wiretapped" message will still work if it is replied to, or forwarded, to someone whose email program is vulnerable to the malicious JavaScript. The best policy is some form of group or corporate agreement on how to tackle this, especial where commercially sensitive material is involved.
About the Author Neville French E-Inform is centred around email marketing, producing it's own software products and resources + bespoke solutions for a diverse range of clients. http://www.1einform.com
Javascript News
An Update On Javascript Menus And SEO Search Engine Land, CT - 6 hours ago The primary language understood by search engines has been HTML, but now several search engines have learned how to read JavaScript. ...
UK communities divided over violence BBC News, UK - 8 hours ago Please turn on JavaScript. Media requires JavaScript to play. "If there was a resurgence of the IRA and they started bombing London, you could be sure the ...
Newsticker requires javascript Peace fm Online, Ghana - 13 hours ago There was pandemonium at the Osu Christianborg Castle, the seat of government, in Accra yesterday when Victor Emmanuel Smith, former aide to ex-President ...
