[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive May 2004 ]

Re: [edlug] intercepting emails

To: "Samsara" <phi1ipp@xxx.xxx.xxx>
Subject: Re: [edlug] intercepting emails
From: "Peter Jackson" <peter446@xxx.xxx.xxx>
Date: Thu, 6 May 2004 19:43:17 +0100
Cc: <edlug@xxx.xxx.xxx>
List-post: <mailto:edlug@xxx.xxx.xxx>
List-subscribe: <mailto:edlug-request@xxx.xxx.xxx>
List-unsubscribe: <mailto:edlug-request@xxx.xxx.xxx>
References: <20040506165710.323.qmail@xxx.xxx.xxx>
Sender: owner-edlug@xxx.xxx.xxx

----- Original Message -----
From: "Samsara" <phi1ipp@xxx.xxx.xxx>
To: <edlug@xxx.xxx.xxx>
Sent: Thursday, May 06, 2004 5:57 PM
Subject: [edlug] intercepting emails

>
> Dear All,
>
> There must be some among us who've played this thought
> game: how difficult is it to intercept a particular
> "password reminder" message, if you know what server
> it's coming from, which email server it's going to,
> and the approximate time at which it will be
> transmitted?
>
> Although I can't lay claim to any decent knowledge of
> how the web works, I figure one would have to try for
> intercepting traffic either near the sender or the
> recipient, correct? What exactly does this involve -
> digging up the ground to plug into the wire?
>

Samsara

Unless you encrypt the message using for example GPG/PGP (very few people do
this), the message is passed in a easily read format. On the journey between
the sender and the recipient's mail server the message will pass through
several computers, the exact number varies but it is usually between 5 and
20. Anyone who has privileged access (called root access in the *nix world)
to any of these machines can take a copy of any email that pass through
them. Privileged access can be legitimate, a employee of an ISP or obtained
by breaking into one of the machines.

As far as the difficulty of doing this it less dependant on technical
abilities and more if you are prepared to give backhanders to someone who
works for a large ISP. Breaking into a machine is in my opinion more
difficult and riskier that getting someone with legitimate access to obtain
it.

> The reason I ask is not because I intend to attempt
> this stunt, but because I'm concerned about the
> security of my credit card details currently stored on
> company foo.com's servers.

If you transmitted them over an encrypted connection (webpage addresses that
start with https://) then you are safe against someone reading on it's
journey from your computer to their servers. How secure their servers and
access to that data is a unknown factor. I you are concerned you should be
able to tell the site to "forget" your card details. If the site doesn't
have this feature ask them why not. Of course they may still store the card
data on the server but it wouldn't be possible for someone to hijack you
account and look straight at your card details.

Hope this goes someway to answering your question

Peter
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html

Follow-Ups:
- Re: [edlug] intercepting emails
  - From: Samsara

References:
- [edlug] intercepting emails
  - From: Samsara

Prev by Date: Re: [edlug] dynamic dns, domain names, and other shenanigans
Next by Date: Re: [edlug] dynamic dns, domain names, and other shenanigans
Previous by thread: [edlug] intercepting emails
Next by thread: Re: [edlug] intercepting emails
Index(es):
- Main
- Thread

Morpheux

This archive is kept by wibble@morpheux.org.DONTSPAMME

homepage