IT Employment

General discussion


Question about E-mail security

By chih ·
My friend would like me to ask you about the E-mail security. She told me that her friend and she was e-mail to each other by using a free email through yahoo's email (or hotmail). The unknown person sent an e-mail to my friend and told my friend that she/he (unknown person)read my friend e-mail, and she/he known that my friend talk about her/his (the unknow person). She/he also lets me friend know that they got my friend information (email's address and name) from central email server. My friend is wondering how the person, who monitor Central email server, knows who is who, and if they monitor the e-mail, Do they understand all languages? As an IT person, I explain to my friend; the unknown person either know my friend's email address by reading email that my friend sent to her friend. (That is why the unkown person knows the contain of the email and email address and name)But my friend still wants the answer from TechRepublic's members.

I will forward your response to my friend as soon as I get it. Thank you.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Not Secure

by TheChas In reply to Question about E-mail sec ...

E-Mail, like Cell Phones and cordless phones is NOT a secure mode of communication.

E-Mail can be 'sniffed' in transit.

Any mail on a server is subject to a hacker attack.

At your ISP, anyone with access to the server can review any mail message they desire.

The goal of some of the denial of service attacks is to open up ports on the server so that the hacker can get in.

Also, if a drive from an e-mail server is not properly purged before disposal, anyone with the time and inclination can get at all the messages.

The ONLY way to have any security for e-mail is for both parties to use data encryption with a high security key.

All in all, you should not send anything by e-mail that you would not want your mother, minister, or a court of law to read.


Collapse -

First off...

by LordInfidel In reply to Question about E-mail sec ...

I doubt highly that this "unknown" person hacked into yahoo's e-mail servers.

More likely that the "unknown" person simply logged onto their account. Or that the e-mail was accidently forwarded to the wrong person, or it was a threaded e-mail that kept getting forwarded.

AOL and Hotmail are propietary e-mail systems. And while I would like to think that I am a good hacker, even I would have trouble gaining root access into their core servers.

Sniffing is a possiblity, but again unlikely. Since I doubt your friend is on a static IP, the "unknown" person would literally need to infect their machine with a listener or port redirector (can we say netcat or fport?) that will redirect traffic from your friends machine, thru the attackers machine and then to the aol/hotmail servers.

Just sitting there on the net with etheral/tcpdump/anaylzer in promisicious mode will not do the trick, unless of course you are directly connected to the same subnet as the node you are trying to ease drop on.

Collapse -

E-mail In Simple Terms

by Deadly Ernest In reply to Question about E-mail sec ...

An easy way to think of an e-mail is to consider it as a message that goes from one delivery point to another with many stages in between, kind of like the old stagecoach mail services. At each staging point the e-mail is saved onto a hard disk, thus a copy made, then sent on to the next point. If I know your log in ID and password I can log in and download copies of your e-mail and leave them stored on the ISP harddrive, thus I can read your e-mail.

Like any communications system e-mails can be intercepted and read in transit, but this is very difficult as the e-mail message is usually broken down into smaller sections for sending across the Internet.

With an e-mail account managed by my ISP the mail is stored on their system until I download it to my computer, then their copy is deleted.

With e-mail systems like Hotmail and Yahoo that are accesssed via Internet browsers the mail is stored on their hard drive until you tell it to delete it, thus you can access your e-mail from any computer on the Internet regardless of where it is. If I know your log in ID and password I can log onto Hotmail (or Yahoo etc) and read your mail from anywhere.

Collapse -

Sub Seven etc. Shoulder Surfing...

by admin In reply to Question about E-mail sec ...

Who knows where they originally got it, but scanning her machine with something to detect trojans and other pests (or watching ports if you can), then destroying all the sticky notes etc. changing her password and then NEVER logging in at a "friends" house or other network that has a potential keystroke grabber and this will probably be the end of the problem. Never underestimate low tech or your friends and family. I have many horror stories about what co-workers do to each other as well.

Related Discussions

Related Forums