MetaFilter posts tagged with email and security

ClimateGate?

Who_Am_I — Fri, 20 Nov 2009 16:14:02 -0800

The University of East Anglia's Climatic Research Unit suffered a security breach this week. Hackers made off with thousands of email correspondences between some of the world's top climate scientists, and posted them to the Internet¹.

Tony Hake has posted an article at The Examiner, highlighting what he feels are the most egregious examples of scientists manipulating and hiding data to support the established theories about Climate Change. Some of the scientists involved counter that the quotes are taken out of context, and that "People are using language used in science and interpreting it in a completely different way".

¹ I'm not going to link to them, but the Examiner article mentions where to get them.

Phishing in Plain English

dbarefoot — Tue, 21 Oct 2008 22:13:51 -0800

The latest paper-based video from the folks at Common Craft. This video explains the ins and outs of phishing scams. Show it to your less web-savvy brethren.

what did we tell you

Armitage Shanks — Wed, 19 Mar 2008 13:46:38 -0800

The owners of the domain donotreply.com get a lot of mail. [via]

Stealing Osama's Identity

rzklkng — Fri, 15 Jul 2005 13:26:06 -0800

Security, the TSA, and the No-Fly List You would think that our National Security apparatus would be like the TV series "24", with the most ingenious and sophisticated technology available. You would be wrong. Disclaimer: TSA is not an ~~intelligent~~ intelligence agency. Here's a blurb from the resume of the designer(Kenneth Mack) of the application the airline industry uses for *PDF* managing their employee data and the cross-checking them with the no-fly list:

- Sr. Developer: Developed a program [for Goddard Technologies] that uses the "No-Fly List" Excel spreadsheet, provided by the FAA and the database of badged employees to permute the name combinations. It takes into consideration multiple first and middle names, with Soundex and the various "initial" combinations. This program reduced the time for comparison from 3 days to 10 minutes.

The scary yet interesting part of all of this is that the No-Fly List is nothing more than a password-protected spreadsheet (see this PDF). One would guess our Government's geeks would know that it's a bad idea to send email attachments containing social security numbers and dates of birth, unencrypted, over the internets, even if they might be terrorists.

Google falters? Can't be!

mrplab — Fri, 29 Oct 2004 16:37:21 -0800

GMail not-so-safe Mail. So apparentley GMail has a major exploit that's been discovered by an Israeli hacker. "Using a hex-encoded XSS link, the victim's cookie file can be stolen by a hacker, who can later use it to identify himself to Gmail as the original owner of an email account, regardless of whether or not the password is subsequently changed." And so the fun with GMail begins..

Intercepting E-Mail

homunculus — Wed, 07 Jul 2004 00:30:41 -0800

E-mail snooping is legal. A U.S. federal appeals court set an unsettling precedent last week by ruling (PDF) that an e-mail provider did not break the law when he copied and read e-mail messages sent to customers through his server.

judith — Fri, 11 Oct 2002 15:02:50 -0800

While MS-bashing is often too easy, this statement about recent security holes seemed especially astounding: "Outlook Express ships with every Windows system, or rather as part of IE, so it's on every system. But unless it is configured to receive mail, you are not at risk," said Scott Culp, manager for Microsoft security response. Interesting. Unless it is configured to receive mail, like, you know, an email program.

feelinglistless — Tue, 24 Apr 2001 15:19:29 -0800

Those British boys at it again. It was like this during the war, y'know. I remember my old mate Alan Turing beating the system in much the same way. Saved the world he did. Tally-ho.

cCranium — Wed, 19 Jul 2000 15:18:23 -0800

Yet another outlook vulnerability. This one's significantly nastier than the previous ones, because it can attack and run programs on your computer as you download the email from your server
More >>

mathowie — Tue, 04 Jan 2000 12:50:36 -0800

Yet another reason why HTML email sucks. WebTV should limit incoming messages to plain text only, or at least let users turn off HTML rendering in their mail clients.