Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: blind forwards

From: ltaylor () TECHNOLOGYEVALUATION COM (Laura Taylor)
Date: Thu, 29 Jun 2000 14:22:11 -0400

It would be difficult to accurately find this out without access to all the
network devices along route, but if you use a product like Lexiguard
(www.lexias.com) for sending email, without the right key, all they will get
is an encrypted and unreadable piece of plaintext. I have not done any brute
force testing to see how easy it is to break the Lexiguard keys, but the
product is slick, easier to use than PGP, and worth taking a look at.

I think you are trying to solve the wrong problem. Assume that your email
can be intercepted. Now look for the solution. Encrypt your email. You don't
need an expensive VPN, Lexiguard can be installed in 15 minutes per desktop.

Lexiguard Review
http://www.technologyevaluation.com/Research/ResearchHighlights/Security/200
0/01/news_analysis/NA_ST_LPT_01_31_00_1.asp

Laura

-----------------------------------------------------------
Laura Taylor
Director, Security Research
Technology Evaluation Center (TEC)

TEC Security Index
http://www.technologyevaluation.com/Research/ResearchHighlights/Security/ind
ex.asp

Phone:  781-376-2813
Fax:      781-756-0245

-----Original Message-----
From: Keith McCammon [mailto:kmccammon () TIDALWAVE NET]
Sent: Wednesday, June 28, 2000 4:14 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: blind forwards

Hey all,

This may or may not be the right list for this.  It doesn't seem to fit
nicely anywhere.  However, we're investigating this at work, and I know
someone out there knows the answer.  (An incident I suppose)

I'm curious to find out how one could go about analyzing an e-mail to find
out if it is being intercepted upstream before it reaches the intended
recipient.  For example, with some e-mail servers, a file can be placed in
the user's mailbox on the server that will "blind" forward any incoming mail
to a given address.

SMTP Server --> Recipient's Mail Server--> USER-X (blind) and INTENDED-USER
(as usual)

I'd imagine that this is highly illegal at the upstream level under most
circumstances; and I know there's a way to find out if this type of snooping
is taking place.  Anyone?  Anyone?

Keith
Previous By Date Next
Previous By Thread Next

Current thread: