|
|
|
 |
| |
| VSNL
server offers window to e-intruders |
| (This
PT Monitor was published on Saturday, 26th April 2003
in 'The Times of India' - Pune Times edition by Mr. Huned Contractor.) |
| |
| How
safe is the email account provided by the Videsh Sanchar Nigam
Limited? The answer to this, as discovered by city-based software
expert Ashish Annachhatre, is that it is secure only as long
as you always remember to log off and do not simply close the
window. “Each time that you do not log off, you are exposing
yourself to a high risk of intrusion by someone who has snatched
an important piece of information from the email header. This
implies that not only can your email be read by anyone, but
it can lead to other dangerous complications such as the ransacking
of your address book, attacks by virus or using your email identity
to send fake messages,” claims Annachhatre, who stumbled
upon this flaw while testing the protocols of email service
providers for one of his clients. |
| Providing
a demonstration of how it works, Annachhatre says that
this black hole in the system is only because VSNL headers
have a code that other service providers like Yahoo or
Lycos do not contain. “This kind of break-in does
not, however make it possible for an intruder to gain
access into the internet account and use the subscriber’s
hours of usage. All it does is open up a channel that
leads straight into the email account of the user,”
explains Annachhatre. |
TRACKING
HACKERS : Software expert Ashish Annachhatre |
|
VSNL
is unaware of this mode of hacking. “Our home page makes
it very clear that all users should compulsorily log out so
as to prevent any kind of misuse. This is essential to cut
the transaction. Also, switching off the computer will automatically
break the email transaction,” states VSNL’s general
manager Shaikh Abdulrahim. Coincidentally, VSNL has sent out
a mail to its more than seven lakh subscribers about the new
features that it will introduce in its email facility. This
will include better organisation of email by distributing
them across folders of your choice, maintaining contact lists
on-line, sending out automatic messages when you are on vacation
and not likely to check your mail, enabling you to forward
your mails to alternative email accounts and personalising
the look of your account.
Annachhatre,
meanwhile, is quite willing to prove that all such added features
will only take the risk level a step higher, claiming that
this risk of an ‘open house’ can be eliminated
only if VSNL can work on changing the content of the data
that goes out with its header. It is now up to the software
brains to devise a solution. All that the user needs to realise
is that locking a door is the best way to keep out the thieves. |
|
|
|
|
|
