BYTE.com > Tangled in the Threads > 2000 > July
E-Mail Virus Danger Is An Identity Crisis
By Jon Udell
July 6, 2000
(E-Mail Virus Danger Is An Identity Crisis
: Page 1 of 4 )
The day the ExploreZip worm hit the Net, I received this unfortunate message:
Hello
You are in my address book and have therefore probably been sent an e-mail "from me" containing a zipped attachment - which I received from [SENDER], [TITLE], [PROMINENT_COMPANY]
DO NOT OPEN THE ZIPPED ATTACHMENT - this is the worm virus on the news.
Simply delete the e-mail.
Sorry
[VICTIM]
Many months later, in the wake of the Love Bug, nothing has changed. The experts interviewed for CNET and National Public Radio are still trotting out the same recommendations:
- Disable macro languages.
- Ban attachments in corporate environments.
- Don't open any attachment you're not "sure" of.
I don't think that scripting and executable attachments are the root of the problem. Identity theft is. These worms, while clever, are more socially than technically adept. A victim is attacked by a message that seems to come from an acquaintance, perhaps even in response to a message just sent to that acquaintance. In reality, of course, the poisoned message comes from a trusted person's machine, but not from that trusted person.
I do most of my business, and you probably do a lot of yours, through e-mail, represented by nothing more than an e-mail address. Everybody knows it's easy to forge an e-mail address. The latest round of e-mail hacks has shown that it's also far too easy to hijack somebody's e-mail program and wreak havoc with it.
It baffles me that people who fret about the strength of encryption used to guard their credit cards en route to Amazon.com will, quite happily, transmit reams of unencrypted confidential communication through a whole chain of SMTP e-mail routers. It also baffles me that people don't seem to care much about, or do anything to protect against, identity theft.
BYTE.com > Tangled in the Threads > 2000 > July
|
