Loopholes in Services-I


Loopholes in Services-I

After a long journey, I come to my favourite part of security analysis. Today onwards, I am going to cover security loopholes in various Internet services and protocols. Now one may ask, why do we have to go through this. Well, I beg to differ. One cannot learn how to defend oneself unless you are well-versed with your shortcomings. So here we are going to study, one-by-one, different Internet services which you use daily (some knowingly, some unknowingly) and then see the security risks involved in each of them. So let's start.

I start with the most simple and the most widely used Internet service, without which one cannot imagine the Net. E-mail. Electronic mail (E-mail) is a wonderful tool to have on the Internet, but it brings threats to your privacy and security. This section discusses some of these threats, such as e-mail bombing and spamming, as well as the risks of downloading certain attachments. One of the main weaknesses of e-mail messages is that not always it can be traced.

E-mail also includes people scanning your messages in search of valuable information, such as credit card, social security numbers or systems authentication information? When an e-mail message travels through the Internet it can be exposed to little programs that automatically will scan the mail feed into a computer, looking for specific information, just like you do in your mail program when you want to locate a particular message stored in one of your message folders.

Simple Mail Transfer Protocol (SMTP)

Have you heart about e-mail bombing? This is a form of stalking, an anonymous type of harassment to which you can't reply back to the sender. E-mail bombing is illegal, but hard to track, because of the anonymous ways e-mail can be sent, usually consisting of sending large amount of messages, from hundreds to thousands of e-mail messages, to a single e-mail address, usually generating a denial-of-service on the mail server.
But don't confuse e-mail bombing with spamming. E-mail bombing is characterized by abusers repeatedly sending numerous copies of the same e-mail message to a particular address, whereas e-mail spamming is a variant of bombing; it refers to sending the same e-mail to hundreds or thousands of users (or to lists that expand to that many users). E-mail spamming can be made worse if recipients reply to the e-mail, causing all the original addressees to receive the reply. Spamming also may occur innocently, as a result of someone sending a message to a mailing list without realizing that the list explodes to thousands of users, or as a result of an incorrectly set-up responder message. If the identity of the account sending the message is altered, then e-mail bombing or spamming is being combined with "spoofing," which makes it almost impossible to track the author and the origin of the message.

The copyright of the article Loopholes in Services-I in Internet Security is owned by Mayur Kamat. Permission to republish Loopholes in Services-I in print or online must be granted by the author in writing.

Go To Page: 1 2

Articles in this Topic    Discussions in this Topic