Posts Tagged ‘Mail’

Mittwoch, 2. April 2008

Spammer sind auch nur Menschen …

… und machen ab und zu Fehler:

%RANDFILE[./bodies/tb/tb_plain.txt,./bodies/tb/tb_html.txt,./bodies/ol/ol_html.txt]

Das war der Inhalt ein Spam-Mails, das ich am 21. März erhalten habe.

Tags: , ,
Labels: IT, Web

Keine Kommentare | neuen Kommentar verfassen

Donnerstag, 20. September 2007

E-Mail-Passwort vergessen, aber noch in Outlook gespeichert

Heute war ich wieder auf einem Support-Einsatz bei einem Bekannten. Er hatte sich einen neuen Laptop gekauft, den er neben seiner älteren Workstation als Zweitgerät nutzen wollte.

Als ich seine zwei E-Mail-Konten (Bluewin und GMail) auf dem neuen Gerät in Outlook einrichten wollte, konnte er sich partout nicht mehr an das GMail-Passwort erinnern? Was nun?

Die Passwort Recovery-Funktion war leider nicht zu gebrauchen, da er wohl bei der Einrichtung von GMail keine Zweitadresse angegeben hatte, auf die das Passwort in solchen Fällen gesendet werden sollte. Auch die Frist von 5 Tagen Inaktivität in solchen Fällen konnten und wollten wir nicht verziehen lassen.

Deshalb entschied ich mich für das letzte noch verbliebene Hintertürchen: Da auf der Workstation das GMail-Konto mit POP-Abruf unter Outlook eingerichtet war und das Passwort dank dem lebensrettenden Häkchen gespeichert wurde, konnte ich mich eines Netzwerk-Sniffers bedienen:

SniffPass v1.02

Einziger Haken: GMail spricht nur verschlüsselt mit pop.gmail.com. Da nützt kein noch so toller Sniffer etwas. Als ich die Verschlüsselung deaktivierte, entdeckte der Sniffer weiterhin nichts. Unverschlüsselt verweigert der GMail-Server anscheinend von vorneweg den Dienst.

Die letzte Hoffnung erwies sich als begründet: Ich änderte den Posteingangsserver des GMail-Kontos in Outlook auf pop.bluewin.ch. Unlogisch, nicht? Nej, denn dieser Server hat zwei tolle Eigenschaften, die sich in diesem Notfall als äusserst nützlich erwiesen:

  • Er akzeptiert unverschlüsselte POP3-Verbindungen
  • Er akzeptiert jeden Login-Benutzernamen

Letzteres ist meines Wissens so eingerichtet, um Spammern das Leben zu erschweren: Wenn der Server nämlich brav Auskunft gibt, ob ein Benutzername (= oftmals die Mail-Adresse selbst) auf dem Server existiert, lässt sich relative rasch eine Attacke mit Wortlisten durchführen und erhält so eine Liste gültiger Mail-Adressen. (Ich mag mich bei dieser Begründung aber auch irren …)

Da der Benutzernamen offensichtlich akzeptiert worden war (so dachte es jedenfalls das gute, alte Outlook 2003), fuhr die Applikation fort, das Passwort zu übermitteln. Mangels Verschlüsselung geschah dies im Klartext – wunderbar, genau, was ich wollte! Und siehe da, einige Hundertstelsekunden später stand es in der Liste der von SniffPass abgefangenen Passwörter.

Auftrag erfüllt, der Kunde überglücklich – und das Passwort jetzt auf einem Papier als Gedächtnisstütze notiert.

Tags: , ,
Labels: Allgemein

4 Kommentare | neuen Kommentar verfassen

Dienstag, 18. September 2007

E-Mail nur noch mit Confidentially notice!

Wenn nun sogar schon Professoren beginnen, mit „Confidentially notices“ um sich zu werfen, ist es höchste Zeit, dem nachzuziehen!

Hier die Vertraulichkeits-Erklärung, wie sie mir für meine künftigen Mails vorschwebt:

CONFIDENTIALITY NOTICE: This email correspondence and any attachments may contain confidential and privileged information intended only for the use of the designated recipient(s) listed above. In accordance with the confidential nature of this information, this message and any attachments may contain legal, or other privileged information which may require a security clearance and could have negative ramifications as a result of tampering or hacking. If you are not the addressee, or the person responsible for delivering this to the addressee, you are hereby notified that you are not authorized to review, read, tamper with, encrypt, hack, disseminate, use, distribute, disclose, copy, electronically store, transmit, retransmit, deconstruct, syndicate, remix or otherwise create derivative works from, link to, link from, burn to disk, record, engage in eavesdropping of public reading or performance, otherwise reproduce the work via antiquated or as yet unfounded equipment or media, or take any action regarding the contents of this message. Doing so is strictly prohibited. If you are not the intended recipient, or have otherwise received this message by mistake, please notify the sender by replying via email. Destroy all copies of this original message (including attachments) to avoid prosecution and/or litigation. Furthermore, if you are the intended recipient of this message, federal, state or other local laws may prohibit you from engaging in unlawful copyright infringement regarding attempts to review, read, disseminate, use, distribute, tamper with, encrypt, hack, transmit, retransmit, disclose, copy, electronically store, deconstruct, syndicate, remix or otherwise create derivative works from, link to, link from, burn to disk, record, engage in eavesdropping of public reading or performance, otherwise reproduce the work via antiquated or as yet unfounded equipment or media, or take any action regarding the contents of this message. Use of this email and attachment(s) may not be used for legal purposes, or as evidence, without the prior notification, in writing, of all recipients contained therein, regardless of Fair Use dictates. The recipient(s) acknowledges that email is an inherently unsure format and that these correspondences may not be from the sender listed in the “From:” field. Email can easily be falsified or otherwise duplicated and the sender accepts no responsibility for potentially offensive materials that may or may not have been sent to the recipient, regardless of how they are received.

Opening this email message implies your agreement that you will not use, or encourage others to use, any unauthorized means for the duplication or distribution of this email message or any attachment(s), especially regarding sharing via peer-to-peer networks, whether personal or public. Packet sniffers or other devices used to intercept or access communications are frowned upon by the author(s) of this message and will not be tolerated as a means to foster authentic, wholesome communications. It is your responsibility, not the author’s, to ensure that any material you distribute from this email does not violate anyone’s copyright. Please note that there may be more than one copyright involved in any message – the text, the attachments and the performance or reading of said material, for example, may each have a separate copyright. You are responsible for getting any necessary permission and paying any necessary licensing fees for the email or other material you choose to reproduce. If you violate the copyright laws, there may be fines or criminal charges brought against you, even if you don’t get any commercial benefit from the illegal copies. You agree to hold the author harmless from your violation of copyright laws by your opening this email or any attachment(s).

You agree, if purchasing any portion of this text or attachment(s), by credit card or charge card, that you permanently and irrevocably waive any and all right to cause a “chargeback” (that is, a disputed, reversed or contested charge) against this purchase for any reason whatsoever against the author or other reseller of this license, effective as soon as you receive registration code(s) from the author, open the envelope containing the program disk or otherwise install or use any attachment(s). You agree that, if you institute such a “chargeback”, it constitutes a material violation of this license, and damages the author in ways impossible to calculate, and with long-term adverse effects to the author. Therefore, you agree to pay, and author agrees to accept in compromise, for each chargeback you may issue or directly or indirectly cause to be issued against the author, the amount of EIGHT THOUSAND DOLLARS ($8,000.00) to the author (or the party selling you this license), as liquidated damages and not as a penalty. You expressly confess, in the event of such a “chargeback”, that such chargeback constitutes fraud and confess such fraud. You agree to pay all costs incurred by the author or the seller of this license in collecting these amounts.

The author reserves the right, at any time and from time to time, to update, revise, supplement, and otherwise modify this Agreement and to impose new or additional rules, policies, terms, or conditions on your use of the email or attachment(s) being distributed. Such updates, revisions, supplements, modifications, and additional rules, policies, terms, and conditions (collectively referred to in this Agreement as “Additional Terms”) will be effective immediately and incorporated into this Agreement. Your continued reading of any portion of this email will be deemed to constitute your acceptance of any and all such Additional Terms. All Additional Terms are hereby incorporated into this Agreement by this reference.

Furthermore, please ensure you have adequate virus protection before you open or detach any documents from this email message. Neither the author nor the corporate entity/company that employs the author is responsible for failure to abide by these restrictions. You are not entitled to any damages, including but not limited to consequential damages, resulting from the reading or opening of this email message or any of its attachments, even if doing so would void or augment any warranty established by your computer manufacturer. The author shall not, at any time, be held liable for any special, direct, indirect or consequential damages, whether in an action of contract, negligence, or other action arising from or in connection with the use or performance of any attached materials. Nothing herein should be construed as constituting any kind of warranty. Should the author be found at fault for any damage, it will only be for the maximum extent allowed by applicable law, even if any remedy fails of its essential purpose. You acknowledge and agree that in order to protect the integrity of certain third-party content, the author and/or his licensors may provide for software security-related updates that will be automatically downloaded and installed on, or to, your computer. Such security related updates may impair the software (and any other software on your computer which specifically depends on the software) including disabling your ability to copy and/or play “secure” content, i.e. content protected by digital rights management.

The author reserves the right to modify, amend or control exportation of this message and attachment(s) without further notice at any time. Opinions expressed herein are those of the author, solely, and should not be attributed to any past or present employers or clients, unless mandated and expressed directly from the corporate entity which currently employs the author. These writings are provided “AS IS”, with no warranties, nor do they confer any rights. The material and information provided in this email is for general information and should not, in any respect, be relied on as professional legal or medical advice. No content in this email is “read and approved” by any governing body prior to distribution. Although quality is sought, the author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein, attached, or linked to or from this email correspondence. Reader’s comments and replies shall hold no precedence over the origination of this email or this confidentiality notice. It should be recognized that responses reflect those of the individual performing the reply and that those authors’ opinions do not infer my personal endorsement of any of their views. The author reserves the right to remove all replies. Furthermore, email sent in reply to this email may be reproduced and or quoted, unless the sender specifically requests otherwise. You, however, may not, without the prior consent, via written approval from the author, disclose to any third party the contents of this email message or any attachment(s). Thank you.

Quelle: Email Confidentiality Notice

Damit sind garantiert jegliche rechtlichen Fragen geklärt. Äusserst chic auch, dass das Mail nur unmerklich grösser wird …

Was ich wirklich denke

Der Vollständigkeit halber sei hier auch noch mein Antwort-Mail an den Mitarbeiter abgedruckt:

Wenn Sie wirklich „confidential information“ versenden, sollten Sie diese mit PGP chiffrieren. Dies ist aus Sicht des Technikers die einzige Möglichkeit, vertrauliche Informationen ohne Einsichtnahme Dritter vom Absender zum Empfänger zu transportieren. Ich erachte solche Footer als Platzverschwendung.

Was andere denken

Ein anderer geistesgegenwärtiger Zeitgenosse nimmt in einem ausführlichen Artikel die Disclaimer-Manie auseinander.

Wie man mit Disclaimern Wettbewerbe gewinnt

The Email Disclaimer Awards 2001Gewinner, wie könnte es anders sein, ist eine Bank. Und eine Schweizerische dazu!

Tags: , , ,
Labels: Funny

Keine Kommentare | neuen Kommentar verfassen