Cocoon Data: Securing Internet communication

not accessible at that moment it will deliver them to an intermediate e-mail server known as a MX relay host — which may be located in various countries — Google’s Gmail, for example, has servers or databases located all over the world. After traveling through the MX hosts, your message and attachment will be delivered to the recipient’s mailbox on his or her ISP mail server. It will be stored there until your recipient retrieves the message using POP (Post Office Protocol) or IMAP (Internet Message Access Protocol) protocol. Web mail service works the same way, but instead of e-mail software, web interface is used to transfer attachments via e-mail.

Where can your attachment be intercepted? It can be intercepted at each step along the way. Normal e-mail is transmitted between computers and servers in easily accessible “plain text,” which makes it easy to read by interceptors. The attachment is stored on at least two servers during its journey: on the sender ISP mail server and on the recipient ISP mail server. If traveling through MX hosts as well, the attachment is also stored on each of these servers.  The ISP and MX hosts often archive the content of your e-mails for years. Thus unscrupulous IT staff with access to the given e-mail server can open and read attachments for nefarious purposes — long after they were sent. Of course this is over and above actions by hackers and thieves that gain access to e-mail servers where physical access security and network security are weak. Hackers can read and modify electronic communication in transit and steal or alter your critical information.

Such persons are continually identifying new ways of intercepting messages over the Internet. A recent trawl of the Internet revealed the following new vulnerability in the popular Gmail program:

The victim visits a page while being logged into GMail. Upon execution, the page performs a multipart/form-data POST to one of the GMail interfaces and injects a filter into the victim’s filter list. In the example above, the attacker writes a filter, which simply looks for e-mails with attachments and forwards them to an e-mail of their choice. This filter will automatically transfer all e-mails matching the rule. Keep in mind that future e-mails will be forwarded as well. The attack will remain present for as long as the victim has the filter within their filter list, even if the initial vulnerability,