• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

E-mail Read Notification

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security

View previous topic :: View next topic  
Author Message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Sun Mar 20, 2005 12:26 pm    Post subject: E-mail Read Notification Reply with quote

Hi Very Happy

I realise I’m probably the last person in the world to discover e-mail read notification but I think this is an important thing for security fans. I feel it is important to encrypt and authenticate my e-mail and that’s where my supervision of my outgoing messages usually ends. I believe read notification is a useful feature and it will add that little extra supervision of your messages.

Here is my scenario where I feel that an e-mail read notification system would be very useful to SFDC security fans.

Believe it or not, Alice and Bob still have something left to talk about !

As far as Alice and Bob are aware their e-mails are safely encrypted with the best encryption available and they are communicating in total privacy.

Bob encrypts, signs and sends his e-mail to Alice.

Alice’s Evil sister Dorothy has previously used a keylogger on Alice’s computer and captured Alice’s username and password for her Yahoo e-mail account and her PGP passphrase. Alice was also careless enough to once leave her PGP keys stored on her computer which the Evil Dorothy has copied.

Evil Dorothy sat in front of her own computer checks Alice’s Yahoo e-mail account. She notice’s that Alice has received a message from Bob and downloads it. She then use’s the “mark as unread” option on Bob’s message and then logs out. Evil Dorothy then decrypts the message and reads it. Evil Dorothy has been doing this all the years Alice and Bob have ever been communicating with each other.

So, Bob sends message / Evil Dorothy copies and reads message / Alice collects message later and Bob and Alice are no wiser to what Evil Dorothy is up to.

Here is where I think read notification would help Alice and Bob.

Bob encrypts, signs, employs read notification and sends his e-mail to Alice.

Evil Dorothy downloads and “marks as unread”. But, now this is the clever bit !! Evil Dorothy has unknowingly triggered Bobs trap. Bob has set something up so when the e-mail is opened it loads an image from his web server and that server is set up to log connections with the date, time and perhaps even an IP address.

Alice then collects what she thinks is her unopened message from Bob. But again she triggers another log on Bob’s server.

Bob checks to see if Alice has read her message. He notices that the message has been opened twice. It could also be the case that Bob recognises the IP address of Evil Dorothy. Bob is quite understandably outraged ! Bob then phones Alice and they agree to renew their keys and Alice is now aware her Yahoo account is compromised and she must change her password.

Alice and Bob then go round to Evil Dorothy’s house and push dog poo through her letterbox.


So I think read notification may be useful. It’s also just nice to know that someone has received and read your message in everyday life.

So what have I and other beginners learnt from this scenario ?

Constantly check for virus / keylogger software.
Change passwords regularly.
Store your PGP keys securely.
Use e-mail read notification.
Don’t spy on Alice and Bob unless you’ve got a lot of carpet cleaner.


I am always suspicious of programs that offer to do e-mail notification for you as Martin (mxb) will tell you, I am ultra paranoid !! So I was wondering does anyone here know how to set this sort of thing up on a web server ? Could it be done with php perhaps ? I would much prefer to run this from my own web server and set it up myself with the help of members here.

Thanks and I hope this proves useful to someone.

Bungle.


Am I the most paranoid person on this forum ? (y/n) Sad
Back to top
View user's profile Send private message
zeedo
SF Reviewer
SF Reviewer


Joined: 01 Sep 2004
Posts: 24
Location: Scotland

Offline

PostPosted: Sun Mar 20, 2005 1:01 pm    Post subject: Reply with quote

I find your plan flawed for a number of reasons, security minded people don't accept HTML emails and don't let their software send read receipts, so you couldn't use the standard method of a read receipt sent in an email and you couldn't use inline images.

However if you do want to go the inline image route.

Do the following have PHP output an image (you don't have to just output text/html) and after doing so notify you in whatever way you want notified, email, IM,SMS etc....

Dynamic Image generation in PHP

You use the same image each time and use a unique identifier to hit the page.

eg... http://example.com/smurf.php?31337

You will start to annoy people by pointlessly sending them images, especially when your image goes offline and their email client starts complaining.
Spammers have been using this technique for a long time to check for valid emails, if I saw a url like this in an email, I'd beleive you were address gathering.
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Sun Mar 20, 2005 3:19 pm    Post subject: Reply with quote

Hi zeedo Very Happy

Quote:

security minded people don't accept HTML emails


OK, I didn’t know that. I thought it was something that was attached to a normal e-mail. Sorry.

Quote:

so you couldn't use the standard method of a read receipt sent in an email and you couldn't use inline images

How would you suggest going about the problem ? Is there a way you know of that could notify you when someone opens an e-mail you have sent ? Perhaps if both parties are aware of what’s going on ?
Quote:

However if you do want to go the inline image route.

Thanks for the link you provided. There’s quite a lot there to understand, I will read through that later.
Quote:

You will start to annoy people by pointlessly sending them images

I thought the image sent was a 1x1 pixel. I wouldn’t have thought anyone would have noticed it. Anyway we could assume the recipient of my message knew what I was doing so perhaps it wouldn’t matter as it would just have to be a side effect of our notification system.
Quote:

Spammers have been using this technique for a long time to check for valid emails

Just typical !! I think I have an idea and someone has beaten me to it !! I did say I was probably the last to know !! Laughing

Thanks,
Bungle
Back to top
View user's profile Send private message
mxb
Trusted SF Member
Trusted SF Member


Joined: 30 Mar 2004
Posts: 6


Offline

PostPosted: Sun Mar 20, 2005 3:48 pm    Post subject: Reply with quote

Maybe it's just the lack of sleep, but I'm not entirely sure what the question is.

Are you trying to control the email after it has left your computer? Or are you trying to find out when a person reads their email?

If the person is security minded then most systems will fail or not be used, as the recipient would probably like their privacy too. The simplest method would be to just ask them for confirmation of delivery, which is something I should really put on my emails to Justin... Razz

Cheers,
Martin
Back to top
View user's profile Send private message
Rowdy Yates
Just Arrived
Just Arrived


Joined: 20 Oct 2004
Posts: 1


Offline

PostPosted: Sun Mar 20, 2005 4:34 pm    Post subject: Reply with quote

fyi - i use Pine. http://www.washington.edu/pine/

and i use BSD. so your system of email notify would not work for me. probbaly other sec folks are similar to my setup.
Back to top
View user's profile Send private message
zeedo
SF Reviewer
SF Reviewer


Joined: 01 Sep 2004
Posts: 24
Location: Scotland

Offline

PostPosted: Sun Mar 20, 2005 5:09 pm    Post subject: Reply with quote

Bungle wrote:

How would you suggest going about the problem ? Is there a way you know of that could notify you when someone opens an e-mail you have sent ? Perhaps if both parties are aware of what’s going on ?


If both sides were in on it, Id say use the normal read receipt process, where the recipient's client sends you a return email, alot of email clients support that.

Quote:

I thought the image sent was a 1x1 pixel. I wouldn’t have thought anyone would have noticed it. Anyway we could assume the recipient of my message knew what I was doing so perhaps it wouldn’t matter as it would just have to be a side effect of our notification system.


Most email clients have options such as "don't load remote images", "don't load any images", "don't use html".

In order for the image to be sent it has to be inline with the html, you can't send a link to an image as an attachment if you did it would have to be a shortcut of some kind which would require the user to click it after reading the email, which isn't what you want. You similarly can't include an image in a plain text email, you can't even provide a hyperlink (although most clients will turn URL's into hyperlinks).

When sending an image your recipient has to be using HTML or some other rich format eg.. RTF. Read receipts will only work for those that decide to use them and have clients thats support them.

You can't reliably tell when someone reads an email unless they decide they want to let you know, or decide to use a client that does that for them.
Back to top
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger
comrade
Just Arrived
Just Arrived


Joined: 15 Feb 2005
Posts: 0


Offline

PostPosted: Sun Mar 20, 2005 7:53 pm    Post subject: Reply with quote

I suggest you not pursue this idea very far bungle, its not to practical and the security gained is insignificant from my point of view (if any?).

Quote:
Constantly check for virus / keylogger software.
Change passwords regularly.
Store your PGP keys securely.
Use e-mail read notification.
Don’t spy on Alice and Bob unless you’ve got a lot of carpet cleaner.


All valid points, aside from my disagreement of the worth of that second last one. I'd like to add one though:
Give encryption subkeys expiry dates. This limits the damage to Dorothy only being able to read emails over a set (by you) time period should she ever get your secret key and password without you knowing.
(Alot of people dont like giving their primary signing key a expiry date as that'll lead to all sig's on it eventually being lost, fair enough. If someone other then you does have the ability to sign in your name through whatever means, you'll probably notice if/when they do and change keys accordingly. It's for this reason that the potential of compromised signing keys, at least to me, is far less serious then the potential of having compromised encryption keys)


Oh, and I imagine the NSA has plenty of carpet cleaner ;\
Back to top
View user's profile Send private message
Bungle
Most Paranoid Member!
Most Paranoid Member!


Joined: 03 Feb 2005
Posts: 2


Offline

PostPosted: Sun Mar 20, 2005 8:42 pm    Post subject: Reply with quote

Hi

Wow Shocked thanks everyone for your comments. I only left my computer for a couple of hours and I have 4 replies !! I must remember to stay on SFDC 24 hours a day ! Laughing

I had actually written a response to mxb offline while I was away. It took me a while to write it out so I will post it here at the end just because it’s a shame to delete it now it’s done and to be polite by responding. But I suppose judging by the replies here the whole idea is probably a non starter. I’m sorry for wasting everyone’s time, but I’m sure I will have a good idea one day !


Rowdy Yates
Thank you for the link. I thought it was a joke at first as Pine is a cleaning product in my country Laughing !! I will check the link out in more depth tonight.


Zeedo

I have gone over all that you have written here again and I understand this just isn’t going to work. Thanks for your help in pointing it out.

Comrade

Quote:

Give encryption subkeys expiry dates


Yes clearly this is a better solution. I suppose I had come up with a particularly odd set of circumstances in which to make my idea work or make it useful.

Quote:

Oh, and I imagine the NSA has plenty of carpet cleaner

Laughing


As I said this is what I was going to come back with so just ignore it, I just couldn’t bear to delete it all.

Hi mxb

Quote:

Are you trying to control the email after it has left your computer? Or are you trying to find out when a person reads their email?


Mainly when someone reads the mail I have sent. I have also assumed that the receiver and I have previously met and arranged this. There may even be an understanding that messages between the two of us would only be opened once. I admit I didn’t explain this before.

It started as just a theoretical what if ? Then I thought if someone knew how to make a check like this I would use it. I was trying to find a way / ask if there is a way of logging when someone opens an e-mail. This isn’t for the purposes of advertising or anything. I just thought it would be a useful feature or system for “Alice and Bob”. I thought it might be a way to add an extra check they could perform to help in the scenario above. Maybe Alice and Bob could prearrange a set of times and dates when they would collect mail. Then if any times or dates didn’t match the log on the server they would know what Evil Dorothy was up to.

Without a “received and opened” check in place I think there is a vulnerability there. With it in place there is at least a tracking system albeit very limited.

I suppose it would be most useful as a kind of trap to see if your mail is being opened by someone else. Just like in the scenario above.

Quote:

as the recipient would probably like their privacy too


Yes I understand this. Fair enough. But perhaps if you had an agreement with your contact to do this then it would be ok. In fact the sender and receiver could be the same person !! I’ll explain….

Say you were suspicious your mail was being read or at least attempted to be read without your permission. You could create a new free e-mail account and use this “e-mail read notification” system. Then send an e-mail to your usual address. Then you never open the e-mail you sent to yourself and let it sit there, perhaps you could use an interesting subject title “Bank Details” for instance. Then leave it. Every now and then you could look on your web server log and see if it has ever been opened.
Quote:

The simplest method would be to just ask them for confirmation of delivery

This wouldn’t help in the scenario above as Alice would be no wiser that her mail was being read. She would simply send a confirmation to Bob that she has read it. Even worse, Evil Dorothy could delete the message and return a message to Bob using Alice’s key to imply Alice has read it !

I’m not to sure but I think this is known as a man in the middle attack. Although the attacker isn’t in the middle but to one side as the mail isn’t passing though them. Also she’s a woman. So it’s a woman at the side attack. Laughing
Quote:

which is something I should really put on my emails to Justin...

Hey ! Then I think this system will help you ! At least you will know someone has opened your mail to JT !! It might even have been him !!

Thanks. Wink

Bungle.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Cryptographic Theory and Cryptanalysis - Internal and Transmission Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register