A number of times email users have complained about hacking into their email accounts and having their privacy infringed. By privacy being infringed, i mean, for example, it is possible to know from an auto summer holiday reply that a certain email user is away for holiday. It is also possible to know that some one is out of office for a certain journey and for how long. This itself can lure the "bad guys" into launching certain attacks since they can easily plan for their time well based on the duration of the vacation or holiday as mentioned in the auto reply. Not only attacks to systems, but also physical robbery, or theft at the users home can easily be launched.
In this blog we would want to assess and see if this is a realistic privacy concern and if so, what other consequenses can come along with it. Imagine if the netwrok administrator is having a vacation to china for 1 month, what possible attacks can be anticipated that could easily and successfuly be launched based on the time schedule?
You can mention a number of other issues that you think are privacy and security related in terms of auto reply technologies. And any way, is privacy really a concern in this scenario or it is an "i dont care" aspect?
Your ideas are welcome
By
Fred Kaggwa
Lecturer/Head, Computer Security Research Group
Institute of Computer Science,
Mbarara University of Science and Technology, Uganda
EMAIL: kaggwa_fred@must.ac.ug or fred.kaggwa@gmail.com
Oh ,there are a lot of security attacks because the security administrator is in china.
ReplyDeleteone :The attacker will can use software engineering method to induce the local employees to give in their detail now that the security administrator is abroad.
On auto reply ,i think its a risky venture for the person sending because if it was an attacker and the Auto reply said "Am out of the country and i will be back in two weeks time",thats an opportunity for the Attacker whhich may cause a lot damage if the Attacker succed.
I advised people to be very sensitive on the kind of auto reply set.if me i would say "Thank for mailing me i will reach you soon"
visit me on oryemcollin.blogspot.com and we enjoy sharing ideas.
Security expert are great people are you one?
oryemcollin
This comment has been removed by the author.
ReplyDeleteperiodic change of passwords is necessary to prevent hackers and crackers from doing what they do.one should have a password that has strong variable characters.(having both letters and digits)
ReplyDeleteemail messages use internate and accommodates many characters while ordinally mobile messages do not use internate and has a few characters
it's a privacy concern because your secret information should not be accessed by unauthorized people when you are away.
ReplyDeletesome of the attacks are modification of messages and replay of messages
using strong passwords
changing passwords every time
not sharing your passwords with other people
thanks so much for the lecture. I have learnt that i should not share my password with anyone not even a friend/relative,use astrong password of atleast eight character,and change it regulary.
ReplyDeleteReally it is quiet unfortunate that we are never safe in communication using an email because it is presently realistic that my mails are not safe due to the enlightenment I have obtain in computer security.It is true that Auto-email replies publicize an individual thus allowing the "bad guys" ,that is ,the hacks can monitor read and probably modify the messages to there advantage but auto emails are really a great advantage and a guide to hackers both electronically and physically.Never the less they are quiet important!!. So what should be done e-mails service provider is an important point to consider depending on technology strength , server capacity and the finance status of the email service provider.I have used Google that is g mail where I have received few unexpected mail from the spam called to break thru email service provider where I would receive very many authorized email .Server capacity I have also had an experience with using yahoo and it has been being hacked in a lot probably if a given official I was using auto e-mails and it is too hard to avoid them g mail would be safer than yahoo and break thru .This condition might not be permanent because of the prevailing changes in email technology.
ReplyDeleteKeystroke records are made by surveillance software to keep track of use on a computer whereby a Surveillance software is used by administrators and employers to make sure employees are efficient and that outsiders are not visiting inappropriate websites. You can delete keystroke records from your computer once you have viewed them to clear up some space on your hard drive. Some programs may require an administrator password from the program to access the files so make sure you have the username and password information handy.
ReplyDeleteit is extremely important to delete hardware keystroke loggers from your computer as quickly as possible.
it has been realized that a hardware keystroke logger captures the keystrokes you perform while using the Internet (and captures passwords for online accounts, including banking information) and sends it over your Internet connection to a third-party computer, which can then access your personal information and steal your data or funds.
lets watch out.
therefore we should Launch the anti-virus software installed on the computer.
having atleast two email accounts could help so that one is completely private and confidential then another's passwordcan be shared because i trust non fully
ReplyDeleteIn cases of a Network administrator being on holiday or outside office,an inside attacker or fellow employee may use this chance to access or hack into the Administrator's account and use it to send inciting messages to their company bosses,so the Administrators should maintain a strong security access policy that includes use of strong password that is a combination of different characters that are difficult to de-encrypt.
ReplyDelete2010/BIT/245/PS
auto reply technologies are of great use for fast and simplified communication, however, the best way to protect or secure your privacy would be to avoid the inclusion of secular matters or vital information in such messages but rather pass them verbally to the staff - Suah M Wallace
ReplyDeleteViruses being downloaded are the most frequent ways of hackers enter into your system and do harm to your data.
ReplyDeleteBut through some measurements like installing internet security software gives a way to always block those pop up windows and soft-wares without well established publishers. E.g. Norton Internet security, Eset nod Internet security, Panda internet security etc.
Another way in many cases some browsers like internet explorer 8 and 9 they have catered for such viruses, they give you options on whether you want to allow particular pop ups on not so always select no if you want to be secure. Explorer also scans every download it does download and allows you to download.
Note: Its not only explorer but also other web browsers also try to do the same, all you have to do is to read those messages offered by those browsers.
Gladys Nakabuye
ReplyDeleteAbout the email issue: at times it is the owners of these es do emails who give out their passwords to relatives, friends among others hence privacy is deprived from from.
concerning viruses: the individual's lack of awareness is still a cause due to the fact that some email owners do not even know that viruses are dangerous.
on the issue of keystroke loggers: it works better for the organization that does it since security is being strengthened. then on the other hand the employee will not be secure since he lacks privacy.
then when it comes to email storage: it can not be trusted at all: i have a belief that the email service providers have the ability to check every ones' email.
From my sight of view, i think auto Email replies is not a good idea to the side of security. It can cause very many problems to the owner just because of informing the public on what ever issue you are going to.
ReplyDeleteAttackers will get it easier to track your moves hence utilizing that chance to do their job.
The network is not secure just because the real people we call administrators also have their goals.Therefore if we take an example of Nasser Ntege Ssebaggala and the MTN company,they used his voice for profit orientation.This shows that even the service providers have their goals that's why they can track what ever conversations that clients take.
There fore its not good to leave the auto Email replies because of privacy.
regards
2010/bcs/055/ps
The best idea would be avoiding the sharing of classified information online.
ReplyDeletecomputer privacy is of great concern today and despite the proclamation that many people should follow certain procedures to create passwords, hackers are still advancing there means of cracking the new security tools....
ReplyDeleteThe main point should be continually change there protection means and beat down the hackers
i think auto email replies could real cause issues because once one is logged on and his computer is on the internet network,it is very easy for the hacker to get into his system and do whatever they want, attacks like replay attacks and masquerade may occur or even data disclosure and alterations.
ReplyDeleteTherefore auto email replies are good but also bad when one is the target for hackers.2010/BIT/192/PS SUNDAY BRENDA
I strongly disagree with auto mail reply simply because in most cases it does not rhyme with the request.For example,you may want to communicate to someone about the agreement that you had before,only to receive the reply "out of office,no thank you" even if the person still holds to the agreement.
ReplyDeleteI think its privacy violation because secret information should not be accessed by unauthorized people.Addition ,it inflicts on ones confidential information
ReplyDeleteits amazing how this evolving technology is about to make us victims of our own action because the issue to sharing the Email password is equal to rendering it public because the is no guarantee that it will not be used with out you awareness.
ReplyDeleteOn the point of auto-reply its really beneficial to busy guy with limited time but it can also be dangerous when it comes to spam mails.
The only way i think u can avoid spam mails is by activating spam blockers and being careful with the source of the Emails received
2010/bit/027
Auto emails are intended to respond automatically to emails that an individual receives and the individual is responsible for the contents of that auto email.
ReplyDeleteSo in my own opinion i think those auto emails should not contain personal information like you are going on vacation because this gives attackers a chance to attack your system or home since they will know that you are not around
2009/BCS/001
Setting up a vacation response in your Email to automatically reply to anyone who emails you seems to be very risky, because you may be replying the "bad guys" giving opportunity to various attacks.
ReplyDelete2010/bcs/057/ps
interesting,i Nuwamanya Isaac swear never to use easily guessed passwords like my girlfriend's name or to avoid using password hints.thx
ReplyDelete2010/bcs/054/ps Nasiima Jackson :
ReplyDeleteThis an interesting forum on the implications of the auto e-mail replies are very important but they can be malicious to the sender both physically and electronically.Physically when the hacker traps the message that one is not at home and hacker gets the right guideline on how to attack your home.Electronically the hacker may modify the message "am not in office"."Am not in office please transfer to million to my crane bank account 6784588945667.This causes loss of money.Awareness and training members of a given organization about suspicious message is always a sure way of safe.Otherwise once auto email are attacked they can be hazardous to members of the organization.