Thursday, December 14, 2006

Evil minds at the keyboard

BigString offers a free email service which enhances the email you send in the following ways:

  • Self-destructing email (the screen image of your email burns up or fades away after being served up to the recipient).

  • Non-printing, non-forwardable email.

  • Messages which were sent from one email account which appear to come from another email account.

  • Email which can be edited or deleted after it has been sent.

  • Email which can be viewed only one time.

All of this is fine when used by responsible and morally upright folks, but if it falls into the wrong hands? Consider the possibilities:
  • Man woos heiress and emails a proposal of marriage. Asks her for the combination of safe deposit box. Once he has the contents, edits his email to delete any mention of wanting to be wed.

  • A person with a grudge email-bombs their target with a huge amount of disturbing and graphic images, maybe illegal, by way of harassment. When the victim calls in the authorities, they find only some innocuous vacation pictures.

  • A spy could send pictures they took of secret documents to their handler (perhaps encrypted) and have them self-destruct.

  • Same as preceeding, only substitute "unfaithful spouse" for "spy."

  • The email-masquerading feature seems like a good way to provoke someone into doing something unwise that they might avoid if they knew who the solicitation was really coming from.

I'm sure that a security maven at the company could come up with some good countermeasures for each of these and others I could dream up (though I do not see them addressed in their FAQ), but it seems like it might be pretty messy. Until then, let all the hack mystery writers be on notice that this is the birth of a brand-new cheesy plot device to use!


Leslie said...

Gosh, this truly makes me feel afraid. Scary stuff.

RichM said...

I guess the moral is that if you receive an email which consists of an image of an email, especially one you cannot print out, then don't trust it to remain unscathed. (I don't think one can rely on the address the email comes from, since premium accounts allow the user to select their own domain.)

Kelley said...

Yikes; as if email isn't dangerous enough already...

I can't believe it enables you to send emails that appear to have originated from a different address. Is this like prank-calling for the next generation of kids?

RichM said...

Email spoofing is a well-known weakness in the system, sadly. These folks are a little too eager to make this kind of forgery easy, in my view.

Isn't free enterprise a marvel!