Rhodri Marsden: The true cost of email security
Wednesday 21 April 2010
I have a friend called Jenny. I don't receive many emails from her – for some reason we don't have that kind of relationship – but the ones I do get are worded awkwardly and tend to urge me to buy stuff. This isn't what I'd expect from her, frankly. She's highly literate and a bit of a closet hippy, and this doesn't square very well with her references to exciting new "electornic" gadgets, and insisting that this is a "really good chance for shoping". Sadly, Jenny has become one of thousands of "malware mules", whose email account details and passwords are available on the black market from anywhere between 65p and £13. A down payment of this piffling sum gives you access to her online address book (including my own details) and thus the unmissable opportunity to send me messages masquerading as friendly communiqués from Jenny that begin with the words "Hello Dear" before immediately segueing into a sales pitch for a popular brand of training shoe.
The evil masterminds behind all this figure, quite rightly, that we're more likely to open messages from people who are embedded within our address books – even if the subject lines of their emails are suspiciously reminiscent of spam, eg, "you'll be the super lover". Not only that, the message is far less likely to be rejected in the first place by spam filters, which are, thankfully, getting better at rejecting random missives from non-existent humans advising us of tempting ways to boost our flagging sexual appeal. This hijacking of email accounts is just one contributory factor towards the ever-increasing level of spam that mail servers are having to deal with: up 6 per cent in the first three months of this year over the same period in 2009.
But spam is only one of the problems faced by the malware mules. We store all kinds of personal information in our webmail. Login details to various websites, including online banking and credit card sites, can get lodged in online inboxes without us even thinking; perhaps we've sent them to a trusted friend so we can access said sites on their computer, or just emailed them to ourselves as a reminder. But once we've done that, they sit on the email server for perpetuity – unless we delete them – and the only barrier to them being accessed is the guessing of one password. And a recent analysis of breached passwords showed that hundreds of thousands of people worldwide still consider the password "123456" to be a pretty clever security device. It isn't.
Security software firm Symantec has just highlighted this issue in one of its regular, and by their nature slightly harrowing, Internet Security Threat Reports. Con Mallon from the company underlines the dangers by stressing that all our passwords could thus be obtained for less than a pound. For this scenario to occur you'd have to be pretty unlucky, and a bit stupid, but many people, including me, can easily fall into that category from time to time. And with cyber crime having recently overtaken the international drug trade as the most lucrative illegal global business, we'd do well to take Symantec's advice, change our passwords, and stop using our email accounts as pathetically insecure filing cabinets.
Another example of malfunctioning security was exposed on Monday, when Apple inadvertently revealed its new iPhone model about three months early, thanks to an employee who went out for the night in Redwood City with a prototype in his or her back pocket, and ended up leaving it on a bar stool. Many of us have lost a phone after two drinks too many, but few of us have had to face the wrath of our employers on Monday morning as a direct result. The fate of the unfortunate employee isn't known, but before Apple remotely disabled the device the new owners were able to ascertain that it was running the hitherto unseen iPhone 4.0 software, at which point they handed it over to technology website Gizmodo. As Apple's powers stop short of being able to remotely retrieve the device via some gigantic geolocating magnet (the company is reported to "want it back") Gizmodo treated us to a YouTube showing-off: it has a front-mounted camera for video chatting, a larger battery (thanks to the other components slimming down) and a squared-off construction faintly reminiscent of a Braun gadget from circa 1972. It's atypical for Apple to have scuppered a big reveal moment in this fashion – but predictably, it hasn't stopped people wanting one. Now, when's my upgrade due?
Life & Style blogs
Who is Teresa Fidalgo? Debunking the fake ghost story that's got Instagram spooked
Geeks who rocked the world: Documentary looks back at origins of the computer-games industry
Deliberately urinating before sex can increase risk of urinary tract infections
Cervical cancer: Charity urges women to post messy lipstick selfies to promote smear tests
Broadmoor financial scandal: The £4m of NHS funds wasted at high-security hospital
Nigel Farage: NHS might have to be replaced by private health insurance
'We would evict Queen from Buckingham Palace and allocate her council house,' say Greens
French court convicts three over homophobic tweets, in case hailed as a 'significant victory' by LGBT rights campaigners
British Muslim school children suffering a backlash of abuse following Paris attacks
George Galloway condemns 'racist, Islamophobic, hypocritical rag' Charlie Hebdo at freedom of speech rally
Islamic history is full of free thinkers - but recent attempts to suppress critical thought are verging on the absurd
- 1 The truth about 'girl things': Three cheers for Heather Watson's honesty
- 2 Man who held up 'hire me' sign at Waterloo station returns a year later with 'I'm hiring' sign
- 3 UK weather: Snow to fall in the coming week with sub-zero temperatures to last until early February
- 4 Saudi preacher who 'raped and tortured' his five -year-old daughter to death is released after paying 'blood money'
- 5 Men behaving badly: Urinating while standing, 'manspreading' and the gendering of selfishness
iJobs Gadgets & Tech
£25000 - £30000 per annum: Ashdown Group: Junior Test Analyst/Systems Administ...
£40000 - £65000 per annum: Recruitment Genius: A Global Real Estate Software P...
Negotiable: Recruitment Genius: This is an exciting opportunity for a talented...
£17000 - £26000 per annum: Recruitment Genius: Due to continuing growth, recru...