Eudora e-mail software - Privacy Protection & Computer Forensics, 2nd Ed pdf

modifications

8.3.3 Eudora e-mail software

Go to Tools/Options and do the following:

8.3 Desirable e-mail software configuration and modifications 139

1. The reader must keep in mind that any ISP has to comply with a court order from a court having authority over that ISP. As such, no ISP can (nor should) condone out-and-out illegality; nor can it (or should it) shield a subscriber from prosecution for flagrant illegality. At the same time, ISPs can be (and should be) expected not to accommodate frivolous or illegal requests by overzealous investigators on fishing expeditions.

1. Under Attachments, select anything other than the default, after having created a folder such as C:\abracadabra\hocuspocus. This prevents a Eudora security weakness from being exploitable. See Figure 8.10.

2. Under Viewing mail, uncheck the “Use Microsoft viewer” option to prevent another known security weakness in Eudora. See Figure 8.11.

Figure 8.10 Eudora e-mail attachments vulnerability.

3. Important: Under Viewing mail, disable the option that allows executables in HTML content. See Figure 8.11.

4. By the way, you may elect to opt for having all incoming and outgoing e-mail copies stored in a fully encrypted volume, rather than keeping them in the open for the world to see. To do this you must first create such encrypted volumes (see Section 6.4.2, for example, for a discussion SCRAMDISK, which uses encrypted volumes). Caution: Users of Eudora should be advised that, like many other software such as Adobe Photoshop, it calls home (the Eudora server) every so often behind a user’s back. The manufacturer claims that this is done merely to find out if a new version of the program is available. Regardless, users would be well advised to disable this dubious feature in all software. Luck- ily, the Eudora Web site has instructions on how to do so. To disable this undesirable attribute, copy and paste the following text into the message window of a new message in Eudora:

DontShowUpdates=1

This text will show up in blue as a URL. Hold down the Alt key and click on the URL. A window will appear asking one to click “OK.” Click “OK.”

Caution: Users of PGP encryption should not use the PGP plug-ins for either Eudora or Outlook/Outlook Express. Instead, encrypt the clipboard and cut and paste the ciphertext into the e-mail software program’s window. The danger is that the Outbox saves on the hard disk—under some conditions—both the plaintext and the ciphertext; this is about the worst- case scenario from a security perspective.

8.4 Secure e-mail conduct online

The following represents a list of recommendations to save you grief in connection with the use of e-mail.

◗ _{Get in the habit of using encryption for all of your e-mail. It is really}

not onerous to do so any more. You have numerous choices. By far the most effective e-mail encryption available to anyone worldwide is the use of PGP. Download PGP 6.58 CKT Build 7 available from numerous online sources (do a Google search for the latest, as they change all the time), but do not install the PGP DISK option, which is defective in most PGP versions. You can use it with any e-mail software you have. Once installed and set up correctly (see Section 11.3 because the default set up may not be the secure one), all you have to do to encrypt messages is type them using a text editor on a RAM disk (see Section 6.2.2). Never save them to disk, but Edit/Copy them onto the clipboard, invoke PGP to encrypt the clipboard, and Edit/Paste them into the message window of whichever e-mail software you are using (even a Web-based free e-mail account such as those provided by yahoo.com, netscape.com, or hotmail.com).

◗ _{Get rid of the bad habit of storing old e-mail forever, especially outgoing}

ones (you are not as culpable for what others e-mail to you as you are for what you e-mail to others). Even large corporations that have taken notice of how other corporations have been stung by the content of employee e-mail are now professing “hard disk storage limitations” as a legitimate-sounding excuse for policies whereby all e-mail is perma- nently removed from corporate records after rather short periods. (“Get rid of,” of course, means not merely to delete—which does noth- ing—but to wipe the disk clean as per Chapter 2.)

◗ _{If you absolutely must keep some old e-mail, then move it to a folder for}

that purpose and encrypt that entire folder’s contents, realizing that in most countries you can be compelled by law enforcement to decrypt it. Consider hiding the fact that such a folder exists by using steganogra- phy (see Section 11.5), or even physically shipping it (encrypted, of course) to a trusted friend in another country for storage on your behalf. See Chapters 10 through 12 on encryption for the numerous options available.

◗ _{Have at least two e-mail accounts: a public one (where you will inevita-}

bly receive junk mail), which you can obtain freely from numerous providers, and a jealously guarded personal one that you give only to trusted correspondents. Even the personal one should not have your true name as part of the e-mail address. Do not cross-contaminate the two. Here again, www.cotse.com comes in very handy; if your account name is, say, [email protected], then any e-mail sent to ****@abcd.cotse.net (where **** can be anything you like) will be delivered to you. This way, you can give your e-mail address as, say, [email protected] to someone you don’t trust. If the address is abused, you can have Cotse bounce back as undeliverable any subse- quent e-mail sent to that made-up address (“user24”).

◗ _{For your personal e-mail account, sign up with any one of many e-mail}

forwarding entities, such as www.cotse.com or www.IEEE.org (for IEEE members only), or with one your own professional organization or college offers that will forward your incoming e-mail to your “real” account. Give only that go-between’s e-mail address to your friends so that when you do change your ISP for whatever reason, you don’t have to notify any of your correspondents (but only that go-between e-mail forwarding service). In addition, you get an extra layer of insulation from assorted online crackpots.

◗ _{If you do use encryption for your e-mail, as is highly recommended, do}

not use a form that allows you to read the messages that you yourself have composed and sent. In other words, do not use S/MIME because the locally saved copy of your outgoing e-mail is also decryptable by the sender, and do not use any symmetric encryption, such as DES; use PGP instead (see Section 11.3). This is to make it impossible for you to

possibly comply with any demand to decrypt outgoing e-mail and to limit your alleged culpability to incoming e-mail only (which you should overwrite soon after reading, by the way, and not keep for pos- terity as it can only cause you grief). If you are concerned (as you should be because you really do lose all control of your e-mail after you have sent it) about what an intended recipient may do with your e-mail (e.g., print it out, paste it into another e-mail that goes out unencrypted to third parties), then you should consider using one of the handful of new commercial schemes that control (with varying degrees of success) your e-mail’s fate even after it is on its way to the intended recipients. See Section 8.4 on this topic.

◗ _{Never reply to unsolicited junk mail that offers to remove your name}

from its distribution list as this will confirm that your e-mail address is valid and will subject you to more junk e-mail. Unsolicited e-mail is a societal, not a technical, problem; laws to ban it will be about as effective as laws to ban bad weather. The best you can do is to give your e-mail address only to trusted individuals. Give the rest disposable Webmail addresses and dispose of them when the amount of unsolicited e-mail becomes too annoying.

◗ _{Do not access any e-mail attachments unless you have already installed}

an antivirus software that checks attachments, and it is current, and you know the sender, and you are expecting such an attachment from the sender. Most e-mail-propagated viruses/Trojans/worms come as e-mails that have hijacked the e-mail address of a sender you trust. If all of the above conditions are met, use safe software for opening some kinds of attachments, such as Word Viewer in the case of Microsoft Word files. If the e-mail does not meet those qualifications, delete it without opening the attachment, and then go and overwrite the attached file (which usually stays in your disk even after you delete the e-mail that brought it).

◗ _{If you use Eudora for e-mail, perform the bug-fixing steps listed in Sec-}

tion 8.3.3.

◗ _{Most important of all, always keep in mind that unless you encrypt}

your e-mail and also hide the “from whom” and “to whom” information from whomever you are concerned may be intercepting your e-mail (now or through forensics in the future), do not compose e-mail that you would not want used against you in a court of law. Even if you do encrypt your e-mail, you still have no control over what the intended recipient does with it, and it could still haunt you in the future.

◗ _{If, for whatever reason (such as by virtue of being the publisher of the}

newspaper of the political opposition in your country), you are the likely target of extensive surveillance by those with the means to do so, then do the following:

1. Forget about using e-mail for your sensitive communications needs.

2. Consider establishing an account with an out-of-country ISP and establishing an encrypted (128-bit SSL; see Section 9.7.1) connection with that ISP before anything else. Alternately, you can use a local ISP and simply connect to the Web site of an out-of-country commercial entity that offers end-to-end SSL encryption between its site and your computer, such as https://www.rewebber.com or https://www.cotse.net.

Caution: Most so-called anonymous remailers, such as www.ano- nymizer.com, are not recommended at all because they have one or more of the following security shortcomings:

a. They may not remove your IP address from what is sent; even though the e-mail received by one may appear to be coming from god@heaven, the IP address and the rest of the information in the detailed header (see Section 8.5) of the message pretty much give away where it came from.

b. They may not be establishing an encrypted connection between your computer and theirs, leaving you vulnerable to local inter- ception and to snooping by your local ISP.

c. They may be keeping a copy of all traffic going through them, which can be subpoenaed by the authorities of the country where that remailer is located.

d. Pseudonymous remailers (which assign you a pseudonym in place of your true e-mail address so that others can respond to you through that remailer), too, are vulnerable to a subpoena from their local judicial systems and will reveal who said what to whom and when. This, in fact, happened with a Finnish remailer (anon.penet.fi) a few years ago.

3. Consider the use of encrypted concatenated remailers (Mixmaster, etc.) through the use of programs like Private Idaho or Jack B Nim- ble, available for free worldwide and discussed in more detail in Sections 9.6 and 9.15. Keep in mind that the use of such schemes stands out like the proverbial sore thumb if someone is keeping tabs on your online activities; however, they do protect the content of your messages as well as the “from whom” and “to whom” information.

8.4.1 Self-protecting e-mail “Today’s e-mail, tomorrow’s legal evidence.”

Getting rid of incoming e-mail and of locally kept copies of outgoing e-mail is not simple. Some e-mail software packages (such as Outlook an Outlook Express) tend to store e-mail in assorted proprietary condensed ways whereby one cannot simply identify a single file that contains just one piece

of e-mail so as to get rid of it. Instead, one has to depend on the good graces of each such piece of software to respond to a user’s request to delete an e-mail that one would rather not keep on one’s disk. (This usually places that particular e-mail in yet another location on the hard disk corresponding to the trash folder of the e-mail software that one needs also to get rid of).

If, despite all the vulnerabilities discussed in this book, one persists in not insisting on encryption for all incoming e-mail, one can work around the security vulnerabilities of e-mail software by asking correspondents to send e-mail as an attachment rather than as text in the body of the e-mail. In that case, the attachment is a file that can be overwritten and wiped clean as needed by the recipient.

For e-mail whose text is in the main body, as is the case with the vast majority of e-mail, about the only effective strategy is to customize one’s e-mail software to store incoming e-mail and the e-mail software’s trash folder on a RAM disk (see Section 6.2.2). This is not easily done with most e-mail software that tends to store files within its own subdirectory in the Program Files folder.

In the case of Eudora Pro, change the “Target” line under Properties for the Eudora shortcut icon on one’s desktop to the following:

E:\Mailbox\Eudora.ini where:

“E:\” is the name of whichever drive is used for the RAM disk (it can be D:\ or whatever else);

“Mailbox” is whichever name one wants to give to the folder (which must have been created in advance for the occasion).

If that is not possible, then do the following:

1. Delete incoming e-mail.

2. Delete the same e-mail from the e-mail software’s Trash folder.

3. Proceed with a full disk defragmentation.

4. Follow up with a full disk wiping (slack, free space, and swap file) (see Chapter 2).

All this pales in comparison with the potential headaches from outgoing e-mail for the following reasons:

1. Unlike incoming e-mail for which the recipient is not legally liable, outgoing e-mail is the sender’s full legal responsibility.

2. Once outgoing e-mail has left, the sender loses all control of it and is at the mercy of its intended recipients.

3. E-mail can end up in the wrong recipient’s hands through many possible ways:

a. The sender inadvertently clicked on the recipient directly above or below the name of the intended recipient in the sender’s local address book.

b. The sender mistyped the recipient’s e-mail address, and the e-mail was rerouted by the receiving host to the “e-mail post- master” there (this is common in universities), who read it in an attempt to figure out who it was for and forwarded it to numerous possible intended recipients “just in case.”

c. The Internet erred, as it often does, and directed an e-mail to the wrong place.

Even under the best of circumstances, when the e-mail goes only to its intended recipient, the sender has still lost control of that e-mail. The recipient can forward or redirect it to others, can print it and keep or send copies to others, can take portions of out of their context and paste them into e-mails to others (possibly after having altered the material), and so on. This is not unlike the priest’s saying in a sermon, “The Devil wants you to think that ‘God is dead’,” which a newspaper headline reports as “Priest says in sermon that ‘God is dead’.”

In more practical terms, a corporation may understandably want to ensure that its internal, confidential, and proprietary e-mails do not leave its confines. There is a need, therefore, for a means whereby e-mail

1. Can only be read by the intended recipient;

2. Cannot be printed or electronically copied.

The first requirement is easily met with public-key encryption (see Section 10.2.3). The message is encrypted to the public key of the intended recipient, who is the only one who can read it.

The second requirement is vastly more difficult to meet because depends on the receiving computer’s unknown capabilities and operating system:

1. To prevent printing, the receiving computer’s “Print Screen” func- tion must be disabled.

2. To prevent editing, copying, and pasting, the receiving computer’s e-mail software itself must be changed.

A handful of commercial solutions to this conundrum have been marketed:

1. Cryptolopes (from Cryptographic Envelopes) (www.research. ibm.com/people/k/kaplan/cryptolope-docs/crypap.html): This IBM effort was transferred to Lotus in late 1997. The initial version, Cryp- tolope Live Server, was to allow Web publishers both to protect and to sell data on the Web.

2. Secure Information Management System 2.0 by TriStrate (www. tristrata.com): This software solution runs on any TCP/IP network intended to provide end-to-end file, e-mail, and VPN security. It is integrated with MS Exchange, Outlook, and Lotus 4.1–4.6.

3. Disappearing from Disappearing Inc. (www.disappearing.com/faq3. html): Very perceptively, that company’s own product description states that it cannot protect against someone’s defeating the purpose of its product by doing a screen capture, screen print, and the like, but is intended for the situation when “all parties are interested in a private exchange.”

4. Content Guard by Xerox Corporation (www.contentguard.com/ productmenu.htm): This product converts documents from many popular file formats to encrypted self-protecting documents without requiring consumers to install any client-side software to access the protected documents. If this is indeed true, then the product is unlikely to be particularly secure because protected documents

In document Privacy Protection & Computer Forensics, 2nd Ed pdf (Page 160-169)