Thursday, March 29, 2007

What E-Mail Hackers Know that You Don't

E-mail systems such as Microsoft Exchange, Lotus Notes and GroupWise were constructed with a single purpose in mind: accept and send the maximum amount of mail, and route that mail as efficiently as possible. Without question this has succeeded; e-mail is the most commonly utilized business communication tool on the planet, and its use is projected to continue to rise.

Unfortunately, e-mail's sharp rise in popularity makes it an attractive target for individuals seeking to do harm, either for their own misguided personal satisfaction, or more likely, for financial gain. The first e-mail hackers found simple vulnerabilities in the operating systems and protocol stacks of e-mail systems, and exploited these known weaknesses. Now, however, hackers and virus writers have become specialists, constantly developing new and innovative methods of overcoming the improvements made in today's security systems. The game of cat-and-mouse is unlikely to end any time soon, if ever. With every improvement in defensive techniques, hackers and virus writers modify their tactics in an attempt to circumvent these defenses and wreak havoc on corporate networks. This document outlines how hackers are exploiting vulnerabilities in e-mail systems, and describes the widely available hacking tools they use. As a collection of already published risks to e-mail security, this white paper is written to educate IT security managers on the challenges they face.

here is the pdf file

No comments: