Tuesday, September 13, 2011

Missing dot in an email is bliss for a hacker

In an interesting revelation, vulnerability of an email address due to a missing dot is revealed. According to internet researchers a missing dot, in an e-mail address exposes it to hackers and cyber thieves. By forming web domains containing the normally mis spelt typos, the researchers received the mails that otherwise would have been bounced back instead of being delivered. The researchers got hold of about 20 GB of data as result of 120,000 wrongly sent email messages.   Some of the data recorded by researchers contained user’s names, passwords and detailed information of corporate networks. This research underlined about one quarter of US 500 fortune companies vulnerable to this shortcoming.       

The configuration of    email systems by companies is the primary cause for this drawback. For business units an organization uses sub-domains to ease the communication. If an email address is typed while missing the dot in sub domain for example, xyzABC.com instead of xyz.ABC.com then the message either bounces back or is mailed to a similar domain as xyzABC.com.   A hacker can make use of this weakness of typing a message on mail by buying similar domains.  

No comments: