VSNL server offers window to e-intruders

This PT Monitor was published on Saturday, 26th April 2003 in ‘The Times of India’ – Pune Times edition by Mr. Huned Contractor.

How safe is the email account provided by the Videsh Sanchar Nigam Limited? The answer to this, as discovered by city-based software expert Ashish Annachhatre, is that it is secure only as long as you always remember to log off and do not simply close the window. “Each time that you do not log off, you are exposing yourself to a high risk of intrusion by someone who has snatched an important piece of information from the email header. This implies that not only can your email be read by anyone, but it can lead to other dangerous complications such as the ransacking of your address book, attacks by virus or using your email identity to send fake messages,” claims Annachhatre, who stumbled upon this flaw while testing the protocols of email service providers for one of his clients.
Providing a demonstration of how it works, Annachhatre says that this black hole in the system is only because VSNL headers have a code that other service providers like Yahoo or Lycos do not contain. “This kind of break-in does not, however make it possible for an intruder to gain access into the internet account and use the subscriber’s hours of usage. All it does is open up a channel that leads straight into the email account of the user,” explains Annachhatre.

VSNL is unaware of this mode of hacking. “Our home page makes it very clear that all users should compulsorily log out so as to prevent any kind of misuse. This is essential to cut the transaction. Also, switching off the computer will automatically break the email transaction,” states VSNL’s general manager Shaikh Abdulrahim. Coincidentally, VSNL has sent out a mail to its more than seven lakh subscribers about the new features that it will introduce in its email facility. This will include better organisation of email by distributing them across folders of your choice, maintaining contact lists on-line, sending out automatic messages when you are on vacation and not likely to check your mail, enabling you to forward your mails to alternative email accounts and personalising the look of your account.


Software expert Ashish Annachhatre

Annachhatre, meanwhile, is quite willing to prove that all such added features will only take the risk level a step higher, claiming that this risk of an ‘open house’ can be eliminated only if VSNL can work on changing the content of the data that goes out with its header. It is now up to the software brains to devise a solution. All that the user needs to realise is that locking a door is the best way to keep out the thieves.