h2g2 The Hitchhiker's Guide to the Galaxy: Earth Edition

There are some missconceptions floating around. For those of you who don't know how email actually works.

1. Click tyhe link below to open a new window that will give you the opportunity to send a news story to someone.
http://newsvote.bbc.co.uk/mpapps/pagetools/email/news.bbc.co.uk/2/hi/uk_news/england/lancashire/3490597.stm

2. In the feild labelled to. Enter your own email address.
3. Under "Your Details" enter Fred Flintstone and in the email address field enter [email protected]
4. Hit the send button.
5. Check the result in your inbox.

By show of [virtual] hands who thinks they have "hijacked" the email account of poor Mr Fred Flintstone.

NB - People who know about this already, please wait a few posts.

Done your experiment Wraith...got an email from [email protected] on behalf of Fred Flintstone.



What now? Are you saying that the BBC don't check out if an email addy is real?

would always be wary of sending my email address to another email address when I don't know whom that belongs to.


(beware 'email phreaking' which is "not against the law")

Good result so far. But V you got it backward it seems. Your own address goes in the "to" feild.

If phreaking were illegal then I wouldn't have had to nix 3,000 spam messages from my email account after being away from it for 2 weeks. But that beside the point of this exercise.

"What now? Are you saying that the BBC don't check out if an email addy is real?"

As morpheus said "what is, real?"

Bump and waits for more

This is very interesting! I'll check it out when I get home.
(I didn't like the Matrix, but it's interesting...)

Way-hay! I've hijacked Fred Flintstone's e-mail!

Wait...

Hold on a minute...

Did they have e-mail in Bedrock?

Hmmm - might explain how I kept getting spam e-mails from myself.

*bump*

I've used it myself to send news stories home to read from various news sites.

I don't get it

I haven't tried it btw. But does someone want to explain?

Sorry Kea. Someone else might pick up the thread but I'm no longer in the mood for this place

A simple mail script, it sends a predefined e-mail message to any e-mail address entered into it. Or rather, it sends a /request/ to send the e-mail, to the predefined SMTP server.

This can be used intentionally to 'phreak' someone's e-mail account, pretending to be them, essentially committing identity theft - or at least, sending e-mails from their account, without actually USING their account.

An example. You could forge the following in the headers of an e-mail using such a script. (The headers are what make up the e-mail and define what type of e-mail it is, who sent it, what machines handled it, etc, etc)

From: [email protected]
To: [You]
Subject: [Whatever]
Message:
Recently you tried to illegally hack the bbc.co.uk servers. Our lawyers are investigating. See you in court mate.

---

Now, obviously the above is an example. But it's possible for this to be sent. And thus, the recipient may hit the reply button, getting the BBCi Webmaster(s) - VERY confused.

By the way - this simply means that you'd get an e-mail from [whatever e-mail address you use] giving a link to the news story online (or a toned down version of the story. I've not seen what this script does). (The message is predefined before sending the e-mail [Probably generated on the fly - most definitely in fact])

Right. I am obviously a *wee* bit slow for this, but i will endeavour to understand.

Ok. Sorry. When I say 'Basically...' and start off, I always end up in a pile of speak.

I'll try again.

Basically, a program on the news. bbc.co.uk servers allows users of its site to enter their e-mail (and a friend's it would seem), and it would send an e-mail to your friend's e-mail address pretending to come from you. (By putting your e-mail address in the 'from' field).

This is a tiny piece of code in the program which looks like this (Pseudo code to minimise speak. )
send_an_e-mail(to=Friend, from=You, with_the_subject="Blah")
You can forge the 'From' part to be anything you like. Fact, it doesn't even have to exist. You could put from=God, and it wouldn't check (*Doesn't question the existence of 'God'.*

Although, on this thought, computers aren't daft. They'll always question God's existence. A funny UNIX command response illustrates this. But I've moved into speak again. Sorry. )

<>
Could you demonstrate, and if you did would a non-etchie understand? I'd like to know, it sounds funny.

I thought the question was... Who thinks they have used somebody elses e-mail. "Hijacked." - Did you have it in mind that there *might be* an address of that name.

A thought process test. Did you even think "what if" the fake name you use in such forms does exist, and a reply might sent back to: "[email protected]" for example.

Noticed one person ask about "@bedrock."
Will the originator of the thread come back to state the intent of this thread, was it simply to show you can use fake names?

*still confused as to what is going on*

The originator unsubscribed after post 11 saying "I'm no longer in the mood"

I've read all the threads and I haven't the faintest idea what's going on. Is there a society for techno thickies on hootoo? Perhaps I should start one.

Liz
~