-Caveat Lector- Don’t type that: Yahoo edits e-mail
By Stefanie Olsen July 17 — What does Yahoo Mail have against mocha? That’s what users of the company’s free e-mail service may be wondering if they try to send a message using the word “mocha” and discover that while in transit, “mocha” mysteriously changes to “espresso.” To protect users from malicious code, Yahoo uses an automated filter to swap out a handful of words such as “mocha” that pertain to Web code known as JavaScript. THE REASON IS that e-mail sent in a form known as “Web enhanced” can contain JavaScript instructions that can run programs on the recipient’s PC. JavaScript is a Web language that can issue commands such as telling the browser to open up other windows or to prompt a service to change a password, for example. “Mocha” is one of those special commands that can be run from Web-enhanced e-mail—typing “mocha:” into the location bar of the Netscape browser will open up a screen with a display area and a text box underneath, in which commands can be entered. A malicious hacker could, for example, use the command line to run a program to change a person’s password without their knowledge. To prevent such attacks on its customers, Yahoo searches and automatically replaces key terms—a step that is not disclosed to users and that goes beyond what other companies are doing. While acknowledging that it searches and replaces certain words, a Yahoo representative would not say when it started the practice. For example, Yahoo’s filter changes the term “eval”—a JavaScript command used to evaluate a string of code—to “review.” So an HTML message sent to a business acquaintance with the word “evaluate” would change to the curiously formed “reviewuate.” “Medieval” also is tweaked to become “Medireview.” Although the new word is not found in Merriam-Webster’s dictionary, it results in 1,150 related matches when typed into the Google search engine—an indication of how many e- mails Yahoo has tweaked. Yahoo’s intentions are not to confuse subscribers or play e-mail Big Brother, but to protect against potential security risks, the company says. “To ensure the highest level of security for our users, Yahoo employs automated software to protect our users from potential cross- scripting violations,” said Yahoo spokeswoman Mary Osako. Security experts said it is common for Web-based e-mail services such as Yahoo and Hotmail to filter JavaScript from HTML e-mail, given that malicious hackers can use the code to hack into a person’s computer or change passwords. But, they say, Yahoo’s methods are odd. OUTER LIMITS OF FILTERING? “This is kind of in the twilight zone,” said Richard Smith, a security and privacy expert who runs a Web site called ComputerBytesMan.com. “You don’t need to change text of e-mail; you just need to change the script tags. That’s what everybody else does,” Smith said. MSN’s Hotmail, for example, filters out JavaScript commands, or tags, in HTML e-mail without changing words, according to an MSN representative. (MSNBC is a Microsoft - NBC joint venture.) Many other Web-based services, such as bulletin boards and chat rooms, filter out JavaScript commands too. “If you don’t filter JavaScript, then you can have malicious JavaScript-coded messages that start messing with somebody’s e-mail account,” Smith noted. ------------------------ "In little more than a year we have gone from enjoying peace and the most prosperous economy in our history, to a nation plunged into war, recession and fear. This is a nation being transformed before our very eyes." http://www.truthout.com Steve Wingate, Webmaster ANOMALOUS IMAGES AND UFO FILES http://www.anomalous-images.com <A HREF="http://www.ctrl.org/";>www.ctrl.org</A> DECLARATION & DISCLAIMER ========== CTRL is a discussion & informational exchange list. Proselytizing propagandic screeds are unwelcomed. Substance—not soap-boxing—please! These are sordid matters and 'conspiracy theory'—with its many half-truths, mis- directions and outright frauds—is used politically by different groups with major and minor effects spread throughout the spectrum of time and thought. That being said, CTRLgives no endorsement to the validity of posts, and always suggests to readers; be wary of what you read. CTRL gives no credence to Holocaust denial and nazi's need not apply. Let us please be civil and as always, Caveat Lector. ======================================================================== Archives Available at: http://peach.ease.lsoft.com/archives/ctrl.html <A HREF="http://peach.ease.lsoft.com/archives/ctrl.html";>Archives of [EMAIL PROTECTED]</A> http:[EMAIL PROTECTED]/ <A HREF="http:[EMAIL PROTECTED]/";>ctrl</A> ======================================================================== To subscribe to Conspiracy Theory Research List[CTRL] send email: SUBSCRIBE CTRL [to:] [EMAIL PROTECTED] To UNsubscribe to Conspiracy Theory Research List[CTRL] send email: SIGNOFF CTRL [to:] [EMAIL PROTECTED] Om
