Mark as unread - gmail and yahoo
Sarad AV
jtrjtrjtr2001 at yahoo.com
Wed Jun 3 08:30:21 PDT 2009
Hi,
it has been some time since both gmail and yahoo has introduced this (Mark as unread) feature in their webmail access.
if your mail account has been compromised (someone else figures your password), then the attacker can at will read your unread mail and then mark it as unread. When the 'mark as read' option was not available, a successful attacker would have to delete the unread email to do avoid detection, but then the sender will at some point of time inform the recipient about the mail that he never received.
In both cases, the attacker can still read all the mails already read by the recipient but if the recipient has the habit of deleting(including trash) immediately after reading the mail, it helps the attacker to have a mark as unread option. As soon as the mail arrives, the attacker reads it and marks it as unread. Then the recipient gets to read it and he will immediately delete it.
as far as mail clients such as Outlook goes, I think if it is deleted from webmail, it will not appear in your Outlook mail client (not sure, someone can confirm this). It may be better for security if there is no unread option.
Moreover, Gmail allows you to see the last login ip to your email and the current session ip's but that won't help if the attacker is from the same organization (with a lot of computers connecting through the same public ip) that you use to access your email.
Comments?
Thank you,
Sarad.
More information about the cypherpunks-legacy
mailing list