From nexus@adv.es Wed Sep 4 07:41:11 1996 Received: from dev.adv.es (dev.adv.es [194.224.207.2]) by suburbia.net (8.7.4/Proff-950810) with ESMTP id HAA03267 for ; Wed, 4 Sep 1996 07:41:02 +1000 Received: from [194.224.207.98] by dev.adv.es (Netscape Mail Server v1.1) with SMTP id AAA182 for ; Tue, 3 Sep 1996 23:39:58 +0200 Message-ID: <322B6DFB.39AB@adv.es> Date: Tue, 03 Sep 1996 01:30:03 +0200 From: "I~nigo Gonzalez" Organization: ADV Internet X-Mailer: Mozilla 2.02Gold (Win95; I) MIME-Version: 1.0 To: best-of-security@suburbia.net Subject: Windows NT + Netscape Mail security question. Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit I've been taking a look at the files located in my Windows 95 Box at: \program files\netscape\navigator\mail\* And I've found very funny thet mail is archived there in a single file named as its folder... This gives us a *new* STUPID form of mail spoofing, just by editing the inbox file in the NETSCAPE/NAVIGATOR/MAIL directory and giving it the apparience of a real message. I suppose that on Un*x machines mailboxes are protected by default with file permissions like 600 in standard (i.e. Well known) files; but I still don't know what *really* hapens on NT boxes. ¿ Are users aware of this ? Waiting for your reply, -- I~nigo Gonzalez Comments, questions and sugestions are welcome! Flames, too (/dev/nul is hungry).