[+] Wayc0de's Blog[+]

27/09/11

Amstrad's retro E-m@iler, email privacy and data loss

Amstrad E-m@ilerThere have been two recent occasions on which my computing life has been influenced by Lord Sugar, the business mogul who founded Amstrad and the star of BBC One's reality TV show "The Apprentice".

The first was on a visit to the National Museum of Computing at Bletchley Park, where I got to use an old Amstrad computer. It was running a Tetris clone called Blox created - as was proudly proclaimed on the game screen - by an upstart programmer called "G Cluley".

The second was this weekend, when the device you see in the picture showed up in a charity shop. This is the Amstrad E-m@iler Plus, a sort of executive phone/internet thing released by Amstrad in 2002.
Being a fan of old computers, especially oddball ones like the E-m@iler, I bought it.

The key feature of this phone was that it also had email and web capabilities, albeit delivered via a premium rate number that lined Lord Sugar's pockets with every email check. Users could configure the phone to automatically fetch their mail to be read on the attached LCD screen.

And, indeed, someone had used this E-mailer for e-mail. Someone I shall call "Colin" had set up two accounts on the device. How do I know this? Because Colin hadn't deleted these accounts before taking his phone to the charity shop.
As I said, the E-m@iler relies on a dial-up service which was discontinued earlier this year by its ultimate owners, BSkyB. That means that I couldn't, should I want to, fetch Colin's new email messages.

But there were messages already stored on the phone that I could have read.

Email messages on Amstrad E-m@iler

More surprisingly, the configuration screens let me see passwords assigned to Colin's accounts: has he used the same passwords on any other services?
Hopefully you're aware of the need to ensure there's no sensitive information stored on old computers before you dispose of them, particularly if you're going to sell them on to other users. My new (or should I say Colin's old) E-m@iler shows that this goes for any device that stores or accesses your data, including phones both smart and retro.
Lord Sugar
I can just imagine the scene in Lord Sugar's office:
"Colin, you made a basic error. By failing to delete your accounts before giving away your phone, you put your e-mail messages and your passwords at risk. You compromised the privacy of your own and your company's data, and for that reason, you're fired."



nb : nakedsecurity.sophos

Tidak ada komentar:

Posting Komentar