978-0840020932 Chapter 14

Chapter 14: Mail Vulnerabilities

TRUE/FALSE

1. SMTP, IMAP, and POP are the main protocols supporting e-mail systems all over the world.

2. Most corporate mail servers allow third-party mail relaying.

3. An e-mail message stored on an IMAP server can be modified from any remote location with access to

Internet.

4. Attackers can disrupt network services, spread viruses, and deny service to network users by exploiting

the vulnerabilities of e-mail.

5. Firefox is a browser that is free of bugs, coding errors, or vulnerabilities.

MULTIPLE CHOICE

1. A ____ entry permits hackers to take complete control of a mail system.

a.

buffer

c.

queue

b.

backdoor

d.

spool

2. The Morris worm created chaos on the Internet in 1988 by spreading through the ____ program.

a.

telnet

c.

sendmail

b.

Eudora

d.

pine

3. ____ allows users to access e-mail messages that remain on the mail server.

a.

SMTP

c.

POP3

b.

SNMP

d.

IMAP

4. ____, as a technique, is quite similar to e-mail bombing. However, it is accomplished differently and

involves enrolling potentially hundreds of target users through e-mail lists and distributed e-mail

message systems.

a.

List linking

c.

E-mail spoofing

b.

Phishing

d.

419

5. ____ are used by programs on the Internet (remote) and on a user’s computer (local) to confirm the

user’s identity to any third party concerned.

a.

Symmetric keys

c.

Digital signatures

b.

Symmetric encryption algorithms

d.

SMTP and IMAP

COMPLETION

1. ___________________________________ is the method used to transfer e-mail messages from one

server to another or from a client computer to a server.

2. ____________________ is the practice of sending an identical e-mail repeatedly to the target user.

3. ____________________ is commercial or nuisance e-mail with no effective opt-out system.

4. ____________________ is a way of tampering with e-mail so that the message received appears to be

from a known and trusted person,when it is actually sent by an impostor.

5. ____________________ uses e-mails from a purported financial institution (often eBay or Paypal)

stating that there is something wrong with an account, and the account holder needs to log in to set it

straight.

SHORT ANSWER

1. How can an SMTP server be exploited?

2. Describe the main characteristics of buffer overflow attacks for SMTP servers.

3. What are the functions of IMAP?

4. What are some of the vulnerabilities associated with Microsoft Exchange Server?

5. Briefly describe the bad-check scam.