Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 


762 posts

Ultimate Geek
+1 received by user: 64


  Reply # 183051 9-Dec-2008 16:19
Send private message

nate: Yes that is true, but the data is only encrypted from your browser to the webmail server.  What Mauricio is talking about is the delivery of the email from the sender's computer to your email server.

My concern is what are you sending/receiving that is sensitive?  I've seen it too often, clients transferring sensitive info such as credit cards via email.  While the possibility of interception is low, it is still a very silly mistake to be making.


Nate I appreciate your [& Mauricio's?] point that the receipant may not be using a secure email such as https. s-mime or PGP end to end. Rest assured I would never send sensitive data such as a credit card or passwords via normal email.





637 posts

Ultimate Geek
+1 received by user: 2

Trusted

  Reply # 183084 9-Dec-2008 18:00
Send private message

There are two issues with non-encrypted webmail:

1. Transmitting your username and password in the clear - this is just pretty much unacceptable no matter whether your email is transmitted in the clear or not.  This is especially worrying if these credentials are used for other things (e.g. SIP username and password!).
2. While the majority of email on the internet is transmitted node-to-node in the clear, I have seen a reasonable uptake in TLS between mailservers over the last year or so.  Many linux distributions (for instance) include sendmail-tls, postfix-tls, or exim-tls by default.

The key issue to me is that while I don't mind my email zipping around the internet in the clear - because in general it's damn hard to observe that if you're just a casual end user - but I do mind accessing it over a non-encrypted or non-semi-trustable last mile, such as WiFi or a shared LAN (hotel, cybercafe) where you don't know who's doing what to it, particularly on a WiFi network.  It prevents the casual observer snooping around.  Think about how many interesting things are sent in your email unencrypted - banking statements, usernames and passwords to ecommerce accounts, etc.

Encrypting email access is a no-brainer, and should be offered by anyone who is providing webmail servers -- if you have economic issues with an SSL certificate (not that they are particularly expensive anyway), then use a self-signed certificate - at least it's encrypting the traffic!  I personally tunnel all my traffic when I am on a non-trusted connection, either via SSH or IPSec.

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Exhibition to showcase digital artwork from across the globe
Posted 23-May-2018 16:44


Auckland tops list of most vulnerable cities in a zombie apocalypse
Posted 23-May-2018 12:52


ASB first bank in New Zealand to step out with Garmin Pay
Posted 23-May-2018 00:10


Umbrellar becomes Microsoft Cloud Solution Provider
Posted 22-May-2018 15:43


Three New Zealand projects shortlisted in IDC Asia Pacific Smart Cities Awards
Posted 22-May-2018 15:14


UpStarters - the New Zealand tech and innovation story
Posted 21-May-2018 09:55


Lightbox updates platform with new streaming options
Posted 17-May-2018 13:09


Norton Core router launches with high-performance, IoT security in New Zealand
Posted 16-May-2018 02:00


D-Link ANZ launches new 4G LTE Dual SIM M2M VPN Router
Posted 15-May-2018 19:30


New Panasonic LUMIX FT7 ideal for outdoor: waterproof, dustproof
Posted 15-May-2018 19:17


Ryanair Goes All-In on AWS
Posted 15-May-2018 19:14


Te Papa and EQC Minecraft Mod shakes up earthquake education
Posted 15-May-2018 19:12


Framing Facebook: It’s not about technology
Posted 14-May-2018 16:02


Vocus works with NZ Police and telcos to stop scam calls
Posted 12-May-2018 11:12


Vista Group signs Aeon Entertainment, largest cinema chain in Japan
Posted 11-May-2018 21:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.