Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 

794 posts

Ultimate Geek
+1 received by user: 68


  Reply # 183051 9-Dec-2008 16:19
Send private message

nate: Yes that is true, but the data is only encrypted from your browser to the webmail server.  What Mauricio is talking about is the delivery of the email from the sender's computer to your email server.

My concern is what are you sending/receiving that is sensitive?  I've seen it too often, clients transferring sensitive info such as credit cards via email.  While the possibility of interception is low, it is still a very silly mistake to be making.

Nate I appreciate your [& Mauricio's?] point that the receipant may not be using a secure email such as https. s-mime or PGP end to end. Rest assured I would never send sensitive data such as a credit card or passwords via normal email.

637 posts

Ultimate Geek
+1 received by user: 2


  Reply # 183084 9-Dec-2008 18:00
Send private message

There are two issues with non-encrypted webmail:

1. Transmitting your username and password in the clear - this is just pretty much unacceptable no matter whether your email is transmitted in the clear or not.  This is especially worrying if these credentials are used for other things (e.g. SIP username and password!).
2. While the majority of email on the internet is transmitted node-to-node in the clear, I have seen a reasonable uptake in TLS between mailservers over the last year or so.  Many linux distributions (for instance) include sendmail-tls, postfix-tls, or exim-tls by default.

The key issue to me is that while I don't mind my email zipping around the internet in the clear - because in general it's damn hard to observe that if you're just a casual end user - but I do mind accessing it over a non-encrypted or non-semi-trustable last mile, such as WiFi or a shared LAN (hotel, cybercafe) where you don't know who's doing what to it, particularly on a WiFi network.  It prevents the casual observer snooping around.  Think about how many interesting things are sent in your email unencrypted - banking statements, usernames and passwords to ecommerce accounts, etc.

Encrypting email access is a no-brainer, and should be offered by anyone who is providing webmail servers -- if you have economic issues with an SSL certificate (not that they are particularly expensive anyway), then use a self-signed certificate - at least it's encrypting the traffic!  I personally tunnel all my traffic when I am on a non-trusted connection, either via SSH or IPSec.

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Intel introduces new NUC kits and NUC mini PCs
Posted 16-Aug-2018 11:03

The Warehouse leaps into the AI future with Google
Posted 15-Aug-2018 17:56

Targus set sights on enterprise and consumer growth in New Zealand
Posted 13-Aug-2018 13:47

Huawei to distribute nova 3i in New Zealand
Posted 9-Aug-2018 16:23

Home robot Vector to be available in New Zealand stores
Posted 9-Aug-2018 14:47

Panasonic announces new 2018 OLED TV line up
Posted 7-Aug-2018 16:38

Kordia completes first live 4K TV broadcast
Posted 1-Aug-2018 13:00

Schools get safer and smarter internet with Managed Network Upgrade
Posted 30-Jul-2018 20:01

DNC wants a safer .nz in the coming year
Posted 26-Jul-2018 16:08

Auldhouse becomes an AWS Authorised Training Delivery Partner in New Zealand
Posted 26-Jul-2018 15:55

Rakuten Kobo launches Kobo Clara HD entry level reader
Posted 26-Jul-2018 15:44

Kiwi team reaches semi-finals at the Microsoft Imagine Cup
Posted 26-Jul-2018 15:38

KidsCan App to Help Kiwi Children in Need
Posted 26-Jul-2018 15:32

FUJIFILM announces new high-performance lenses
Posted 24-Jul-2018 14:57

New FUJIFILM XF10 introduces square mode for Instagram sharing
Posted 24-Jul-2018 14:44

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.