1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How secure is email and what is so unsecure about it?

Discussion in 'Security' started by craigedmonds, Jan 16, 2008.

  1. #1
    Hello Dpers,

    I know that email is not a secure messaging method and I would like to explain it to some of my clients.

    Is there some simple explanations of this on the web somehwhere where I can send my clients to so that they will "get it"?

    I would like to point out to some clients that even though they have a username and password for their email account, in general its not secure.
    SEMrush
    The question they will ask me is "well why is that?".

    I just need some easy reference material for some of simpletons.
     
    craigedmonds, Jan 16, 2008 IP
    SEMrush
  2. the_wanderer

    the_wanderer Peon

    Messages:
    43
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #2
    I don't have any references off hand but the main points to remember about email is that:

    * Messages are sent in clear text, so they can be read by anyone packet sniffing anywhere along the email route.
    * POP and IMAP are insecure because username and password are also sent in clear text - these also can be easily sniffed (advise people if possible to use ssl for pop, imap and webmail).

    * The sniffing can be highlighted by using public wireless access points as an example. An open wireless connection can be easily sniffed so a person using POP3 to read their email can have their password stolen and all email read.

    Hope this helps.

    The answer is encryption. SSL and Encrypted Wireless. If using unencrypted wireless access always use encrypted protocols.
     
    the_wanderer, Jan 16, 2008 IP
  3. hostingcoupon

    hostingcoupon Peon

    Messages:
    447
    Likes Received:
    5
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Because the current email transmission Protocol (MIME) is not secured. S/MIME may be used in the future, it's secured.

    E-mail privacy, without some security precautions, can be compromised because:

    * e-mail messages are generally not encrypted;
    * e-mail messages have to go through intermediate computers before reaching their destination, meaning it is relatively easy for others to intercept and read messages;
    * many Internet Service Providers (ISP) store copies of your e-mail messages on their mail servers before they are delivered. The backups of these can remain up to several months on their server, even if you delete them in your mailbox;
    * the Received: headers and other information in the e-mail can often identify the sender, preventing anonymous communication.

    More on http://en.wikipedia.org/wiki/Email and http://en.wikipedia.org/wiki/E-mail_encryption
     
    hostingcoupon, Jan 18, 2008 IP
    craigedmonds likes this.
  4. Ladadadada

    Ladadadada Peon

    Messages:
    382
    Likes Received:
    36
    Best Answers:
    0
    Trophy Points:
    0
    #4
    My favourite method is a quick demonstration.

    Jump on their network and fire up your packet sniffer. It shouldn't be more than a few minutes before you have half the company's usernames and passwords. This works quite well for FTP and open wireless networks as well.
     
    Ladadadada, Jan 24, 2008 IP
  5. ronnyb

    ronnyb Well-Known Member

    Messages:
    856
    Likes Received:
    28
    Best Answers:
    0
    Trophy Points:
    170
    #5
    I reccomend reading Digital Fortress by Dan Brown, yes it is fiction, but a lot of real issues regarding email security.
     
    ronnyb, Jan 24, 2008 IP
  6. reneandrepoeltl

    reneandrepoeltl Peon

    Messages:
    4
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #6
    This email service is using 1024 bit SSL certificate. So the communication between the browser and the mailserver is pretty safe.
    And they offer 256 bit AES encryption of the email content.
    If an mail is encrypted the only thing that is needed to decrypt is the password. This can be set before encryption.
    If the recipient doesn't know it, he can't decrypt.
    Encryption/Decryption is computed on the clients computer (javascript).
    If the recipient has no safermail.biz email account, he can decrypt the message at

    https://safermail.biz/index.php?option=com_wrapper&view=wrapper&Itemid=55

    if he has the password.

    The service is 10 US$ per year.

    This is technically a superior solution since the encryption/decryption is calculated 100% on the clients computer - no passwords are transferred.

    The webmailer is an upgraded horde with POP, IMAP.

    regards

    Rene Andre Poeltl
     
    reneandrepoeltl, Oct 6, 2010 IP
  7. MrYu

    MrYu Peon

    Messages:
    157
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Stop your stupid spam. It's even much less of a problem that this is spam, but it's also completely misleading and bogus.
     
    MrYu, Oct 12, 2010 IP
  8. craigedmonds

    craigedmonds Notable Member Premium Member

    Messages:
    696
    Likes Received:
    125
    Best Answers:
    0
    Trophy Points:
    235
    #8
    yeah, I did actually go to the site too and a warning popped up saying there is something wrong with the security certificate, not a good sign either.
     
    craigedmonds, Oct 12, 2010 IP
  9. reneandrepoeltl

    reneandrepoeltl Peon

    Messages:
    4
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #9
    This is not true. My post was not spam, but a spam filter is included with every safermail.biz account. And concerning misleading and bogus: You can't prove that - because it's not true ... I guess you're just trying to put me down.

    But I saw your website and you titled Mediocrity is a sin. Well in that case you can't say anything against me, since that website is not even mediocre. (technology,topics,etc.)

    On the other hand safermail.biz is the high-tech approach for secure email communication from a users point of view on a global scale - worldwide - really - I did my homework.

    And your posts in the past do not qualify you for being an expert on this topic.

    René André Poeltl
     
    Last edited: Oct 15, 2010
    reneandrepoeltl, Oct 15, 2010 IP
  10. reneandrepoeltl

    reneandrepoeltl Peon

    Messages:
    4
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    That's the warning for all self signed certificates. There's nothing wrong about it if you compare the fingerprint as the website recommends. If you want 1024 bit super safe SSL you cannot buy a certificate from Verisign or Thawte. There were rumors in the net, that government agencies like nsa might have a masterkey from those - but they don't have one for safermail.biz. So there was no alternative to self-sign one. If you expect a super-easy "if it's not exactly like my google or yahoo account, than it's bullshit", well than you get not a secure email communications solution. But it's really easy once you installed the certificate - everything like a usual. But I know that the security warning from the browser is something that can alert users. Well you can also avoid it and surf to a non SSL url: safermail.biz that won't show the warning. Than you can read the info concerning the certificate and so on.
     
    Last edited: Oct 15, 2010
    reneandrepoeltl, Oct 15, 2010 IP
  11. TigerJackson

    TigerJackson Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #11
    Reading this thread I think the important thing to note about secure email is that not all mail needs to be sent securely - it is up to the user to determine whether the contents need to be secure. It is true email can be sniffed using man in the middle techniques, this is relatively difficult to do and the biggest threat probably comes from hacked user accounts, as generally users passwords are weak. How many email message contain sensitive information in your email account - have a look, it's quite surprising.

    Secure mail services have matured since the start of this thread back in 2006 and we suggest that users use digipost (www.digipostsecure.com) to compliment their normal email rather than using it for all email communication. The reason for this is there is a minor inconvenience with secure email but equally you can be sure to protect confidential information such as bank account details, signed documents, passwords etc when you need to.

    TJ.
     
    TigerJackson, Apr 18, 2012 IP
  12. casand

    casand Peon

    Messages:
    268
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #12
    get email certificate to secure your mail from hackers, you cam avoid scams
     
    casand, Apr 22, 2012 IP
  13. simona86

    simona86 Member

    Messages:
    141
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    28
    #13
    Typically an SSL Certificate will contain your domain name, your company name, your address, your city, your state and your country. It will also contain the expiration date of the Certificate and details of the Certification Authority responsible for the issuance of the Certificate. When a browser connects to a secure site it will retrieve the site's SSL Certificate and check that it has not expired, it has been issued by a Certification Authority the browser trusts, and that it is being used by the website for which it has been issued. If it fails on any one of these checks the browser will display a warning to the end user letting them know that the site is not secured by SSL.
     
    simona86, May 10, 2012 IP