Internet Security Threats: Who Can Read Your Email?

Home
>
Software
>
Internet Security Threats: Who Can Read Your Email?

Internet Security Threats: Who Can Read Your Email?

Before being able to choose a secure Internet communication system, you need to understand the threats to your security.

Since the beginning of the Internet there has been a naive assumption on the part of most email users that the only people who are reading their email are the people they are sending it to. After all, with billions of emails and gigabytes of data moving over the Internet every day, who would be able to find their single email in such a flood of data?

Wake-up and smell the coffee! Our entire economy is now information based, and the majority of that mission critical information is now flowing through the Internet in some form, from emails and email attachments, to corporate FTP transmissions and instant messages.

Human beings, especially those strange creatures with a criminal mind, look for every possible advantage in a dog eat dog world, even if that advantage includes prying into other peoples' mail or even assuming your identity. The privacy of your Internet communications has now become the front line in a struggle for the soul of the Internet.

The New Generation Packet Sniffers:

At the beginning of 2001, most computer security professionals began to become aware of an alarming new threat to Internet security, the proliferation of cheap, easy to use packet sniffer software. Anyone with this new software, a high school education, and network access can easily eavesdrop on email messages and FTP transmissions.

Software packages such as Caspa 3.0 or PassDetect - Ace Password Sniffer automate the task of eavesdropping to the point were if you send an email messages over the Internet with the phrase "Credit Card", it's almost a certainty that someone, somewhere will capture it, attachments and all.

(Caspa 3.0 - from ColaSoft Corporation, located in Chengdu, China http://www.colasoft.com ,PassDetect - a product whose advertised purpose is to sniff passwords sent in email, over HTTP, or over FTP from EffeTech Corporation, http://www.effetech.com )

A good example of this new class of software is called MSN Sniffer, also from Effetech, and it highlights the "party line" openness of today's LAN and Internet environments. Just like old telephone party lines, MSN sniffer lets you listen-in on other people's conversations, just like picking up another phone on a party line.

On their web site, Effetech advertises MSN Sniffer as:

"a handy network utility to capture MSN chat on a network. It records MSN conversations automatically. All intercepted messages can be saved as HTML files for later processing and analyzing. It is very easy to make it to work. Just run the MSN Sniffer on any computer on your network, and start to capture. It will record any conversation from any PC on the network."

Just as the Internet has been flooded by a deluge of spam messages after the introduction of cheap, easy-to-use spam generation software, the same effect is now taking place with sniffer software. The major difference is that, unlike spam, Internet eavesdropping is totally invisible, and ten times as deadly. How much of the identity theft being reported today is a direct result of Internet eavesdropping? Its hard to tell, but with the every growing dependency by individuals and corporations on Internet communications, opportunities to "capture" your sensitive data abound.

Most FTP transmission are unencrypted!

As of November 2003, the majority of corporate FTP transmissions are still unencrypted (unencrypted is geek speak for "in the clear" ) and almost all email communications take place "in the clear". Many email and FTP transmissions travel over 30 or more "hops" to make its way from the sender and receiver. Each one of these hops is a separate network, often owned by a different Internet Service Provider (ISP).

Any Idiot in the Middle

Even a well run corporation must still primarily rely on trusting its employees, contractors and suppliers to respect the privacy of the data flowing over its networks. With the new sniffer technology, all it takes is one "idiot in the middle", and your security is compromised. It could be the admin assistant sitting in the cubical next to you, or a network assistant working for one of the many ISPs your data will travel over, but somewhere, someone is listening. Maybe all he is looking for is his next stock trading idea, or maybe he wants to take over your eBay account so he can sell a nonexistent laptop to some unsuspecting "sucker" using your good name. its all happening right now, at some of the most respected companies in the world.

Access to your network doesn't have to come from a malicious or curious employee-many Internet worms, Trojans and viruses are designed to open up security holes on a PC so that other software can be installed. Once a hacker has access to one computer in your network, or one computer on your ISP's network, he can then use a sniffer to analyze all the traffic on the network.

So I'll password-protect my files, right?

You're getting warmer, but this still isn't going to do the trick. It's a good way to stop packet sniffers from searching for key words in a file, but unfortunately it is not as secure as you might think. If you ever forget a Zip, Word or Excel password, don't worry, just download the password tool from Last Bit Software www.PasswordTools.com, it works very well. There are many other packages out on the Internet but Last Bit's tool is the most robust and easy to use, if a bit slower that some others.

So what can I do about it?

OK, so now that you understand the threat, what can you do about it?

Stop using the Internet? - More than a few professionals are returning to phone calls and faxes for all their important communications.

Complain to your IT department? - If you have an IT department in your company this is a good place to start. But did the spam mail stop when you complained about it to your LAN administrator? Unfortunately he is almost as helpless as you are.

Encrypt your communications with PKI, etc. - For email this is a bit drastic, and can be very expensive, especially since you will need to install a key on each PC and coordinate this with the receivers of your email messages, your IT organization, etc.

Use FileCourier - This is by far the easiest and most cost effective way to protect your email attachments, or replace FTP transmissions. It takes out the "idiot in the middle" with a very clever solution.

The FileCourier approach to Security

I believe that FileCourier is the easiest out-of-the box secure communication system available.

FileCourier approaches Internet data transfer security in a unique way. Until FileCourier was first released in December of 2002, all secure email and file transmission systems relied on encrypting the data during the tried and true method of "upload, store, and forward". When you send an email, it and any documents attached to it are first transmitted to one or more intermediate servers. These mail server store the documents and then attempt to forward it to the receivers email server. To secure the transmission of the email requires either the servers to use extra encryption software technology, or forces the individual sender and receivers to install encryption software and their associated keys, or both. Not only is this a costly and time consuming exercise but it also often fails to protect the data over the complete path of the transmission.

What do you do if the receiver is in another company and doesn't have any encryption software installed? What if his company is using a difference encryption standard? Ignoring the complexity of existing secure email and FTP systems their biggest failings continue to be the "idiot in the middle". From a nosey email or FTP server administrator, to a hungry co-worker, to an incompetent who lets a hacker have free reign of their server, if your sensitive documents are stored on a server maintained by someone else then that person, or his company, can view your documents.

The FileCourier approach is creative, yet simple. FileCourier utilizes existing email and instant messaging systems in the same way you use an envelope to send a letter thru the US postal service, as a wrapper for the real content. We assume that EVERYONE can read what is in the email, so we don't send your documents in the email at all. In fact your documents never leave your PC, until the receiver of the email requests it.

How it works:

FileCourier lets you ticket the file you want to email, and then instead of sending the file in the email, sends a "FileTicket" instead. The file is only transmitted to the receiver of the email when he opens the FileTicket and is "authenticated". After the receiver is authenticated the file is transmitted through an SSL (secure socket layer) tunnel directly from the sender's PC to the receiver's PC through our secure relay servers. SSL is the same security used by banks and is impossible for packet sniffers to penetrate. With FileCourier each packet is encrypted using a 1024 bit key and is delivered to your receiver through his browser. FileCourier lets your communications go un-detected by any sniffer, and removes the "idiot in the middle" threat by never storing the data on an intermediate server. More over, FileCourier is the easiest way to secure your sensitive data transmission in both an Internet and corporate LAN environment.

Take Action Now!

Internet communications security is one of the most important privacy issues we face today. It might feel a bit paranoid for a law-abiding citizen to encrypt his email communications and computer document transmissions, but would you send a customers contract thru normal mail without an envelope? How would you feel if your employer sent your next pay stub to you on the back of a postcard? Use FileCourier, just like you would use a envelope for regular mail. Download the no obligation free trial today at www.filecourier.com and send 50MB of data securely for free!

About The Author

Mark Brooks is a software architect, internet entrepreneur and founder of CanDo Networks Corporation. CanDo Networks Corporation makes easy-to-use software for communicating large amounts of data securely and privately over the Internet. Its flagship product, FileCourier (www.filecourier.com), is used by thousands of legal, medical, and computer professionals to securely deliver files over the internet, to anyone, anywhere

mark@candonet.com

In The News:

pen paper and inkwell

cat break through

Database Guru James F. Koopmann Reviews DBxtra Reporting and Query Tool

DBxtra is a powerful query and reporting tool that hides... Read More

How To Create A Data Capture Procedure Checklist For Your Small Business CRM Software

Fortunately one of the most common reasons cited for the... Read More

Microsoft Navision Customization Upgrade ? Tips For Programmer/IT Specialist

Currently Microsoft Business Solutions is on the way of creating... Read More

Microsoft Great Plains version 8.5: Upgrade, Customization, VBA, Crystal Reports - Highlights

Microsoft Great Plains is one of the Microsoft Business Solutions... Read More

10 Programming Tips

(1) Avoid using the same variable again and again for... Read More

Reduce TCO: The Java Database Way

TCO (Total Cost Ownership) is the buzzword in... Read More

Microsoft Business Solutions Customization Options - Overview for Programmer

Several years ago Microsoft purchased Great Plains Software, then Navision... Read More

Microsoft Great Plains Multicurrency ? Overview For Implementation Consultant

When you first think about multicurrency ? you probably have... Read More

ERP Remote Support: Microsoft Great Plains Analysis ? Pluses & Minuses

Former Great Plains Software Dynamics/eEnterprise and currently Microsoft Business Solutions... Read More

Microsoft Great Plains Installation ? Overview for IT Director/Controller

Microsoft Great Plains is main mid-market application from Microsoft Business... Read More

Information Products: A Business Owners Best Friend

We live in a post-industrial age where information is the... Read More

Free Preventive Maintenance Software

While several preventive maintenance software manufacturers offer free trials for... Read More

Microsoft CRM Integration & Customization: SharePoint Document Gateway

MS CRM is very close to document workflow automation, including... Read More

How To Choose A Fire Wall Software Program

In the real world a "fire wall" is a fireproof... Read More

Microsoft CRM Custom Design & Development: SDK, C#, SQL, Exchange, Integration, Crystal Reports

Microsoft CRM is new player on the CRM software... Read More

Microsoft Great Plains: Service Business Customization & Integration Example

Microsoft Business Solutions Great Plains might be considered as ERP... Read More

Microsoft CRM Customization: Integration with Third Party SQL Application/Database

Microsoft CRM ? Client Relationship Management package from Microsoft Business... Read More

5 Time-Saving Tips in Microsoft Word

Whether you have used Microsoft Word for years, have just... Read More

History of Java

The java programming language is becoming more and more popular... Read More

Microsoft Great Plains - Typical Problems And Fixes ? Overview For IT Administrators

How to delete the user? This is the first problem... Read More

Microsoft Great Plains Integrations ? Retail Management Sample

Microsoft Business Solutions is emerging as very attractive vendor for... Read More

The True Meaning of Freeware

The vast majority of us will have, at some point,... Read More

SQL scripts for Project Accounting: Microsoft Great Plains series ? overview for developer

Microsoft Business Solutions Great Plains has Project Accounting module where... Read More

Your Computer May Be Infected, Heres How To Check (NOT about virus)

NOTE: Please take time to read on - it may... Read More

Microsoft Great Plains Integration Manager ? Advanced Techniques

Great Plains Integration Manager scripting and translation - overview for... Read More

Device Driver Basics

Most people understand that the "hardware" part of their computer... Read More

Microsoft Great Plains: Customization Upgrade & Recovery ? Visual Studio VB 6.0

Microsoft Great Plains, former Great Plains Software Dynamics, eEnterprise has... Read More

Assertion in Java

Assertion facility is added in J2SE 1.4. In order to... Read More

Five Steps to Rapid Development with TierDeveloper 4.0

Follow the steps below to quickly design, generate, and deploy... Read More

Linux Secrets

The first thing that you will notice about Linux Red... Read More

Need of Document Management System (DMS)

Document Management or Enterprise Information Management is perhaps one of... Read More

Accessing XML Using Java Technologies

The most important benefit of XML is its simplicity. Though... Read More

Lotus Domino Implementation and Development: Infrastructure ? Present and Future

Domino server is a buffer between the operation system and... Read More

dog break through

pen books and inkwell

A Simple Guide To Wikis

A wiki is an editable text-based website. But you don't... Read More

Cisco Certification: Introduction To ISDN, Part IV

In part III of this ISDN primer, we learned that... Read More

Software Automation Helps Increase your Bottom Line

When you own a small business, time is money. And... Read More

Microsoft Great Plains Reporting ? Overview for Developer

Looks like Microsoft Great Plains becomes more and more... Read More

Microsoft Business Solutions Partner ? How to Launch New IT Consulting Practice

In the new era of internet marketing the problem of... Read More

History of Java

The java programming language is becoming more and more popular... Read More

CROOK: A Methodology for the Refinement of Forward-Error Correction

Table of Contents1) Introduction 2) Related Work 3) Framework 4)... Read More

Will Adobe Manage to Replace Industry Work Horse Quark Express by Giving Adobe InDesign for Free?

Heard about the Quark "killer"?Adobe InDesign CS2. Will it really... Read More

Software Piracy - Global Increase

Pirated software is on the increase and now accounts for... Read More

Passwords Used In Microsoft Word Documents

You would like to protect your documents, wouldn't you? Reasons... Read More

Microsoft Great Plains: carpet, textile, fabric, felt distributor ? implementation overview

In this small article we will show you the possible... Read More

Design a Web Album Using Adobe Photoshop- Part 2

So let's begin crunching down these 300 images using Adobe... Read More

Dig Out That Worm

Internet worms. Is your PC infected?If your computer has become... Read More

Beware of Spyware

One day, you suddenly realize that your computer started to... Read More

What You Should Know About Installing Screensavers

Do you remember that frustrating feeling when you find an... Read More

Selecting Microsoft Great Plains Partner/VAR/Reseller: ERP Implementation & Customization ? Overview

In the case when you represent mid-size or mid-size-to-large business,... Read More

Microsoft Great Plains in Construction & Building ? Implementation & Customization Highlights

Microsoft Great Plains could be tuned and setup to fit... Read More

ERP Implementation: Success Factors

As seeing large number of implementations ? in our case... Read More

Tools for Customizing Great Plains

Microsoft Business Solutions ? Great Plains has captured the US... Read More

Navision Attain C/ODBC Crystal Report ? Customization Example

Microsoft Business Solutions Navision is main ERP application for European,... Read More

New SQL Delta Version 3.1

COMMAND LINE FUNCTIONA powerful command line script processor has been... Read More

Corporate ERP Selection: Microsoft Great Plains

In our opinion, traditional approach when you select ERP/MRP system... Read More

Reporting for Microsoft Great Plains/Dynamics/eEnterprise: RW ? ReportWriter ? Tips for Developer

Microsoft Business Solutions Great Plains is written in Great Plains... Read More

Microsoft Great Plains POP: Purchase Order Processing ? Overview For Consultants

Great Plains Purchase Order Processing (POP) module makes up one-third... Read More

Groupware: Answers the 5 Questions of Document Collaboration

Every organization which creates collaborative documents, whether they are budgets,... Read More

OSI Layers Model

IntroductionDuring the early years of our modern computer era, very... Read More

Microsoft Great Plains: Government & Non-Profit Organization ? Workflow Implementation

Usually workflow & messaging is realized in CRM and then... Read More

Great Plains Dexterity: Customizations & Source Code Programming

Great Plains Software Dynamics, Dynamics C/S+, eEnterprise were written on... Read More

How To Choose A Fire Wall Software Program

In the real world a "fire wall" is a fireproof... Read More

Microsoft and Webmasters

Does Microsoft care for WebmastersIt's always been a problem with... Read More

10 Steps To Secure And Manage Your Passwords

Passwords protect your most sensitive personal, financial and business information.... Read More

15 Questions to Ask Your Software Vendor

When making a decision to buy any piece of software... Read More

Cisco Certification: Five Things To Do DURING Your CCNA Exam

There are plenty of articles out there about how to... Read More

Access Info Hub | Privacy Policy | Contact |

FTC Required Website Disclosure: You should assume that the Owner of this Website has an affiliate relationship and/or another material connection to the providers of goods and services mentioned in this website and may be compensated when you purchase from a provider. You should always perform due diligence before buying goods or services online. The Owner does not accept payment or merchandise in exchange for the reviews themselves. They are written objectively and with honesty.

Amazon Affiliate Disclaimer: AccessInfoHub.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com.