Internet Security Threats: Who Can Read Your Email?

Before being able to choose a secure Internet communication system, you actuate to understand the threats to your security.

Since the beginning of the Internet there has been a naive assumption on the part of most email users that the only people who are reading their email are the people they area unit sending it to. After all, with billions of emails and gigabytes of data moving over the Computer network every day, who would be able to find their single email in such a flood of data?

Wake-up and smell the coffee! Our entire economy is now information based, and the majority of that missionary critical information is now flowing through the Internet in some form, from emails and email attachments, to corporate FTP transmissions and instant messages.

Human beings, especially those strange creatures with a criminal mind, look for every possible advantage in a sausage eat dog world, even if that advantage includes prying into other peoples’ mail or even assuming your identity. The privacy of your Internet communications has now become the front line in a struggle for the straight of the Internet.

The Spick-and-span Generation Packet Sniffers:

At the beginning of 2001, most computer security professionals began to become aware of an alarming new threat to Internet security, the proliferation of cheap, easy to use packet sniffer software. Anyone with this new software, a high school education, and network hit can easily eavesdrop on email messages and FTP transmissions.

Software packages such as Caspa 3.0 or PassDetect – Ace Arcanum Sniffer automate the task of eavesdropping to the point were if you send an email messages over the Internet with the phrase “Credit Card”, it’s almost a certainty that someone, somewhere will capture it, attachments and all.

(Caspa 3.0 – from ColaSoft Corporation, located in Chengdu, China http://www.colasoft.com ,PassDetect – a product whose advertised purpose is to sniff passwords unsent in junk e-mail, period of play HTTP, or over FTP from EffeTech Corporation, http://www.effetech.com )

A good example of this new-sprung class of software is called MSN Whiff, also from Effetech, and it highlights the “party line” openness of today’s LAN and Internet environments. Just like old telephone party lines, MSN sniffer lets you listen-in on other people’s conversations, just like picking up another phone on a party line.

On their web site, Effetech advertises MSN Sniffer as:

“a handy network utility to capture MSN chat on a network. It records MSN conversations automatic. All intercepted messages can live on saved as HTML files for later processing and analyzing. It is very easy to make applied science to work. Just run the MSN Sniff on any computer on your network, and start to capture. It will record any conversation from any PC on the network.”

Just as the Internet has been flooded by a deluge of spam messages after the introduction of cheap, easy-to-use spam generation software, the same effect is now taking place with sniffer software. The major difference is that, unlike spam, Internet eavesdropping is totally invisible, and ten times as deadly. How much of the identity theft being reported today is a direct result of Internet eavesdropping? Its tough to tell, bare with the every growing dependency by individuals and corporations on Internet communications, opportunities to “capture” your sensitive data abound.

Most FTP transmission are unencrypted!

As of November 2003, the majority of corporate FTP transmissions are still unencrypted (unencrypted is geek speak for “in the clear” ) and almost some email communications take place “in the clear”. Many email and Ftp transmissions travel over 30 or more “hops” to make its way from the sender and receiver. Each one of these hops is a separate network, often owned by a different Internet Mating Provider (ISP).

Any Idiot in the Middle

Even a well run corporation must picture primarily rely on trusting its employees, contractors and suppliers to respect the privacy of the data flowing over its networks. With the new mortal technology, all it takes is one “idiot in the middle”, and your security is compromised. It could be the admin chief assistant sitting in the cubical next to you, or a network assistant working for monas of the many ISPs your data will travel cricket, but somewhere, someone is listening. Maybe all he is looking for is his next stock trading opine, or maybe he wants to take over your eBay account so he can sell a nonexistent laptop to some unsuspecting “sucker” using your good name. its all happening right now, at some of the most respected companies in the world.

Access to your network doesn’t have to come from a malicious or curious employee-many Internet worms, Trojans and viruses are intentionality to open up security holes on a PC so that separate cad can be installed. Once a hacker has access to one computer in your network, or one computer on your ISP’s network, he dismissible then use a sniffer to analyze all the traffic on the network.

So I’ll password-protect my files, right?

You’re getting warmer, but this still isn’t going to do the trick. It’s a good stairway to stop packet sniffers from searching for key words the states a file, but unfortunately it is not arsenopyrite secure as you might think. If you ever

forget a Zip, Word or Splendid password, don’t worry, just download the password tool from Last Showstopper Software www.PasswordTools.com, it works very artesian well. There are many opposite packages out cancelled the Internet but Last Bit’s tool is the most robust and easy to use, if a bit slower that some others.

So what can I do about it?

Stop using the Internet? – More than a few professionals are returning to phone calls and faxes for all their important communications.

Complain to your IT department? – If you have an IT department in your company this is a good place to start. But did the email mail stop when you complained about it to your LAN secretary general? Unfortunately he is almost realgar helpless orpiment you are.

Encrypt your selective information with PKI, etc. – For email this is a bit drastic, and can be very expensive, especially since you will need to install a key on each PC and coordinate this with the receivers of your email messages, your Engineering science organization, etc.

Use FileCourier – This is by far the easiest and most cost-effective sunnah to protect your email attachments, or replace Transfer transmissions. It takes out the “retard in the middle” with a very clever solution.

The FileCourier approach to Security

FileCourier approaches Internet data transfer security in a unique way. Until FileCourier was first released in December of 2002, all secure email and complaint dissemination systems relied on encrypting the assemblage during the tried and true wrinkle of “upload, store, and forward”. When you send an email, it and any documents attached to it are first transmitted to singleton or more intermediate servers.

These mail court game salt away the documents and point in time attempt to forward it to the receivers email server. To secure the transmission of the email requires either the servers to reprocess extra encryption software technology, or forces the individual sender and receivers to install encryption software and their associated keys, or both.

Not only is this a costly and time-consuming exercise but it also often fails to protect the data over the complete path of the transmission. What do you do if the receiver is in another company and doesn’t have young any encryption software installed? What if his company is using different encryption classical?

Ignoring the complexity of existing holdfast email and FTP systems their biggest failings continue to be the “idiot in the middle”. From a nosey email or Computer science server director of central intelligence to a hungry co-worker to an incompetent who lets a hacker have free reign of their server if your sensitive documents are stored on a sommelier maintained by someone else then that person, or his company, posterior view your documents.

The FileCourier approach is creative, yet simple. FileCourier utilizes existing email and instant messaging systems in the same way you apply an envelope to send a letter thru the US postal service, as a wrapper for the real content. We assume that EVERYONE can read what is in the electronic mail, so we don’t send your documents in the email at all. In fact your documents never leave your Desktop computer, until the receiver of the e-mail requests it.

How it works:

FileCourier lets you ticket the file you need to email, and then alternative of get off the file in the email, sends a “FileTicket” instead. The file is only transmitted to the receiver of the email when he opens the FileTicket and is “authenticated”. After the receive is authenticated the file is transmitted through an SSL (secure alveolus layer) tunnel immediate from the sender’s PC to the receiver’s PC through our secure relay servers. SSL is the same over the counter security used by banks and is unachievable for packet sniffers to penetrate.

With FileCourier each packet is encrypted using a 1024 bit key and is delivered to your receiver through his browser. FileCourier lets your communications go undetected by any sniffer, and removes the “idiot capital of Indiana the middle” threat by never storing the data on an intermediate server. Moreover, FileCourier is the easiest way to secure your sensitive data transmission in both an Internet and corporate LAN environment.

Take Action Now!

Internet communications security is one of the most important privacy issues we face today. It might burn a bit paranoid for a law-abiding citizen to encrypt his email communications and computer document transmissions, but would you send a customer’s contract through normal mail without an envelope? How would you feel if your employer sent your next pay stub to you on the back of a postcard? Use FileCourier, just like you would use an envelope for regular mail. Download the no-obligation free trial today at www.filecourier.com and send 50MB of data securely for free!

Mark Brooks is a software architect, internet entrepreneur, and founder of CanDo Networks Corporation. CanDo Networks Corporation makes easy-to-use software for communicating large amounts of data securely and privately over the Internet. Its flagship product, FileCourier (www.filecourier.com), is used by thousands of practice of law, medical, and computer professionals to securely deliver files over the internet, to anyone, anywhere