 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
Don Levey <lug at the-leveys.us> wrote: > Snooping on email? What makes you think that you're not still > vulnerable? They still own the hardware, up to the point it connects > to your house. They could, if they want, capture all the packets > that enter/leave your home. Sending encrypted email might help - with > both situations. You have to look at the various points of vulnerability, at the legal constraints placed on network operators and gov't agencies, and at the technical means used by unauthorized network crackers to attempt security breaches. If you purchase SMTP outbound relay service from someone other than your ISP, most likely TLS encryption is supported. It works out of the box with just about any email client or server (other than sendmail), and provides the same security as the https protocol. Not 100% secure but you'd have to have something really valuable (or really criminal) on your system to make it worth breaking this encryption. The points of vulnerability I can think of are: - Your client PC, if separate from your mail server - Your LAN mail server, if you have one - The last-mile connection to your ISP - Routers and switches within the ISP - The mail relay server you use, if you smart-host outbound mail The easiest to compromise is the client PC--various viruses and keystroke loggers and such. The second easiest is your LAN mail server. The third easiest is the mail relay. Hardest is the TCP/IP connectivity to and within your ISP. An ISP like Comcast is only going to deliberately snoop your packets under a court wiretap order. Not something I'm concerned about, at least until the gov't tilts much further away from my own leftish ideology. But the main difference between a mail server and a router is the level of logging: you can be reasonably certain that at least several weeks' worth of log information (including sender/recipient email addresses) is kept on a mail server. Backup tapes might contain years of that information. If you funnel all your email through a single 3rd-party server, then someone can get at that log information in the future. The same is not true of TCP/IP packets: those are not logged anywhere until the moment a cop or cracker puts a wiretap on your line. Right now there is no reason to believe anyone would target me. But suppose some correspondent of mine turns out guilty--or merely suspected--of some crime? Could I then be target of an investigation? FYI--as I have mentioned here in the past, I have been the target of a John Doe subpoena in US District Court. It's not fun or cheap to fend off nosy law firms. The target was not even me: it was a scattershot subpoena looking to take down someone whom a beancounter didn't want talking down a company stock price. It's trivial to subpoena an ISP like Verizon or Comcast for their SMTP logs. Don't even need a judge's signature these days, just a top-100 law firm. -rich
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
