Home
>
Software
>
Internet Security Threats: Who Can Read Your Email?

taxi from O'Hare Munster limo Chicago New Lenox Cadillac Escalade SUV rentals Melrose Park Cadillac Deville rentals Streamwood Barrington Hills town car ride to ohare .. Drug testing

Internet Security Threats: Who Can Read Your Email?

Before being able to choose a secure Internet communication system, you need to understand the threats to your security.

Since the beginning of the Internet there has been a naive assumption on the part of most email users that the only people who are reading their email are the people they are sending it to. After all, with billions of emails and gigabytes of data moving over the Internet every day, who would be able to find their single email in such a flood of data?

Wake-up and smell the coffee! Our entire economy is now information based, and the majority of that mission critical information is now flowing through the Internet in some form, from emails and email attachments, to corporate FTP transmissions and instant messages.

Human beings, especially those strange creatures with a criminal mind, look for every possible advantage in a dog eat dog world, even if that advantage includes prying into other peoples' mail or even assuming your identity. The privacy of your Internet communications has now become the front line in a struggle for the soul of the Internet.

The New Generation Packet Sniffers:

At the beginning of 2001, most computer security professionals began to become aware of an alarming new threat to Internet security, the proliferation of cheap, easy to use packet sniffer software. Anyone with this new software, a high school education, and network access can easily eavesdrop on email messages and FTP transmissions.

Software packages such as Caspa 3.0 or PassDetect - Ace Password Sniffer automate the task of eavesdropping to the point were if you send an email messages over the Internet with the phrase "Credit Card", it's almost a certainty that someone, somewhere will capture it, attachments and all.

(Caspa 3.0 - from ColaSoft Corporation, located in Chengdu, China http://www.colasoft.com ,PassDetect - a product whose advertised purpose is to sniff passwords sent in email, over HTTP, or over FTP from EffeTech Corporation, http://www.effetech.com )

A good example of this new class of software is called MSN Sniffer, also from Effetech, and it highlights the "party line" openness of today's LAN and Internet environments. Just like old telephone party lines, MSN sniffer lets you listen-in on other people's conversations, just like picking up another phone on a party line.

On their web site, Effetech advertises MSN Sniffer as:

"a handy network utility to capture MSN chat on a network. It records MSN conversations automatically. All intercepted messages can be saved as HTML files for later processing and analyzing. It is very easy to make it to work. Just run the MSN Sniffer on any computer on your network, and start to capture. It will record any conversation from any PC on the network."

Just as the Internet has been flooded by a deluge of spam messages after the introduction of cheap, easy-to-use spam generation software, the same effect is now taking place with sniffer software. The major difference is that, unlike spam, Internet eavesdropping is totally invisible, and ten times as deadly. How much of the identity theft being reported today is a direct result of Internet eavesdropping? Its hard to tell, but with the every growing dependency by individuals and corporations on Internet communications, opportunities to "capture" your sensitive data abound.

Most FTP transmission are unencrypted!

As of November 2003, the majority of corporate FTP transmissions are still unencrypted (unencrypted is geek speak for "in the clear" ) and almost all email communications take place "in the clear". Many email and FTP transmissions travel over 30 or more "hops" to make its way from the sender and receiver. Each one of these hops is a separate network, often owned by a different Internet Service Provider (ISP).

Any Idiot in the Middle

Even a well run corporation must still primarily rely on trusting its employees, contractors and suppliers to respect the privacy of the data flowing over its networks. With the new sniffer technology, all it takes is one "idiot in the middle", and your security is compromised. It could be the admin assistant sitting in the cubical next to you, or a network assistant working for one of the many ISPs your data will travel over, but somewhere, someone is listening. Maybe all he is looking for is his next stock trading idea, or maybe he wants to take over your eBay account so he can sell a nonexistent laptop to some unsuspecting "sucker" using your good name. its all happening right now, at some of the most respected companies in the world.

Access to your network doesn't have to come from a malicious or curious employee-many Internet worms, Trojans and viruses are designed to open up security holes on a PC so that other software can be installed. Once a hacker has access to one computer in your network, or one computer on your ISP's network, he can then use a sniffer to analyze all the traffic on the network.

So I'll password-protect my files, right?

You're getting warmer, but this still isn't going to do the trick. It's a good way to stop packet sniffers from searching for key words in a file, but unfortunately it is not as secure as you might think. If you ever forget a Zip, Word or Excel password, don't worry, just download the password tool from Last Bit Software www.PasswordTools.com, it works very well. There are many other packages out on the Internet but Last Bit's tool is the most robust and easy to use, if a bit slower that some others.

So what can I do about it?

OK, so now that you understand the threat, what can you do about it?

Stop using the Internet? - More than a few professionals are returning to phone calls and faxes for all their important communications.

Complain to your IT department? - If you have an IT department in your company this is a good place to start. But did the spam mail stop when you complained about it to your LAN administrator? Unfortunately he is almost as helpless as you are.

Encrypt your communications with PKI, etc. - For email this is a bit drastic, and can be very expensive, especially since you will need to install a key on each PC and coordinate this with the receivers of your email messages, your IT organization, etc.

Use FileCourier - This is by far the easiest and most cost effective way to protect your email attachments, or replace FTP transmissions. It takes out the "idiot in the middle" with a very clever solution.

The FileCourier approach to Security

I believe that FileCourier is the easiest out-of-the box secure communication system available.

FileCourier approaches Internet data transfer security in a unique way. Until FileCourier was first released in December of 2002, all secure email and file transmission systems relied on encrypting the data during the tried and true method of "upload, store, and forward". When you send an email, it and any documents attached to it are first transmitted to one or more intermediate servers. These mail server store the documents and then attempt to forward it to the receivers email server. To secure the transmission of the email requires either the servers to use extra encryption software technology, or forces the individual sender and receivers to install encryption software and their associated keys, or both. Not only is this a costly and time consuming exercise but it also often fails to protect the data over the complete path of the transmission.

What do you do if the receiver is in another company and doesn't have any encryption software installed? What if his company is using a difference encryption standard? Ignoring the complexity of existing secure email and FTP systems their biggest failings continue to be the "idiot in the middle". From a nosey email or FTP server administrator, to a hungry co-worker, to an incompetent who lets a hacker have free reign of their server, if your sensitive documents are stored on a server maintained by someone else then that person, or his company, can view your documents.

The FileCourier approach is creative, yet simple. FileCourier utilizes existing email and instant messaging systems in the same way you use an envelope to send a letter thru the US postal service, as a wrapper for the real content. We assume that EVERYONE can read what is in the email, so we don't send your documents in the email at all. In fact your documents never leave your PC, until the receiver of the email requests it.

How it works:

FileCourier lets you ticket the file you want to email, and then instead of sending the file in the email, sends a "FileTicket" instead. The file is only transmitted to the receiver of the email when he opens the FileTicket and is "authenticated". After the receiver is authenticated the file is transmitted through an SSL (secure socket layer) tunnel directly from the sender's PC to the receiver's PC through our secure relay servers. SSL is the same security used by banks and is impossible for packet sniffers to penetrate. With FileCourier each packet is encrypted using a 1024 bit key and is delivered to your receiver through his browser. FileCourier lets your communications go un-detected by any sniffer, and removes the "idiot in the middle" threat by never storing the data on an intermediate server. More over, FileCourier is the easiest way to secure your sensitive data transmission in both an Internet and corporate LAN environment.

Take Action Now!

Internet communications security is one of the most important privacy issues we face today. It might feel a bit paranoid for a law-abiding citizen to encrypt his email communications and computer document transmissions, but would you send a customers contract thru normal mail without an envelope? How would you feel if your employer sent your next pay stub to you on the back of a postcard? Use FileCourier, just like you would use a envelope for regular mail. Download the no obligation free trial today at www.filecourier.com and send 50MB of data securely for free!

About The Author

Mark Brooks is a software architect, internet entrepreneur and founder of CanDo Networks Corporation. CanDo Networks Corporation makes easy-to-use software for communicating large amounts of data securely and privately over the Internet. Its flagship product, FileCourier (www.filecourier.com), is used by thousands of legal, medical, and computer professionals to securely deliver files over the internet, to anyone, anywhere

mark@candonet.com

limousine chicago service

In The News:

Chinese regulatory authorities have approved Google's acquisition of Motorola Mobility, paving the way for the deal to close within the week, company officials confirmed Saturday.

In the latest move in a complex series of patent-related cases, Apple filed a motion in a U.S. district court late Friday to ban Samsung Electronics' Galaxy Tab 10.1 in the U.S.

Apple's plans for a Bluetooth 4.0-based iWallet could be the beginning of the end for the venerable cash register.

An Italian court has upheld a a!900,000 (US$1.2 million) fine imposed on Apple by Italy's competition authority for allegedly violating consumer protection laws, Italian media reported late Friday.

The mobile gift-giving app Karma announced Friday it has been acquired by Facebook. The announcement came shortly after the markets closed on Facebook's first day as a publicly traded company.

The U.S. International Trade Commission issued an import ban Friday on any Android devices from Motorola that infringe one of Microsoft's patents.

The prospect of cyberwar means the U.S. needs to 'rethink every aspect of defense,' says one summit presenter

At any given moment today, on-the-clock employees are updating their social media status, reading feeds and networking on business media sites. Moments can stretch to minutes: A recent study by the Ponemon Institute found that 60 percent of social media users spend at least 30 minutes a day on these sites while at work.

HP is expected to announce a large layoff at its quarterly investors briefing on Wednesday, losing as many as 30,000 employees. But for now, the company isn't talking about its plans.

How well do you know the $100 billion social network? From private planes to petabytes, here are some of the most surprising Facebook tidbits.

Given the complexity of today's applications, it's folly to suggest that the future role of the CIO is less technical and more businesslike, columnist Bernard Golden writes. If anything, it's the opposite -- the business side of the enterprise should embrace technology.

Twitter has announced support for "Do Not Track," immediately implementing it to halt online tracking of users who trigger a setting in their browsers.

The first hours of Facebook's IPO got off to a shaky start today with the share price wavering around the $40 mark, never gaining the astronomical momentum many had anticipated.

Fully 95% of 600 businesses surveyed by Cisco permit the use of employee-owned smartphones and tablets at the office and found productivity gains for workers who use their own hardware.

Perhaps the Next iPhone won't be called iPhone 5 but the Zombie iPhone, in honor of the new spate of rumors that the late Steve Jobs is still with us in a sense, as the chief designer of the upcoming handset.

The company has now set things straight again and all content on the iTunes Store a including music and apps a now displays the word "jailbreak".

Symantec originally thought that at its peek the Flashback Trojan was generating around $10,000 a day by hijacking ad clicks. Now, new research suggests the developers may only have earned $14,000 during the time that the malware was active.

A hacker who claims to hate both Anonymous and notorious file-sharing website The Pirate Bay has claimed responsibility for the DDoS attack that the bittorent website has been suffering for the last 24 hours.

When Windows 8 comes out later this year, the new Start screen and Metro-style apps will likely be the first changes you'll notice, but those aren't the only things that are new. Microsoft is also making some serious security enhancements to help keep your system safer and to improve Windows' ability to combat viruses and malware. It just may be the biggest improvement to Windows security yet.

Three winners of an academic competition at the University of Rochester to create the most innovative and useful applications for IBM's Watson cognitive computing systems were announced yesterday by Big Blue.

Facebook's initial public offering, or IPO, hits Wall Street Friday, and is one of the most highly anticipated tech stock offerings of the past decade. Everyone, it seems, wants to be in on the action. And it's possible to do so--after the big boys get their hands on it first.

'If the product is free, you are the product.'

Conmen in Manchester have been selling bottles of water, cans of Coke, and even potatoes under the pretence that they are iPhones.

HP is looking to cut at least 25,000 jobs in a bid to reduce costs and return to growth, according to media reports.

Adoption of Android tablets and smartphones in large businesses has been "severely limited" because of the complexities of managing the various Android models and versions, market research firm Gartner said in an evaluation of 20 mobile device management software vendors.

Cisco's Wireless Networking Business Unit doesn't actually talk so much about wireless networking these days. Increasingly, its message aimed at IT groups is about the broader concept of "mobility."

Hewlett-Packard on Wednesday announced the OfficeJet 150 Mobile All-in-One portable printer, which the company called the world's first mobile multifunction device that can "print, copy and scan on the go."

Despite the rumors, developers are focused on making apps -- and money -- from today's Android

Apple is in talks with China Mobile, according to the carrier's chairman Xi Guohua, although an agreement is yet to be reached.

The question of whether CISPA is really necessary might arise in the wake of a Department of Defense announcement last week that as many as 1,000 defense contractors -- and possibly thousands more -- may voluntarily join an expanded program of sharing classified information on cyber threats with the federal government.

If you're a Verizon customer upset that your next smartphone contract won't include unlimited data, Sprint would like to remind you that you have an alternative.

In retaliation against Internet Service Providers (ISPs) blocking some video-sharing and torrent websites like The Pirate Bay under Indian court orders, Anonymous, the "hacktivist" organization, today took down the websites of the ruling Congress Party and the Supreme Court of India. Anonymous, which in the past has been credited with taking down the websites of the MPAA, RIAA, the FBI, the US Department of Justice and child pornographers, took down these sites in what is understood to be DDoS (Distributed Denial of Service) attacks.

The University of Kentucky says it has reshaped its business intelligence capability by adopting SAP's in-memory system, HANA.

The head of the U.S. Patent and Trademark Office tells a congressional panel that the landmark reform bill signed last September is already yielding significant results, but defends litigation in tech sector as a sign of vigorous innovation.

If you haven't developed a corporate Bring Your Own Device policy, or if the one you have is out of date, these tips will help you address device security, IT service, application use and other key components of an effective BYOD policy.

With Facebook's long-anticipated IPO expected to hit on Friday morning, the company set its initial share price at $38 today.

The hackers in charge of the Flashback botnet managed to generate $14,000 from their click fraud campaign, but have not been paid, Symantec said today.

The specification for next-generation mobile DRAM was published, offering smartphone, tablet and ultra-thin notebook makers a 50% increase in memory performance.

Ultrabooks are sleek, super-thin laptops that often feature a silver, wedge or tapering design--yes, just like the Apple MacBook Air.

More than half of US businesses still rely on conventional firewalls or intrusion prevention systems to shield themselves from the scourge of DDoS attacks, a survey by services firm Neustar has found.

Researchers from the Tokyo Institute of Technology in Japan claim to have broken the record for wireless data transmission in the Terahertz band with a data rate 20 times higher than most current Wi-Fi connections.

On the surface, Google's Knowledge Graph seems like just another search feature, but connect the dots and it could become the brains behind a Siri-like virtual assistant.

T-Mobile USA will debut 4 'No Annual Contract' data service plans on Sunday, while Verizon plans to kill unlimited data plans as users shift to 4G

Car giant General Motors has confirmed it will stop advertising on Facebook, after deciding that paid ads on the site have little impact on consumers' car purchases.

Mobile malware stepped up an order of magnitude in volume and sophistication during 2011 and this trend has continued in the first quarter of 2012, according to F-Secure's latest quarterly report.

Spiceworks, the social business platform for IT professionals, has announced that it now has 2 million users, representing nearly 30 percent of all IT pros at small and medium-sized businesses worldwide.

Such activity is often paid for, or sanctioned by, government agencies

AT&T Thursday launched its 4G LTE service in, New Orleans, Baton Rouge and Naples, Fla., today, which extends its high-speed network implementations to 38 markets.

Unless Microsoft allows other browser makers to call important APIs in Windows RT, it's "probably not worth it to even bother" building a version of Firefox for the new OS, a Mozilla product director said.

Felix Ehm, a member of CERN's beams control group, has always had a curious and scientific bent.

Doctors are being cautioned by hospitals they work with to avoid interacting with patients on social media, and that they reject any overtures by patients to interact on the likes of Facebook and Twitter.

With Facebook's initial public offering creating such a frenzy of interest, there's an important question to be considered: What happens if tomorrow or next week or five months from now, this investment goes south?

Comcast is trying out more flexible ways to implement its bandwidth caps by experimenting with tiered service options.

Apple historically has fought iPhone jailbreaking by warning customers that their device warranties will be voided if they muck around with the innards of their Apple products. Now Apple appears to be taking its disapproval of jailbreaking one step further by censoring at least some references to "jailbreak" in its U.S. iTunes store.

Zach Nelson, chief executive at NetSuite, has publicly thanked rival SAP for renewing a cloud computing license with his company, instead of using its own software.

A man from West Sussex has been sent to jail for 12 months after hacking into a private Facebook account.

Apple has apparently won control of the iphone5.com domain, according to changes in a Web record of the URL.

SSD maker RunCore's InVincible SSD can wipe your data using one of two methods: overwriting the entire disk with meaningless code or frying it with voltage.

Social media -- Facebook, Twitter, LinkedIn, Google+ and so forth -- has become a way of life for companies and their employees to interact with the public, but beating back the fraudsters that try to prey on customers, not to mention keeping employees from spilling sensitive data, is becoming a full-time job for many.

The next iPhone, which may or not be called iPhone 5, will have a 4-inch screen according to several unidentified sources cited in news stories this week.

Growth in the Ethernet switch market is now being driven by specialized devices for specific applications, rather than evenly across all customer deployments.

Actress Geena Davis, President of Argentina Cristina Fernández de Kirchner and Huawei Chairman Sun Yafang have been named winners of the 2012 ITU World Telecommunication and Information Society Award for their efforts promoting information and communications technology (ICT) to empower women and girls.

Apple devices -- ever more popular in the workplace -- are about to become more popular with cyber criminals.

The malware business growing around Google Android -- now the leading smartphone operating system -- is still in its infancy. Today, many of the apps built to steal money from Android users originate from Russia and China, so criminal gangs there have become cyber-trailblazers.

T-Mobile USA clarified its latest restructuring plans and said the changes will result in a net 350 job losses, not 900 as reported earlier.

Cisco announced yesterday three pre-tested bundles of products and services designed to cut through the confusing complexity of enterprise mobility.

Developers have discovered that users running iOS 6 have been accessing their apps.

Apple has succeeded in stopping the HTC One X and Evo 4G LTE smartphones being shipped into the US, with reports emerging that the devices are being held back at customs.

Apple is hoping to dismiss a set of class-action lawsuits accusing it of falsely advertising Siri. The lawsuit claims the iPhone 4S's voice activated assistant feature doesn't work as advertised.

Microsoft should have "skipped media players completely" and instead produced "the coolest music service for your phones ever."

Big data is increasingly being seen as a significant problem by the UK's investment banks, where 67 percent believe that in-memory analytics will be the predominant architecture deployed within the next three years to help tackle it.

Morgan Stanley International has been fined APS35,000 by NASDAQ OMX Stockholm after a coding error in its algorithm software caused unusual volatility in the market on 30th November last year.

The controversial file-sharing website The Pirate Bay has experienced a distributed denial of service attack, according to the site's Facebook page.

Sometimes you pull the short straw.

As one of three credit bureaus in the United States, Equifax keeps financial data on every adult in America, plus people in 16 other countries. But the company knows much more than just what goes into an old-fashioned credit score.

Pure Storage today announced the second generation of its all-flash array, which can now be configured for high availability.

Chip maker Intel today announced the launch of its third generation Intel Core vPro processors, codenamed Ivy Bridge, designed for use in business laptops, desktops and "intelligent systems".

Netgear's first 802.11ac router, the R6300, will go on sale next week for $200, the company announced at a news conference yesterday. Touting the benefits of the next-gen Wi-Fi standard, the company also announced two more 802.11ac products: a lower-end router and a USB adapter for notebooks, both due this summer.

When Android 5.0 "Jelly Bean" launches this fall, it will appear first on several new mobile devices sold by Google itself as part of the "Nexus" line.

Just days before Facebook's much anticipated initial public offering, one of the largest advertisers in the U.S. has decided to stop advertising on the platform. General Motors will stop advertising on Facebook because it has determined that paid ads on the site are, well, not effective, the Wall Street Journal reports.

Is the bloom off the rosy market for mobile phones?

In Verizon's quest to kill unlimited data, even customers with "grandfathered" plans are on the chopping block.

Google today unwrapped the first part of its efforts to overhaul its search engine capabilities to incorporate more semantic search capabilities. Here are three of its key features.

The executive director of Utah's Department of Technology Services has resigned over a data breach two months ago that exposed the Social Security numbers of about 280,000 Medicaid recipients.

The meteoric rise in the smartphone market is creating a dangerous vulnerability in smartphone security - one that may not be patched until the problem expands into what has been dubbed an "apocalypse."

A Microsoft in-store program that scrubs "bloatware" from Windows PCs will also be offered when Windows 8 machines reach the market later this year, a company representative said.

It's an ideal in identity management: a centralized role-based access control system that supports single-sign-on (SSO) user access to authorized applications tied into the human resources systems for automated provisioning and de-provisioning, and the ability to integrate physical-security identity badges for room access.

The vaunted Google search engine is set for an upgrade that will make it easier for users to find the information they need by putting their searches in context, the company said Wednesday.

Juniper Networks is negotiating a deal with Radware to license application delivery controller technology from the company, according to investment firm Oppenheimer & Co.

Samsung has become the clear leader in sales of Android smartphones as Gartner today reported that it accounted for 40% of worldwide Android sales in the first quarter of 2012.

Internet Security Threats: Who Can Read Your Email?

Software Software