Ahh...The old trick of hiding in plain sight. How many people are going to sit there and read e-mail about your aunt Martha's kidney stones?
Yet, technology can aid the attacker. If I were a hacker, I would most likely use a program to do a word search for such things as "User", "Password", "Visa Number", "Account#", "SSN"...etc., copy those messages and flag for follow up. That's why security is an issue for everyone, not just the companies that violate the basic rules and leave it all hanging out! Unfortunately, the current laws favor those that like to leave it flappin in the breeze. Douglas Gullett, CCNA, CCDA, CCNP -----Original Message----- From: Kevin Crichton [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 26, 2002 3:27 AM To: veins Cc: Dave Bujaucius; [EMAIL PROTECTED] Subject: Re: Unencrypted Email I know people may be worried about sending unencrypted email over the internet, but some critics point out that if you send out encrypted email it is more likely to come to the attention of those parties interested in users using encryption since they would reason that people using encryption have something to hide, even when all they want is privacy. Yours, Kevin Crichton PhD (St. Andrews), MCSE ICL, Lytham veins wrote: > > It is common knowledge that unencrypted messages sent over an unsecured > Internet connection *can* be viewed in clear text and thus the contents > compromised. My questions: > > 1. Is it really easy? How readily available are sniffing tools that > can do this? > > Any common sniffing tool can allow to do that, sometimes with minor > alteration. > > 2. Can it be done from a user's home dial up or DSL type connection? > Can someone in California somehow be scanning mail leaving a New York > location? > > basically, someone would need to compromise one of the mail servers between > the sender and the recipient, so yes it is possible, but no it's not > possible for > everyone. > > 3. Outside of government agencies that have access to selected ISP's, > how likely is it that a company could be targeted by an outside person > or organization? > > it still depends on wether or not a mail server is compromised somewhere. > > veins > >
