Wednesday, January 24, 2007

Email security issue

In Security Now episode 61, Leo and Steve talked about some of the security and privacy issue with ISP. The concern is that our ISP may be able to keep track and monitor what we are doing on the web IF we don't secure the our communication channel such as using SSL or VPN.
One interested topic get my attention is about sending secure email. You may not know that even if you encrypt your email data through SSL and send it, you still not secure your data because SSL encrypts the data at start point and decrypts the data at the end point. Therefore, your message is decrypted at your ISP, and then your ISP foward your DECRYPTED message to the destination. Notices that the link between your ISP to the destination is NOT encrypted, and your data is at risk of being exposed.

No comments: