Please Scroll Down to See Forums Below
the only safe email is....
- Thread starter waterboy
- Start date
A firewall doesnt do shit for e-mail, it prevents(tries to prevent) people from getting through it and to a final destination. It does nothing to prevent packet sniffing of info while its being passed from server to mail client. Only way to protect your mail is with a client side encryption program like pgp.
A firewall is simply a filter that sits between one computer(or network) and another. Its a traffic cop of sorts and is given rules to follow as to what kind of traffic to allow through. These rules include packet type (for example UDP, IP, etc) and can also contain a port number, destination and source IP's, domains, subnets etc. There are many personal firwall applications that can run on a desktop PC but they are only as safe and they are configured to be and most people using them do not have the knowledge to make them truely safe.
So what it boils down to is if you have a firewall between your PC and the net, it will reduce your chances of someone getting unauthorized access to your system.
Now that that is cleared up we have to look at how e-mail is sent which is usually one of two ways. From a web browser, in which case the text you enter is passed over the internet to the recieving server/script where it is built into a valid mail message and sent to the recipeints mail server where it waits to be downloaded by a mail client or read in a browser. As you can see, anything leaving or comming into your system is freely available to those that know how to obtain it. Encryption your mail on your desktop prior to sending it means that if it intercepted it can still not be read.
So what it boils down to is if you have a firewall between your PC and the net, it will reduce your chances of someone getting unauthorized access to your system.
Now that that is cleared up we have to look at how e-mail is sent which is usually one of two ways. From a web browser, in which case the text you enter is passed over the internet to the recieving server/script where it is built into a valid mail message and sent to the recipeints mail server where it waits to be downloaded by a mail client or read in a browser. As you can see, anything leaving or comming into your system is freely available to those that know how to obtain it. Encryption your mail on your desktop prior to sending it means that if it intercepted it can still not be read.
I didnt really go into all the details, but secure mail like EF uses SSL (secure sockets layer) to protect the data traveling between your PC and thier server. However, if you send mail to a non EF account, it goes from the ef server to the recipients mail server unencrypted and it can be intercepted on that end.
well, I just checked my elite mail, and I stand corrected. It doesnt look like the EF mail uses SSL so thats a potential security problem right there. It uses java but I am unsure as to what security it offers for data traveling between the user PC and the server.....hmm
1. PC's behind firewalls can be hacked as it is all dependent upon the knowledge of the person configuring the firewall. However, everyone using a home computer should have something like Zone Alarm or Black Ice installed. Zone Alarm much prefered.
2. Everyone on this board who communicates with anyone else regarding illegal activity should be using PGP. It's freeware for NT/95/98. The freeware version for Win2k is not out yet. But it can be bought for around $50. What PGP does is it uses public and private keys to encrypt and decrypt messages. A sender encrypts a message using the recipients public key and the receiver decrypts the message using their own private key. PGP also uses digital signatures which ensures that the message has not been tampered with in route to delivery. If your receiver does not have PGP you can create a self decrypting archive file. What this does is encrypts a file and sets a password for decryption. You tell your recipient the password and they enter it to decrypt the file.
3. Get a program like Evidence Eliminator, which will "permanently" delete certain cached files and selected files from your hard drive. Just deleting a file will not do too much. Someone with a security background could still retrieve a deleted file from your hard drive (ie if your computer gets confiscated).
Too much info for some I'm sure and others like Zyg will probably know exactly what I'm talking about. The key is everyone should be using PGP as it is free and fairly easy to use. The newest 256bit encryption is out and it is basically hacker proof for the time being. Go to tucows.com to dowload PGP for free.
2. Everyone on this board who communicates with anyone else regarding illegal activity should be using PGP. It's freeware for NT/95/98. The freeware version for Win2k is not out yet. But it can be bought for around $50. What PGP does is it uses public and private keys to encrypt and decrypt messages. A sender encrypts a message using the recipients public key and the receiver decrypts the message using their own private key. PGP also uses digital signatures which ensures that the message has not been tampered with in route to delivery. If your receiver does not have PGP you can create a self decrypting archive file. What this does is encrypts a file and sets a password for decryption. You tell your recipient the password and they enter it to decrypt the file.
3. Get a program like Evidence Eliminator, which will "permanently" delete certain cached files and selected files from your hard drive. Just deleting a file will not do too much. Someone with a security background could still retrieve a deleted file from your hard drive (ie if your computer gets confiscated).
Too much info for some I'm sure and others like Zyg will probably know exactly what I'm talking about. The key is everyone should be using PGP as it is free and fairly easy to use. The newest 256bit encryption is out and it is basically hacker proof for the time being. Go to tucows.com to dowload PGP for free.
the mechanic
New member
Just be safe and use PGP encryption. It is free to download and easy to use once you figure it out.
