Comments for Just how secure is email, anyway?

Comment from Henry on 2011-10-18

2011-10-18T21:49:26Z

I agree with Andrew, peer review is essential to ensure security and no back doors. Right now I'm using encrypted email from CryptoHeaven, the source code for peer review is posted here: http://www.cryptoheaven.com/Download/download-advanced.htm

I'm really liking the additional features of this software and service.

Henry.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Mark J on 2011-09-19

2011-09-20T04:57:53Z

@Andrew
Sendfilessecurely website may be a reliable website, but when it comes to encryption, the only really safe methods are peer reviewed open source encryption software. Otherwise, there could be vulnerabilities or even a back door. This article explains one of the most accepted methods of encrypting email.
http://ask-leo.com/how_do_i_send_encrypted_email.html

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rar on 2011-08-29

2011-08-30T05:01:45Z

"Leo, I was quite interested in the responses to your post, there are some paranoid nutters out there. I agree with you, intercepting emails is incredibly difficult. If you think otherwise please send me an application were I can type in an arbitrary email address and receive copies of the emails going to that address.

Posted by: Fred Habuckle at October 4, 2010 5:49 AM"

Fred - are you serious? It is clear to me you don't know very much about the field of networks, IP packet transfer, or data security in IT. Magical 'applications' like that do not exist, applications are constructed of layers of architecture that extends beyond the GUI.

Just because sniffing personal/business emails isn't as simple as entering text in an application and waiting for the reply, doesn't mean it's 'incredibly difficult.'

But, having studied IT and worked in the industry for a few years now, I've almost given up trying to educate the end user of this. Until I see comments like Fred's and articles like Leo.

Leo - your article is misleading and above all ignorant. Sending emails is NOTHING like online transactions, which use HTTP/s, in-house or OOTB e-commerce security, MD5-or-other encryption. Email, largely unencrypted has none of this. A little embarrassment? Try ... loss of business, reputation, personal life impacting on getting a future job or keeping our current one, ex-girlfriends/boyfriends being able to find where we are - anything...

I could explain more about how an email is constructed, packets and how they are stolen and rerouted but as far as it goes - I'll make this analagy, it's as simple as intercepting a courier carrying an envelope, yanking it off him and then opening said envelope.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Jim Severs on 2010-11-13

2010-11-13T19:57:06Z

I was asked to send an email to a person for a friend. Then I sent another email to the friend saying that I had sent the email to this person as requested. Within the hour I received an email from this person along with a copy of the message I sent to my friend. What happened and how can I protect my email from being seen by this person?

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Fred Habuckle on 2010-10-04

2010-10-04T12:49:09Z

Leo, I was quite interested in the responses to your post, there are some paranoid nutters out there. I agree with you, intercepting emails is incredibly difficult. If you think otherwise please send me an application were I can type in an arbitrary email address and receive copies of the emails going to that address.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Brent Faulk on 2010-09-06

2010-09-06T18:29:39Z

It's excellent to see that this issue is getting increased visibility. Many comments are dead on about the extreme vulnerabilities of traditional email. The reality is you don't need to protect/encrypt all email, but you know that when it comes to sensitive information, you have to have something in place. It's easier than you may think to do this. Check out www.neocertified.com

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rhys Jaggar on 2010-09-01

2010-09-01T14:56:57Z

I can tell you with absolute certainty that Gmail is NOT secure. There is a certain woman who wishes to destroy my life and lets me know, each time I change email address, that she knows I did so, courtesy of her links to the female mafia within the spyops part of UK plc. She then gets her friends to claim they'd like a drink hence asking for my email address, they don't contact, but miraculously, a few months later, an email appears when I go to stay somewhere else - just 'saying hi. I could list numerous more, but it would be just this and that different.......

It's endemic in business, trust me. You type anything on your PERSONAL PC at home and certain execs know about it, despite you not being connected to the internet. Trust me, you test it in ways that are truly humiliating......thing is, the UK media mafia are at it too...........

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from cmtost on 2010-07-25

2010-07-26T04:04:19Z

I have read many of this authors columns and he is very naive and would be an easy target.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from schopper on 2010-07-25

2010-07-25T14:13:05Z

I can only recommend to test Opolis Secure Mail. - The sender decides what the recipient is allowed to do with a sent message. For example a mail cannot be forwarded or printed without permission. And the sender can constantly monitor sent messages. Finally, all emails are fully encrypted .... - and all for free! What else can one wish?

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Angus Bradley on 2010-05-12

2010-05-12T18:07:12Z

Internal email systems are often compromised by their administrators who find it easy and tempting to look at communication between their managers. There's also the risks of misdirection, and the inability to revoke messages if you make a mistake.

I sell www.safedrop.com to lots of government and legal clients, often people who have found out the risks of using email the hard way.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from opolis on 2010-04-30

2010-04-30T09:18:30Z

hello! - for the reasons described in the article above we have decided to launch opolis secure mail: http://www.opolis.eu - we thought that (i) there must be point-to-point encryption; and (ii) the sender must be in a position to decide what the recipient of a mail is allowed to do with it (eg forwarding, copying, printing). the service is for free. - also if you have any feedback, we appreciate this! - thanks!

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from fittens on 2010-04-15

2010-04-16T00:55:10Z

I learned the hard way that email is easily intercepted. My BF had issues with someone accessing his hotmail account and sending emails to family members. He asked a friend at a government agency to see if he could track down the person. In the midst of trying to find this person he looked at all the email addresses in my BF's inbox. He dug up an email which put me in a very awkward position with my BF (no I wasn't cheating). There is no other way he could have found this information out. He did this without breaking the law and without requiring a warrant. I'm waiting to hear from an expert in this field because I want to make sure nothing like this ever happens again. All that to say if you put it out there and it's not encrypted it can come back and bite you in the backside.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Tj Olish on 2010-04-01

2010-04-01T20:14:10Z

E-mails are able to be intercepted - period.
Tools are available and have been since mid 2009.
A study was released in early 2009 that showed that the average age of hackers "targeting" small mortgage brokers is 14.
The chances of 95% of the e-mails sent have no intrinsic value to anyone but the sender and receiver.
The reality is that the vast majority of the intercepted e-mails fall into two buckets.
1- the e-mails that are never identified as being intercepted. How do you really know?
2- incidents of e-mails that were compromised and were identified, but never officially reported as being intercepted.
But those who send Highly Regulated Content (HRC) over the open public internet need to take appropriate steps to protect that data as there are potential legal/financial/regulatory consequences in the event of a breach.
Specific language is now in some business liability insurance policies that exclude any coverage for any electronic transmissions (e-mails).
There are cost effective solutions out there that transfer the risks associated with a breach of data in "the cloud". Just need to do some digging

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Deana on 2010-03-25

2010-03-26T00:37:15Z

I agree with the other responders here. Indeed you need to worry about the privacy and security of your email communications. All you need to do is turn on the television or read a newspaper to hear of yet another ISP or Email Provider being hacked. Most of these hackers haunt the social media with relentless patience until they find that person who things that online security efforts are for the paranoid. Please check out WWW.privacyharbor.com for an easy and low cost solution to your online identity, the prices range from free to just 9.95 and as a bonus, your storage and attachment sizes exceed the common email carriers by far.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Esteve on 2010-03-15

2010-03-15T14:49:14Z

It is true the most users or companies will net get attack, however, you'll will not know when you are being attacked. Therefore, it is necessary to encrypt your sensitive data when sending email to outside of your organization (external parties). It is dangerous to say that post an article as such, because if you have an individual or acompany email messages got sniffed you became 100% vulnerable and therefore its too late for you and your data.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from terry Kelleu on 2010-03-09

2010-03-09T10:46:05Z

I agree with the others. the author has only considered one par of what constitutes a "risk". In this case the liklihood of it happening.

What he has not considered are the implications or severity of it happening. Brushing it aside under "Again, in most cases the cost is negligible ... a little embarrassment at most."

"My business requires the emailing of some sensitive information on a regular basis. "

This isn't embarassment. It can lead to failed business, court cases, good knows what else. Anybody not implementing a simple email encryption procedure in these circumstances probably deserves everything they get.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from John on 2009-09-22

2009-09-23T04:32:15Z

E-mail is easy to intercept even on wired networks. Ever hear of ARP Cache Poisoning, DNS spoofing, or ICMP redirect attacks?

All of the above can be used to intercept any type of unencrypted communication on a wired network.

Even if you trust people on your network, a compromised server on the recipients mail server network could be used to intercept email.

Being paranoid about sending private data via email is a *good* thing and is not just for the people who wear tin foil hats.

There are many attacks other than sniffing too.

Do you trust that your recipient has a secure password on their email account, or that their computer is virus free?

Twitter learned this one the hard way, see: http://news.softpedia.com/news/Social-Engineering-Used-to-Compromise-Twitter-117172.shtml

Sorry Leo, but you are dead wrong. I'd strongly recommend that you retract this article. It is really dangerous to tell people that it is O.K. to send private data via e-mail.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Bryan on 2009-05-07

2009-05-07T16:08:19Z

Communicating through email is almost never safe. Unless you are using encryption (most do not) your data may be intercepted. Probalby not by some big time hacker, but more likely a wanna be hacker, 13 year old so called "script kid" who runs scripts that were prewritten to do such things. If you don't want to go through the hassel of encrypting your email you can use a service which handles the messaging aspect for you such as www. PrivateInformationExchange.com.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Tim on 2008-09-29

2008-09-29T16:13:42Z

Are there any firm, researched statistics about this? To be meaningful, if would have to include incidents of hacking (say) per million, sub-divided by method of hacking.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Frank Hughes on 2008-09-17

2008-09-17T18:10:58Z

Yes, solutions can be expensive, but what is the cost when one of your associates in human resources sends your 15,000 employees' SSN's to the wrong address and it gets picked up by the media? Hosted off-site solution work, but add more critical components that must be safeguarded. If the hosting company has a leak, your customers still ascribe the blame to you.

Consider options surround the choice to encrypt and whether to use a hosted solution very cautiously.

Frank
Strategic Data Management

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from monty on 2008-08-25

2008-08-25T21:45:32Z

With all the hype now a days with hackers and systems being sabotaged and or comprimised i too was concerned with my companies safety and security when it comes to email information going over the airwaves. I did a lot of research into getting our own system and i found out pretty quickly that it can get very expensive and up into the 40-50k range to secure your emails with different sofisticated systems out there.Well i did my job and did more research i found a company that specializes in this market and saved thousands of dollars. the company is called www.global-datasolutions.com and we now have a pretty sofisticated system in place through them, using desktop PGP and we are also using the blackberry devices through them as well equipped with PGP.Its a pay as you go service and it includes unlimited world wide roaming/24-7 tech support/the blackberry device of your choice and best of all they customized the plans according to our own specific needs.
if you need security go and check them out you will save tons of money.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Leo on 2008-05-13

2008-05-13T20:00:42Z

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I don't think so.

Leo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFIKfNgCMEe9B/8oqERAtvJAJ9tMOQ/ZR5c94ps/s3MleIpj8RO9gCfbpST
zspatixw/uu+i/BPrC5CarM=
=XJ/5
-----END PGP SIGNATURE-----

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Roberto on 2008-05-12

2008-05-12T21:53:05Z

Does exchange server encrypt emails at the form the LAN to the WAN?

Thanks

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Rick on 2008-02-21

2008-02-21T20:19:41Z

There are email services available that use encrypted links by default. A list of providers and further discussion can be found at novo-ordo.com. While it is true, few people are targeted, I suspect the environment is becoming more hostile for the average Joe.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.

Comment from Finn61 on 2007-08-07

2007-08-08T06:00:23Z

I disagree with the tone of this response. Comparing email to online purchases is misleading. Almost all reputable online retailers will use encrypted HTTP to perform transactions over the web (usually your browser will notify you of this by displaying a padlock or similar icon when browsing a secure page). On the other hand email by default, is transmitted as plain text. Like most data on the internet it also passes through many networks and servers on the way from source to destination. It would be trivial for any one of these intermederies to automatically take a copy of all emails that contained credit card numbers. The fact that 99% of emails are boring is meaningless to a program searching for key words. As such I would advise your readers to always think before sending sensitive or financial information via email and follow your practice of encrypted attachments when required.

]]>

A comment on: Just how secure is email, anyway?

Tech Questions? Get Answers! - Ask Leo! ... by Leo Notenboom
Leo's Answers Newsletter - Ask Leo! in your inbox every week.