[GRLUG] Wireless question

Mike Williams knightperson at zuzax.com
Tue Dec 28 10:37:06 EST 2010


  On 12/28/2010 6:29 AM, Adam Tauno Williams wrote:
> On Mon, 2010-12-27 at 23:52 -0500, Mike Williams wrote:
>> It depends on what you're trying to accomplish. It's fairly easy to run
>> an SSH proxy on a Linux box that has a public IP. This will work to make
>> your communications sniff-proof by other users at the free wifi you're
>> using. I believe your DNS requests are still unencrypted, so anyone
>> sniffing could see what DNS lookups you're doing, but that's it. This
>> level of encryption is not the same as truly secure communication, as
> HTTPS, IMAP/SSL is "truly secure" communication.  But it is "secure
> *communication*", of course, you still have to trust the remote end.
>
> And not all inter-MTA SMTP is unencrypted [which seems to be a common
> belief - even among NPR's "IT security&  privacy experts"; who should
> all be fired].  I know the MTA (postfix) at work receives and sends
> about 30% of its messages with TLS enabled.  If the remote MTA supports
> TLS and the cert is valid the two MTAs will encrypt the traffic.  This
> number is rising steadily.
Point conceded, sort of. I haven't dealt with the back office of email 
systems in quite a while, and my email provider has been doing full 
encryption for years, but that's because the guy who runs it is a 
security nut (which I mean in the nicest way possible). Every time I 
have tried to set up a secure connection with anything other than him or 
Gmail, it has failed, although I haven't tried in quite a while. I still 
don't consider email a secure communication medium unless the text is 
privately encrypted with PGP or something. I'm glad a respectable 
percentage of email is using TLS, but until you can be sure that all 
servers that your email will cross are using it and are not compromised 
(which you can't yet), then email is still not for sensitive conversations.
>> once they get to your server, wherever it is, the communication goes
>> unencrypted and can theoretically be intercepted between your server and
>> the email or web server you are talking to. The only way for your email
>> to not be sniffed is to run encryption between your machine and the
>> server. GMail allows encrypted IMAP, but not much else does.
> @*($&*(@$ ???  Just about everyone supports IMAP/TLS.
After some research, even Hotmail now supports it. Any idea how long 
that's been the case?
>>   Still,
>> email should not be considered secure regardless. Between email servers
>> (yours and the other party's), conversations are always unencrypted.
> This is false.
OK, but they're not guaranteed to be encrypted, which amounts to the 
same thing. Not knowing a connection is secure means you should assume 
it's insecure.



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the grlug mailing list