Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: newbie question

From: krymson () gmail com
Date: 5 Sep 2006 21:42:23 -0000
Props to Matt Davis. I'll build on his answer with some exposition. :)

While it might seem like SSL is the obvious answer, let's look at this further, especially with consideration if this 
is China as hypothesized by another responder.

China is in control of the ISPs as well as many (all?) of the "border" routers. This means that even SSL is not 
necessarily secure as all it would take to snoop on this would be a MITM attack for anything heading to gmail.

So what happens when you are not in control of the lines and equipment between yourself and your the external party? 
This ends up being similar to the problem posed a few weeks ago about stopping admins from sniffing an employee's 
traffic.

You need encryption whose key is not transmitted in MITM-vulnerable or reverse-engineerable form, much like PGP. It 
would be best that any email you get be transmitted to you via PGP. It will sit in your Gmail inbox PGP-encrypted. You 
can then download it as you wish, and decrypt it on your local system.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: