E-Mail Privacy and You

This is my last post in this thread. I’ll just summarize by saying that you never have a 100% clear picture of what kind of security threats you will have when the packets travel across someone else’s network. If you are sending your passwords across the wire, and it happens to hop across Joe-Bob’s improperly secured or hacked router then you’ll have a security issue. The idea behind encrypting your important messages is that it doesn’t matter if it is intercepted (which, incidentally, isn’t like physical interceptions-- you never know it happens and the intended recipient still gets the transmission). If this was all stupid “outdated” paranoid nonsense, then why do banks do online banking with encrypted sessions? Why do credit card transactions go across various versions of SSL for online shopping? I don’t think that they would be spending tons of money on extra hardware to support extra software to run these technologies if they didn’t need to protect their information from hackers.

Chet, if you’re cool with transmitting your information over e-mail without HTTPS, GnuPG, or any other protective measure, then go for it. It just seems like you are playing with fire to me. When you end up transmitting something important, and you don’t have a practice set for securely doing so, you’re placing that information in danger.

Because there is a huge difference between email messages and online financial transactions, obviously.

Nevermind.

Few things. Most of what I have seen, to a one, the first thing upgraded is changing dumb hubs to switches. A. Its cheap these days. B. It extends the life of the network. No new network cards or cable needed. A mid sized A 10BT network with switches can outperform a hubbed 100BT. So it is much cheaper to just buy some switches then re-lay the entire infastructure. At the very worse, they bridge their segments and you are contained in a small pool of computers.

synic, from your example, I still don’t think you understand how packet sniffing works and the issues.

It WAS an issue, because previously, all network traffic was typically broadcast to everyone else on that section, so each computer actually got to see everyone else’s packets. This was a real pain because if one guy was doing anything network intensive, it will kill that whole section.

Typically, using your scenario, if someone made one computer on the network a packet sniiffer at the school’s library - which doesn’t make sense - he has one computer he can sniff, which of course as stated before, the real issue on a one to one computer is a keylogger, not a packet sniffer.

Again, I don’t mean to pick, but do you understand packet sniffing?

And internet traffic is not routed will-nilly. There is no Joe Bob’s network, again long gone. For the typical univeristy you might have redundant access points to various carriers, they route your message to the nearest peering point to the next skip down towards the destination. Just because you are on the internet, does not mean all of a sudden one day all of Citi-bank’s traffic is hitting your personal router, that isn’t how it works.

And really, why would you send financials thru email? Do you mean to tell me you somehow send emails with CC information to make purchases? And for your scenario to work, I guess it would be cool if i only emailed 3 other guys from my computer lab, but I live in the real world, if i send someone an encryped email, they aren’t going to know what to do, it would be like, using your analogy, sending all my snail mail only after I transcribed it into chinese. Not all that helpful, but damn! its secure.

Chet

Isn’t that the whole premise of Gmail that what you’re writing isn’t that sensitive. I mean at work I suppose I send emails that have information that if it became public could hurt the corporation, but just normal email to my wife, family, or friends is mostly pretty boring vacation plans, grocery lists and rude insults. I would rather you didn’t, but if you’re going to sniff packets to get at that stuff more power to ya. You might find it easier to just eavesdrop on me as a yak away on my cell phone.

Tim, could you turn a bit more to the left when you’re talking? Uh, no reason… no reason at all. Oh, and speak up a bit too.

• Alan

Dude. Seriously. Any traffic which is broadcast between any two wireless devices (say a PC and an access point) which is not encrypted can be sniffed. It’s fucking radio. It doesn’t require delicate intrusion into the datalink layer of the connection or anything. There is no hacking involved at all to sniff and log it. Hell you can even sniff encrypted traffic, and if the poor fucker is using some default 40-bit key bullshit, even your mama’s 486 can brute force it within a couple hours (your personal high-speed gaming rig will knock it out in between QT3 posts).

Further, any wireless access point, router or otherwise, which broadcasts a SSID and is not secured to use authentication per MAC address is wide open. WIDE FUCKING OPEN. Period. Hands down. Sniff packets, use the connection yourself, whatever. No hacking involved. Oh did I mention that that describes 99% of all store-bought wireless access points with their default settings?

Anyways back on “private” webmail, there are a number of points of vulnerability. First the mail servers communication link to each other can be compromised or sniffed in the middle. Second the mail server itself can be administered by an unscrupulous turd (or compromised) and mail spool files are just plain text, kids. Third, the webmail web app which gets the mail from the mail server can be compromised or can have a little “copy to my russian hax0r address” line in it. Fourth the internet connection between the end user and the webmail server (and if a webmail server becomes widely used enough, don’t you think an attacker will try and compromise the routers “closest” to it?). Finally the end user’s web browser with Active-X applications writing all the information to another Russian e-mail address.

That’s alot of places to be concerned about, and alot of involved parties, if one needs to ensure complete confidentiality for anyone using a webmail application. The best anyone currently has is PGP to secure points one and two and SSH to secure point four. If you really got crazy you could actually just use the webmail app as an envelope and copy-and-paste e-mail to and from it into a second app running on your PC which handles a public-key encryption. Thus at all points 1-5, the mail is encrypted no matter who compromises what. But that would be pretty stout.

Shift6, as I SAID, yes unencrypted wireless traffic is an issue, but my point was that does not mean it will spoil the other traffic being handled by the router. As for using the connection yourself etc, that is not spying on the data stream.

And hey, while it is exciting to yell at me thinking my point is some liberal view, if you check the original post it has nothing to do with wireless and wireless only came up as the worst case scenario that as I said WOULD BE affected.

Chet

I wasn’t yelling. Anyways I was replying specifically to your point that “First, even with wireless, most newer wireless routers are switches, so you could not sniff the packets passing by unless you hacked the router.” That is simply completely false. I don’t like the idea that someone may think that their wireless connection is safe from being sniffed because their Best Buy DLink wireless access point is a switch. The traffic won’t be interfered with, true, but that’s not sniffing, that’s a collision. I got the impression from your original post that you were discusing traffic monitoring, not collisions.

And I did spend the rest of my post just briefly mentioning the five locations of vulnerability in any webmail setup, whether there are wires or not. This was my attempt to contribute to the original thread topic at hand in addition to my reply to your post.

FYI, PGP and S/MIME are totally broken

EFF has been in contact with the researchers and confirms: uninstall PGP now.

Our advice, which mirrors that of the researchers, is to immediately disable and/or uninstall tools that automatically decrypt PGP-encrypted email. Until the flaws described in the paper are more widely understood and fixed, users should arrange for the use of alternative end-to-end secure channels, such as Signal, and temporarily stop sending and especially reading PGP-encrypted email.

Not at all. The implementation in most popular email clients is broken. Basically you embed a foreign resource like an image and it appends the decrypted email content to that HTTP request. You need to intercept the email first (which in of itself is not trivial), change it, send it on with forged headers, and then the end recipient need to look at it with HTML rendering active.

This doesn’t mean that all previously sent encrypted email can be decrypted, which would be really scary. It means you should turn off HTML rendering until your email client patches the problem, which they will all do in a week or two.

OpenPGP Foundation devs are characterizing this as bad client behaviour ignoring error states and less of a fundamental flaw in PGP.