I just got back from a short vacation and am getting back to normal – except normal around here is chaos just about every where else.

Of course, emails come whether you are on holidays or not. To deal with them I created a new Google gMail account and forwarded all my email there. gMail has an easy filter setup – so I was able to filter out all my standard emails, such as newsletters, and have only those from clients and the occasional SPAM left in the Inbox.

You maybe maybe wondering why I didn’t use my company’s webmail. I am paranoid!!

Like most of you, I use a laptop (in my case netbook) to connect through public ‘hot spots’. They have become so common that most of us take them for granted. However, they all have one major flaw – they aren’t secure.

While some webmail login pages are sort of secure – many are not. To check your webmail go to the login page and see if it says http or https in the location bar or look for the padlock icon at the bottom of the browser. Our webmail service uses https – but many don’t.

We have all come to believe that the lock icon and https means we have a secure connection. In most cases that is true. ISPs and other legitimate businesses handling Internet traffic go to great lengths to maintain the security of that connection. However, any time you go through a third party’s server you risk what is called a ‘man in the middle’ attack.

The easiest way to break any security encryption is to have an encrypted and plain text version of the same message. The more text, the easier it is to crack the code. In the case of your connection at "Joe Blog’s Coffee Shop" (the man in the middle) both the plain text version and encrypted versions of the login page are available to Joe’s server. Is the text on a login page enough to make it easy to crack the code? – Yes but it would take a while. But, like I said, I am paranoid!!

Why, is the gMail login more secure, after all it has more text? The text is not always the same – the little counter that indicates the amount of free space available makes the code harder to crack. Also, I deleted that account once I got back from my vacation.

BTW: Banks are the worst offenders for having plain text information on a https server. NEVER log into you bank from a public ‘hot spot’.

Tags: business, email, security, technical

Contact us to find out how TIMR Web Services can help your business