Web Mails disasters
Category : Blog
Web Mails disasters
Web Mails disasters. Checking mails is the regular schedule in everyone’s daily life. But one hacker will think who else has read his emails.
Have you ever seen after reading your own mail from a computer or mobile, the mail got removed. No, there still a copy of it somewhere. Web mail is cloud-based, so anyone can access it from any device from anywhere. For example, if you are using Gmail, a copy of every mail sent and received through that Gmail account is stored on various servers worldwide at Google. This is also valid if you are using mail systems provided by Yahoo, Apple, AT&T, Comcast, Microsoft. Any mail you send can be inspected by hosting company. Yes, third parties can do access to your mails for their own reasons.
The least you can do is to make it harder for them to read it.
Start With Encryption
Famed Hacker Kevin Mitnick explained “Most web-based email services use encryption when the email is in transit. However, when some services transmit mail between Mail Transfer Agents (MTAs), they may not be using encryption, thus your message is in the open. To become invisible you will need to encrypt your messages.
Most email encryption uses what’s called asymmetrical encryption. That means I generate two keys: a private key that stays on my device, which I never share, and a public key that I post freely on the internet. The two keys are different yet mathematically related.”
For example: A wants to send B a secure email. He finds B’s public key on the internet or obtains it directly from B, and when sending a message to her encrypts the message with her key. This message will stay encrypted until B—and only B—uses a passphrase to unlock her private key and unlock the encrypted message.
Method of Email Encryption
The method of email encryption is PGP, which stands for “Pretty Good Privacy” which is not free. It is a product of the Symantec Corporation. But its creator, Phil Zimmermann, also authored an open-source version, OpenPGP, which is free. And a third option, GPG (GNU Privacy Guard), created by Werner Koch, is also free. The good news is, all three are interoperational.
From the article of Kevin Mitnick’s article we get to know that, “When Edward Snowden first decided to disclose the sensitive data he’d copied from the NSA, he needed the assistance of like-minded people scattered around the world. Privacy advocate and filmmaker Laura Poitras had recently finished a documentary about the lives of whistle-blowers. Snowden wanted to establish an encrypted exchange with Poitras, except only a few people knew her public key.
Snowden reached out to Micah Lee of the Electronic Frontier Foundation. Lee’s public key was available online and, according to the account published on the Intercept, he had Poitras’s public key. Lee checked to see if Poitras would permit him to share it. She would.
Given the importance of the secrets they were about to share, Snowden and Poitras could not use their regular e mail addresses. Why not? Their personal email accounts contained unique associations—such as specific interests, lists of contacts—that could identify each of them. Instead Snowden and Poitras decided to create new email addresses.
How would they know each other’s new email addresses? In other words, if both parties were totally anonymous, how would they know who was who and whom they could trust? How could Snowden, for example, rule out the possibility that the NSA or someone else wasn’t posing as Poitras’s new email account? Public keys are long, so you can’t just pick up a secure phone and read out the characters to the other person. You need a secure email exchange.
By enlisting Lee once again, both Snowden and Poitras could anchor their trust in someone when setting up their new and anonymous email accounts. Poitras first shared her new public key with Lee. Lee did not use the actual key but instead a 40-character abbreviation (or a fingerprint) of Poitras’s public key. This he posted to a public site—Twitter.
Sometimes in order to become invisible you have to use the visible.
Now Snowden could anonymously view Lee’s tweet and compare the shortened key to the message he received. If the two didn’t match, Snowden would know not to trust the email. The message might have been compromised. Or he might be talking instead to the NSA. In this case, the two matched.
Snowden finally sent Poitras an encrypted e mail identifying himself only as “Citizenfour.” This signature became the title of her Academy Award–winning documentary about his privacy rights campaign.
That might seem like the end—now they could communicate securely via encrypted e mail—but it wasn’t. It was just the beginning.”
Not fully but some part of the mails third party can read.
Most Popular Training Courses at Indian Cyber Security Solutions