Email is insecure but it doesn't have to be

Perhaps you've heard that e-mail is insecure. Do you know why it is considered insecure? Do you know how to secure your e-mail?

Many of the protocols involved with the sending and receiving of e-mail are not considered secure protocols, in the sense that they are vulnerable to eavesdropping. For instance, Simple Mail Transport Protocol (SMTP), the protocol used to route e-mail around the Internet, is typically implemented without any type of transport encryption. This means that unencrypted e-mail messages are viewable to anyone with the tools to eavesdrop on the network connections between mail servers. Post Office Protocol (POP) and Internet Message Access Protocol (IMAP), when implemented without transport encryption, suffer from the same eavesdropping problems as SMTP. Even when SMTP is implemented with transport encryption it does not, by default, require the authentication of e-mail message senders, therefore mail servers cannot be sure that the senders of messages are really who they claim to be. Even though POP and IMAP require users to authenticate themselves, messages are sent and delivered using SMTP. The result is a situation where the recipient of an e-mail message can be positively identified but the sender cannot.

SpoofStick helps users defend against IDN vulnerability

CoreStreet recently released an updated version of their SpoofStick product which helps to address the recently discovered IDN vulnerability in today's major browsers.

SpoofStick is freely available for both Microsoft's Internet Explorer on Windows 2000 or XP and Mozilla's Firefox browser on all platforms.

Sending Cache-control Headers Using Apache's header module

NOTE: If you're using Apache 2.x go here.

I manage a fair number of Apache 1.3x web servers. Most of which are used for virtual hosting. After reading an article by Jeff Fulmer in SysAdmin Magazine entitled "Save Bandwidth and Increase Performance with Cache-control Response Headers" I decided to configure my Apache servers to use mod_header to send the Cache-control header for graphics files.

Countermeasures for Identity Theft from Frank W. Abagnale

An article by Frank W. Abagnale, the lecturer and consultant, entitled 14 tips to avoid identity theft details some good advice for protecting your identity.

Abagnale's tips:

1. Guard your Social Security number. It is the key to your credit report and banking accounts and is the prime target of criminals.

2. Monitor your credit report. It contains your SSN, present and prior employers, a listing of all account numbers, including those that have been closed, and your overall credit score. After applying for a loan, credit card, rental or anything else that requires a credit report, request that your SSN on the application be truncated or completely obliterated and your original credit report be shredded before your eyes or returned to you once a decision has been made. A lender or rental manager needs to retain only your name and credit score to justify a decision.