© 2003 Wonder Software Technologies Private Limted. All rights reserved.
|
|
|
|
|
|
|
|
|
| |
|
| |||||||||
|
||||||||||
|
| |||||||||
|
||||||||||
|
© 2003 Wonder Software Technologies Private Limted. All rights reserved. |
||||||||||
WonderCrypt
How to secure EMail
How to Secure
E-Mail?
E-Mail users
are worried about mail authenticity and its content.
The recent flood of
viruses has created a situation where a many servers have stopped accepting
e-mails from unknown accounts.
It is easy to open as
many e-mail accounts that one can think of, but no account provides the security
that the user is looking for.
E-Mail Server
Vulnerabilities:
1.
The problem begins with the fact that an email sent to you does not
reach you directly. E-mail traverses the internet in a
series
of hops from one server to another until it reaches your POP account server
from where you download
it.
2.
At any one of the intermediate or end servers it can be read,
tampered, copied, diverted to an address unknown to you,
or
stored.
3.
E-mail stays in your POP account server until you download and
delete it.
4.
If you have various e-mail accounts, you might wish to leave it in
your POP server for download to a single archive before
you
delete
it. While stored on your POP server, it can be read as plain text by anyone with
legitimate or abusive access to the
server.
5.
Servers are generally backed-up by ISPs, and backup tapes, with your
e-mail recorded, can remain archived for years
without
your knowing about it.
Various e-mail service
providers claim of secure storage or retrieval of email. However, they donot
tell their customers that they have no control on any intermediate servers that
the mail passed through.
Fake E-Mail:
A forged
return address takes about ten seconds of work, and no technical skills above
using a mouse and keyboard.
To forge a return
address, you simply alter your email address in the settings in your email
software (your email "client"). The next message you send will have the forged
return address; this is a favourite trick of junk-mail senders (spammers).
All that junk mail that looks like it came from blueyed123@hotmail.com (for
example) probably didn't (so don't blame Hotmail; most likely, there is no such
account).
The Problem: If there is
an attachment with an email that you believe, as diplayed in the From box of
your email software, as coming from your trusted friend, colleague or client
then you donot hesitate to open the attachment. The attachment could be
containing a virus that silently sends copy of all mails from the mail store on
your computer to someone unknown who is trying to spy on
you.
Hidden Code:
1.
The most widely used e-mail programs that are
vulnerable to this exploit are those that use popular HTML mail format whereby
e-mail messages look like web pages e.g. Microsoft Outlook, Outlook Express and
Netscape Messenger 6, and other web based email service
providers.
2.
A few lines of javascript can be embedded in such a
message in a manner that is not visible to you as the recipient. This enables
text to be secretly sent to its original sender every time the message is
forwarded to another recipient. You click "reply" during long e-mail exchanges
and a javascript insert of this kind will send copies of all messages that form
part of the exchange to another person. Such an exchange of messages could be a
confidential discussion. Even if you disable your javascript, you cannot be sure
that your correspondent has done the same.
As the list runs long, to keep our
submission brief, we list the advantages of using
WonderCrypt:
By using
WonderCrypt:
1.
Prevent
Information Leaks
2.
Ensure
Information Integrity
3.
Authenticity
of the sender is confirmed.
How does WonderCrypt
resolve the above listed issues:
A
: WonderCrypt encrypts mail message and attachment files using DES
and AES algorithm. No eavesdropper can read the
content.
B
: WonderCrypt signed mail message and attachment files confirm the
sender’s identity using digital certificates.
C
: Mail written on an editor provided by WonderCrypt does not have
vulnerability.