They're watching you
I’m in a technical twilight area in many ways. For example, people who know more about network security than I do would probably find some of my common practices dangerously reckless, or at least negligent. People who know less think many of the things I do are signs of paranoia.
Well, if the shoe fits…
Let me play black hat for a moment and show what’s possible. Visualize a public network. Could be the free Wi-Fi at Bart’s, could be the college library, whatever. I walk in there, open up my laptop, and go on the network with a packet sniffer. (Packet sniffers are important network diagnostic tools, so yes, I’ve got one. It’s just unethical to run them without the network admin’s permission.)
I would bet that within ten minutes I’ve picked up someone’s email login and password. That’s nothing, though, right? Who would want an email password? Well, do you use that password somewhere else? Maybe at your bank? One-click ordering from Amazon? Is it a valid user-id for a machine somewhere, which means I now have user privileges on a server and access to a website I can deface (or just serve warez from?) Did I just get access to your employer’s network? (I hope I’m not your sysadmin.) Can I redirect your Netflix queue now? I wonder how long I would need to hang out in a college library before I had access to several of their systems. Not very long, I’m betting.
It gets better. Did you forget the password to your bank site? To your weblog? Did they just email it to you? That’s traveling over the network in clear text, too.
It doesn’t take much to be paranoid like me. First, find out if your mail host has some provision for secure email. Gmail users can just change the http in the website address to https and be secure. The host for my websites and mailboxes offers “IMAPS” which is simply the IMAP mail protocol over an SSL connection; I suspect they offer the analogous POP feature as well. Apple Mail and Thunderbird can take advantage of this; it’s as simple as checking a box marked “Use SSL” in the mail server options.
If none of that covers you, you may want to take a look at the excellent article by Doug Bowman on Secure wireless email. It’s focused on Mac OS X, but has leads for Windows users as well, and presents the case for securing your connections quite compellingly. Don’t skip the comments, either.
And remember: just because I’m paranoid, doesn’t mean the guy in the corner with the Powerbook isn’t running a packet sniffer.
Now Playing: Galapagos from Cherry Marmalade by Kay Hanley
![[Swinging off a dragger, Cundy's Harbor, Maine, July 4th, 2003]](/images/cundys_harbor.jpg)