OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: [Full-disclosure] Re: Gmail emails issue

From: John Dietz (www.whitewolfgmail.com)
Date: Fri Aug 04 2006 - 15:13:16 CDT


Yes, I realize SSL is not that secure either, but I was just using it as an
example in comparison to plain ole pure-text email. The point I was making
is not to assume your emails are in any way private/secure. You must use
something else if you want any kind of "secure" communications medium.
There are plenty of solutions out there with varying levels of security, but
I had no intent on going through these and comparing them all.

On 8/4/06, L. Victor <fullblaststormgmail.com> wrote:
>
>
> 2006/8/5, Denis Jedig < seclistssyneticon.de>:
> >
> > > On Fri, 4 Aug 2006 11:45:01 -0500 John Dietz wrote:
> > > > if it were. If the information you are sending/receiving is of a
> > > > particularly sensitive nature, I would suggest you find some other
> > > medium,
> > > > such as SSL with encryption.
> >
> >
> Even connections with SSL can be dumped, analysed by providers and
> successfully decrypted in some cases such as if only the destination server
> has its own sertificate, but user doesn't.
>
>
>

--
There is intelligence is in having all the answers, but wisdom lies in
knowing which of the questions to answer.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/