Comments on: The Wire: Google Security Edition http://krebsonsecurity.com/2010/01/the-wire-google-security-edition/ In-depth security news and investigation Fri, 30 Jul 2010 04:29:12 +0000 hourly 1 http://wordpress.org/?v=3.0 By: JCitizenhttp://krebsonsecurity.com/2010/01/the-wire-google-security-edition/#comment-4458 JCitizen Thu, 25 Mar 2010 01:52:25 +0000 http://www.krebsonsecurity.com/?p=451#comment-4458 The news that Gmail is planning more secure 'always on' https:\\ communication, is heartening, but they have a lot of work to do on that.From what I understand, many of the hops a typical Gmail message takes are between servers that do not encrypt the messages.If this is true, and Google plans on battening down the hatches; I applaud them. But all my clients plan on using encrypted attachments anyway. They have a healthy, "wait and see" attitude. The news that Gmail is planning more secure ‘always on’ https:\\ communication, is heartening, but they have a lot of work to do on that.

From what I understand, many of the hops a typical Gmail message takes are between servers that do not encrypt the messages.

If this is true, and Google plans on battening down the hatches; I applaud them. But all my clients plan on using encrypted attachments anyway. They have a healthy, “wait and see” attitude.

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: M Henri Dayhttp://krebsonsecurity.com/2010/01/the-wire-google-security-edition/#comment-437 M Henri Day Fri, 15 Jan 2010 23:52:28 +0000 http://www.krebsonsecurity.com/?p=451#comment-437 Like Brian, I do hope that Google will make https encryption the default, if not mandatory, on all its many services ; myself, I turned the «always used https» feature on in my Gmail as soon as the bug that prevented the «Send to Gmail» feature on the Google Toolbar for Firefox from working with this setting. But let me say that this is not due to any suspicion that the Chinese government reads my email - those interested in doing so lie, I suspect, much closer to home....With regard to Cpt Canuck's analysis of the possible advantages of using an email client rather than accessing one's email directly on the web, let me point out that email clients can also be targetted by the baddies, as we know from experience with Outlook. And that Gmail now offers an offline option, which means that, as in the case of an email client, already downloaded mail is available if your internet connexion fails....Henri Like Brian, I do hope that Google will make https encryption the default, if not mandatory, on all its many services ; myself, I turned the «always used https» feature on in my Gmail as soon as the bug that prevented the «Send to Gmail» feature on the Google Toolbar for Firefox from working with this setting. But let me say that this is not due to any suspicion that the Chinese government reads my email – those interested in doing so lie, I suspect, much closer to home….

With regard to Cpt Canuck’s analysis of the possible advantages of using an email client rather than accessing one’s email directly on the web, let me point out that email clients can also be targetted by the baddies, as we know from experience with Outlook. And that Gmail now offers an offline option, which means that, as in the case of an email client, already downloaded mail is available if your internet connexion fails….

Henri

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: Tweets that mention The Wire: Google Security Edition — Krebs on Security -- Topsy.comhttp://krebsonsecurity.com/2010/01/the-wire-google-security-edition/#comment-402 Tweets that mention The Wire: Google Security Edition — Krebs on Security -- Topsy.com Fri, 15 Jan 2010 02:09:40 +0000 http://www.krebsonsecurity.com/?p=451#comment-402 [...] This post was mentioned on Twitter by Security4all, briankrebs, Christen Gentile, designslinger, Isti and others. Isti said: RT @security4all: Gmail moves to "always encrypted;" cynics see ulterior motives in Google's hack disclosure: http://bit.ly/5aDniR (via ... [...] [...] This post was mentioned on Twitter by Security4all, briankrebs, Christen Gentile, designslinger, Isti and others. Isti said: RT @security4all: Gmail moves to "always encrypted;" cynics see ulterior motives in Google's hack disclosure: http://bit.ly/5aDniR (via … [...]

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: BrianKrebshttp://krebsonsecurity.com/2010/01/the-wire-google-security-edition/#comment-400 BrianKrebs Fri, 15 Jan 2010 00:20:32 +0000 http://www.krebsonsecurity.com/?p=451#comment-400 Cpt Canuck is right. There's no security advantage to adding another app to checking your email. That said, newer versions of Outlook are much more secure than older Outlook and OE versions (for example, active scripting restrictions). And yes, Thunderbird is probably safer. Cpt Canuck is right. There’s no security advantage to adding another app to checking your email. That said, newer versions of Outlook are much more secure than older Outlook and OE versions (for example, active scripting restrictions). And yes, Thunderbird is probably safer.

Like or Dislike: Thumb up 2 Thumb down 0

]]> By: Captain Canuckhttp://krebsonsecurity.com/2010/01/the-wire-google-security-edition/#comment-399 Captain Canuck Fri, 15 Jan 2010 00:03:18 +0000 http://www.krebsonsecurity.com/?p=451#comment-399 Outlook isn't the best email client there is in the security sense. Try Mozilla Thunderbird instead.Security-wise, I can think of two advantages for using an email client instead of the web interface:- cuts out your middleman (your browser) incase it has any security issues - if your email server's go offline, you have backups on your computer. Outlook isn’t the best email client there is in the security sense. Try Mozilla Thunderbird instead.

Security-wise, I can think of two advantages for using an email client instead of the web interface:

– cuts out your middleman (your browser) incase it has any security issues
– if your email server’s go offline, you have backups on your computer.

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: JohnJhttp://krebsonsecurity.com/2010/01/the-wire-google-security-edition/#comment-397 JohnJ Thu, 14 Jan 2010 22:20:12 +0000 http://www.krebsonsecurity.com/?p=451#comment-397 When using a webmail service, is there any security difference between logging on at the e-mail web site, and sending/retrieving your mail using Outlook? When using a webmail service, is there any security difference between logging on at the e-mail web site, and sending/retrieving your mail using Outlook?

Like or Dislike: Thumb up 0 Thumb down 1

]]> By: Google, China, and Lawful Intercept | nothing important, just security ...http://krebsonsecurity.com/2010/01/the-wire-google-security-edition/#comment-396 Google, China, and Lawful Intercept | nothing important, just security ... Thu, 14 Jan 2010 22:19:06 +0000 http://www.krebsonsecurity.com/?p=451#comment-396 [...] about it. I’m sure that more details will come out over the next few weeks. Brian Krebs has an excellent summary article posted; I hope he’ll continue to update it. For the moment, though, my tentative conclusions are [...] [...] about it. I’m sure that more details will come out over the next few weeks. Brian Krebs has an excellent summary article posted; I hope he’ll continue to update it. For the moment, though, my tentative conclusions are [...]

Like or Dislike: Thumb up 0 Thumb down 0

]]> By: fhttp://krebsonsecurity.com/2010/01/the-wire-google-security-edition/#comment-392 f Thu, 14 Jan 2010 20:18:12 +0000 http://www.krebsonsecurity.com/?p=451#comment-392 Could you explain to me the effect this is having on Symantecs Norton Anti Virus 2010?I have noticed a change in the way Norton is working.Am I still protected while using Norton?What should I do?Thank you very much. Could you explain to me the effect this is having on Symantecs Norton Anti Virus 2010?I have noticed a change in the way Norton is working.Am I still protected while using Norton?What should I do?Thank you very much.

Like or Dislike: Thumb up 0 Thumb down 3

]]> By: dhttp://krebsonsecurity.com/2010/01/the-wire-google-security-edition/#comment-387 d Thu, 14 Jan 2010 17:52:07 +0000 http://www.krebsonsecurity.com/?p=451#comment-387 Yea, for Google! I was about ready to dump them. Their lack of providing constant encryption has always bothered me. So much so, that I still have yet to try their other products. Much like the poll you just conducted Brian, some people don't care what's lurking out there and some do. I have been a user of NoScript and took your advice about RequestPolicy. Lately, every time I log in to gmail there seems to be yet another cookie. Giving their cookies a short expiration date would be another step in the right direction.

Yea, for Google! I was about ready to dump them. Their lack of providing constant encryption has always bothered me. So much so, that I still have yet to try their other products. Much like the poll you just conducted Brian, some people don’t care what’s lurking out there and some do. I have been a user of NoScript and took your advice about RequestPolicy. Lately, every time I log in to gmail there seems to be yet another cookie. Giving their cookies a short expiration date would be another step in the right direction.

Well-loved. Like or Dislike: Thumb up 4 Thumb down 0

]]>