Stick to a Secure Webmail Connection

First, to combat e-mail snoops, use a Webmail system with HTTPS for the whole session. Almost all Webmail systems use HTTPS when asking you to log in, so your password is transmitted securely. After authentication, however, they usually switch back to HTTP because it reduces the computational strain on their servers and makes serving advertisements easier. That means that everyone who is on the same wireless network (either unencrypted or with a shared password) can read the content of your e-mail. In certain cases, a person can even steal your session cookie and log in to your Webmail session without your password. (That is, until you click the ‘Logout’ link—which you make sure to do every time, right?) Two very notable exceptions are Gmail and your corporate e-mail system (such as Outlook Web Access). Earlier this year, Gmail switched from the common practice of using HTTPS just for logins to using HTTPS throughout the entire Webmail session. Previously, Google Apps users could opt in to this feature, but it is now the default setting, with the ability to opt out (if you hate security). This change, combined with Google’s new suspicious login detection algorithms, makes Gmail a standout among free Webmail providers. If you were looking for a reason to switch from your AOL, Hotmail, or Yahoo account, you’ve found it. Your company’s Webmail system is also likely protected by HTTPS at all times, because that is the default configuration for most systems. Note, however, that if you check your work messages using local software (Outlook, T underbird, Mac OS X’s Mail) instead of HTTPS Web-based e-mail, you may or may not be using encryption.

Source of Information : PC World July 2010


Subscribe to Developer Techno ?
Enter your email address:

Delivered by FeedBurner