Re: [cobalt-security] Best way to check email securely?

[Michael Korolew <admin@xxxxxxxxxxxxxx>]

At 12:15 AM 23/02/2002 -0800, you wrote:
> Matthew Nuzum wrote:
>
> > Install SquirrelMail (squirrelmail.org) or neomail/acmemail/other
> > webmail program on the server.  Install SSL on the site.  Check your
> > e-mail through a webbrowser using SSL.
> >
> > This is my preferred way.
>
> I could never limit myself to using webmail; there's just too much I
> can't do.  And it's much too slow.

SSL over web mail is a secure option, and one that I would hope many of 
your customers used. You never know who's sniffing who's subnet.

> And even if I did, how could I convince my clients to?  Tell them: "Our
> security policy means you have to change everything you've ever done
> before".  Sorry, but I don't think that's conducive to keeping clients.

Most clients won't even know what the first thing is to keep themselves 
secure. But if you, perhaps create a FAQ or security page on your web site 
explaining the dangers of sending clear text passwords through pop, ftp, 
telnet, web browsing, etc then you could help point out to them these 
dangers clearly, and how to stop someone from snatching their 
passwords.  Using programs like Eudora with apop, sftp from openssh, ssh 
program like SecureCRT instead of telnet, and using SSL whenever they need 
to authenticate themselves browsing, also making sure to change around 
their passwords regularly.

> Jeff
> --
> Jeff Lasman <jblists@xxxxxxxxxxxxx>
> Linux and Cobalt/Sun/RaQ Consulting
> nobaloney.net
> P. O. Box 52672, Riverside, CA  92517
> voice: (909) 778-9980  *  fax: (702) 548-9484
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security