What does that mean? In plain English, that means anything you type while logged into SquirrelMail can be intercepted and read by eavesdroppers. That includes usernames, passwords, credit card and social security numbers, any student information and communication and even private communications that might be embarrassing and/or compromising.SquirrelMail interface consists of dynamically generated HTML pages. These pages are transfered to user's browser using HTTP protocol. HTTP protocol does not have any built-in encryption functions. Information is transfered in plain text. HTTP traffic contains login passwords and any information viewed or entered in browser.
If you want to secure web traffic, you should use HTTP protocol with SSL encryption. [emphasis added]
Now a little about gmail - not to say that there aren't plenty of other secure web-based mail solutions available. I use gmail because it's free, fast and reliable. When you start using gmail it's through a regular http - unsecured - connection. How do you set up secure email in gmail? It's actually much easier than you would think. Instead of typing http:// just type https:// - yes, it's really that simple - just add the "s" and you're communicating over a secure connection. Now for the dirty little secret. Where does SquirrelMail come from? It's actually part of an open source Linux distribution - that's right, your IT department doesn't pay for it. I learned this fact teaching my Linux course, when we looked at what applications to install. You can also install SpamAssassin an open source spam filter. I love open source applications, but we shouldn't be exposing our communications to eavesdroppers and subjecting ourselves to tons of spam just to save a few bucks. The spam has been addressed - at least for faculty, administrators, and staff - with the purchase and installation of a spam appliance from barracuda. Unfortunately, students are still using insecure email with no reliable spam filtering. Many students don't bother using the campus email solution for these very reasons.
What's the solution? It's not hard. Consider migrating to Google Apps for Education - here's a case study from Arizona State University. Another "quick fix" is to install the already existing secure login and encryption plugins for SquirrelMail.
2 comments:
Hi Mike
I use gmail all the time for work, through google apps. Didn't know about the secure option though. Nice tip! Thanks.
Patricia
Gmail makes a good hosted spam filter
http://www.iopus.com/guides/gmail-spam-filter.htm
Post a Comment