Download Free E-Book

Get Chitika Premium

Down with hackers!!

Saturday, December 1, 2007

This article has been published in MIMOSMIND, a MIMOS Berhad’s newsletter, September 1999 issue. Most of the text is original as published, but I do a minor adjustment where necessary. I believe this article is still relevant as people, sometimes, not take this matter seriously enough.

Do you subscribe to free email accounts such as Yahoo!, Google Mail, Hotmail, Zdnet Mail and USA Net? I bet you are. Free web-based email services (or web mail) are a common feature on most of the portal sites. They keep visitors coming back, and this will increase websites traffic. Web mail lets you check your email from any computer that is connected to the internet. Best of all, it’s free!

Without doubt, people like the idea of a constant email address. With web mail, one can keep the same address even though there is a change in jobs, schools, or the internet service provider (ISP). For instance, if I switch from using JARING to TmNet Streamyx, my email address may change from hizamlusi@myjaring.net to hizamlusi@streamyx.com. This is true even though the ISP provides web mail service as well. But my web mail address stays the same, hizamlusi@yahoo.com or hizamlusi@google.com.

Some people also like to idea of anonymity provided by web mail. You can use whatever name you like, as long as you type in the information required by the portal sites. You can utilize words according to your taste such as ‘hantu’ as your email ID and put in ‘pokok kelapa’ as your first and second name. Somebody staying in Kuala Lumpur can type in a fictitious address, say Kuala Nerang, Kedah.

But then, what about security vulnerabilities with web mail? Is it safe from hackers – people who gain unauthorized access to computer or telecommunications systems (such as the internet and intranet) for the heck of it?

Some hackers try to obtain internet user passwords under fraudulent pretences. This is mostly done through emails with false headers, which give users the impression that the email is coming from a valid source. The email will make a request for the Internet user’s password. Users should beware of emails that ask for passwords in exchange for gifts as pirated software or pornographic pictures. Sound so stupid, but so many peoples already being cheated.

Some hackers will also try to log-on to your web mail. Several email services allow an unlimited number of log-on attempts. This means that malicious internet users can try password guessing and brute-force password attacks on account that uses those systems.

Some portal sites even ask the hacker if they require help in recalling the password. Scary huh? Thus, it is very important that internet users select passwords that make guessing game and password-cracking as difficult as possible. Your password is the first line of defence against potential hackers.

All web mail services in portal sites have policies regarding security and mass distribution of unsolicited email or spamming. However, repeated log-in attempts are not prevented. Furthermore, the user is not notified when a number of failed log-in attempts have occurred. This weakness in the system affects many internet surfers.

To circumvent this, the best thing to do at the first stage is to have an official email address with an ISP for official, business related and other important communications purposes. Use portal sites email addresses for less important messages. You can also implement the secure socket layer (SSL) protocol or other latest security solution for log-in and for accessing information. SSL encrypts the data that you send and receive from a website and has no discernible effect on your system. It protects your email privacy.

There have been additional attempts to make email increasingly private with the use of encryption technology. This technology is currently used for commercial or political purposes. For instance, online trading. Applying the technology to email is essentially similar. One uses a public-key distribution mechanism and strong encryption tools to render the text of the message unreadable.

A popular encryption program is the PGP (Pretty Good Privacy) suite, which is now available worldwide. PGP is a public key encryption system that has gained popularity for encrypting and signing email messages. Both commercial and freeware are available.

PGP was developed in the US where strong encryption tools such as this are considered military technology, and therefore not exportable except under licensed conditions. Fortunately, the program’s creator, Phil Zimmermann, put the software on a publicly accessible internet host, from which it spread around the world.

For more information about PGP, its user interface and how to use it, visit relevant websites, such as www.niser.org.my.

0 comments: