So You Really Thought Your Email Was Private?

Presented by

Michael Scheidell

About this talk

The concern with many email systems today is that any individual with access to any of the switches, routers and hubs between your outbox and your recipient's inbox is able to read your unprotected email. Even if the email body is encrypted, the header data can offer vital clues to prying eyes. Cyberspace is filled with individuals and organizations who constantly seek information to exploit for profit or malice. This presentation reviews various email encryption solutions, and includes a live demonstration of their respective weaknesses. Using Wireshark (packet sniffer), Traceroute (router and POP counter), and Telnet (to simulate email), the following will be demonstrated: Outlook: Send normal email via non encrypted channel. Use Wireshark to decode captured email. Outlook: Set up for PGP encryption; import PGP keys; exchange PGP keys with recipient. Send PGP email; capture packets to reveal mail headers, same as S/MIME. Outlook: Send email via TLS encryption. Capture packets, reveal mail headers. Outlook: Send secure email, using required tag [SECURE] in subject line; or, install plugin. Windows Mobile: Send email over SSL, show outbound email decrypted. Gmail: Connect to gmail via secure browser (Firefox on https). Send email, watch as Google unencrypts email after it is sent. This session explores the regulatory, systemic, and practical aspects of email encryption to assist IT professionals and email administrators in making effective choices to protect their organizations’ email communications.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (857)
Subscribers (47987)
The International Council of E-Commerce Consultants (EC-Council) is a member-based organization that certifies individuals in various e-business and security skills. It is the owner and developer of the world famous Certified Ethical Hacker (C|EH), Computer Hacking Forensics Investigator (C|HFI) and EC-Council Certified Security Analyst (E|CSA)/License Penetration Tester (L|PT) programs, and various others offered in over 60 countries around the globe.