My original questions were general to leave the door open to a lot of different perspectives. I tend to think that if someone has the technical skills to hack into an ISP, then they would likely automate the process of looking for valuable text (i.e reviewing only messages that include words like "confidential") through the thousands of messages passing through. After collecting what they want, they still have to determine how "valuable" the information is. And it requires a completely different skill set (not necessarily a good skill set) to actually do something with the information that they intercepted.
Either way, if you have a choice of hacking encrypted traffic or unencrypted traffic, it's not like your sitting at your desk and reviewing the messages as they pass by. Instead I would presume you begin your activity, come back in a few hours and see what you got. If your hardware is normal, you won't be able to break well encrypted code. If you capture lots of "password protected" spreadsheets and docs, then you probably have an evening of entertainment to look forward to, but still may or may not do anything with the results. After all, you just concluded an illegal activity. Thanks for all your replies. I think I have a better understanding of the risks now. Dave Bujaucius -----Original Message----- From: Steve [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 27, 2002 7:47 PM To: [EMAIL PROTECTED] Subject: Re: Unencrypted Email Jus a quick question about your theory... Would you use the same argument for SSL for say, internet banking. I seriously wouldn't want to know that when connecting to my local bank that there are hackers sniffing SSL particularly just for passwords just because, regardless of wether it be a bank, the traffic is SSL. Just a different perspective. Karma ----- Original Message ----- From: "Kevin Crichton" <[EMAIL PROTECTED]> To: "veins" <[EMAIL PROTECTED]> Cc: "Dave Bujaucius" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, February 26, 2002 7:27 PM Subject: Re: Unencrypted Email > I know people may be worried about sending unencrypted email over the > internet, but some critics point out that if you send out encrypted > email it is more likely to come to the attention of those parties > interested in users using encryption since they would reason that people > using encryption have something to hide, even when all they want is privacy. > > Yours, > > Kevin Crichton PhD (St. Andrews), MCSE > ICL, Lytham > > veins wrote: > > > > > It is common knowledge that unencrypted messages sent over an unsecured > > Internet connection *can* be viewed in clear text and thus the contents > > compromised. My questions: > > > > 1. Is it really easy? How readily available are sniffing tools that > > can do this? > > > > Any common sniffing tool can allow to do that, sometimes with minor > > alteration. > > > > 2. Can it be done from a user's home dial up or DSL type connection? > > Can someone in California somehow be scanning mail leaving a New York > > location? > > > > basically, someone would need to compromise one of the mail servers between > > the sender and the recipient, so yes it is possible, but no it's not > > possible for > > everyone. > > > > 3. Outside of government agencies that have access to selected ISP's, > > how likely is it that a company could be targeted by an outside person > > or organization? > > > > it still depends on wether or not a mail server is compromised somewhere. > > > > veins > > > > > > > > > ************************************************************************ **** ************ > This message is confidential, its contents do not constitute > a commitment by AXA except where provided for in a written agreement > between you and AXA. > Any unauthorised disclosure, use or dissemintation, either whole > or partial, is prohibited. If you are not the intended recipient of the message, > please notify the sender immediately. > ************************************************************************ **** ************* > > >
