Whilst I don't intend to get into a shouting match on an issue which is
probably only of borderline interest to the readership of this list, I think
this is somewhat misleading. No ISP which has a direct connection to all
other ISPs worldwide. There will thus be a number of relaying servers, as I
suggested in my original posting. Each of these will have a number (which
may be large) of administrative staff who can access email passing through.
Whilst I acknowledge that in the general course of events email is only
resident on these servers for a short while, there is absolutely nothing to
stop it being intercepted, copied to be read at leisure, edited, forwarded
to other person(s) etc. etc. Many of these activities will be completely
undetectable by the original sender or recipient. There are also other
weaknesses in the delivery mechanism of email which are beyond the scope of
this list.
The age-old analogy of a postcard is still relevant. A postcard will go from
the initial post-box or out-tray, through a number of sorting offices,
eventually (hopefully) to be delivered to its final recipient. The
possibility exists of someone at any stage of delivery (a) stealing it, (b)
photocopying it, (c) altering it, etc.
Tim
--
Tim M. Wright
Director - Technology Audit
Charles Schwab Europe
Tel: +44 190 852 7793
Mobile: +44 7932 669 074
Fax: +44 190 852 7593
-----Original Message-----
From: Chris Bayliss [mailto:[log in to unmask]]
Sent: 02 October 2001 15:29
To: [log in to unmask]
Cc: [log in to unmask]
Subject: Re: Security Issues
Whilst it may be common practice in your company to allow
hundreds or
thousands of folk administrative access to your mail
servers, this
certainly does not reflect the level of vulnerability of
email on most
of the rest of the Internet.
Typically the message goes from the sender's PC to their
company's mail
server then to their ISP's server - the message then passed
to the
receiving ISP's server, then company server then PC. There
are
variations - small companies may send direct to ISP and
larger ones won't
use the ISP server.
In each case, unless the people running the systems are
particularly lax about
security, email could only potentially be read by the few
people who have
sufficient access to maintain that server, not hundreds or
thousands of
folk. Furthermore, on many relaying servers messages will
only be present
for a fraction of a second, or perhaps a few minutes,
allowing little
opportunity to read them.
This is probably as few as if not fewer than the number of
people
who typically handle a letter, when taking into account all
the stages in
collection and delivery in a typical organisation.
>
> Apologies if grandmothers and eggs are relevant at this
point.
>
Old wives and tales would probably be more relevant.
Chris Bayliss
_______________________________________
WARNING: All e-mail sent to or from this address will be received by
the Charles Schwab Corporate E-mail system and is subject to archival and
review by someone other than the addressee.
Charles Schwab Europe.
Cannon House, 24 Priory Queensway, Birmingham B4 6BS, United Kingdom.
Charles Schwab Europe is a member firm of the London Stock Exchange and LIFFE and
regulated by The Securities and Futures Authority
Registered Office: As Above. Registered in England No. 2092410 VAT Registration No. GB 486 894471
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
