Re: Newsgroup filtering with host server software

X-No-Archive: Yes

"Sebastian G." <seppi@xxxxxxxxx> wrote in message
news:5tinlbF1d6lf7U1@xxxxxxxxxxxxxxxx
Chilly8 wrote:

But if the company sets
up an SSL mail server on a odd port, the authorities in thouse countries
will not be able to figure out what you are up to when you try and
access an SSL-encrypted mail server back at company headquarters.
The government censors would see a bunch of encrypted packets
going out on a strange port, but they would not be able to figure out
what you were up to.

Please take a short lookup on the term "man-in-the-middle attack".


You could double-encrypt it. If you have a broadband connection
at home, you could set up an encrypted connection, that would
first encrypt on your home server, and then encrypt over that,
when going to the company server. Currnently there are three
countries worldwide, Syria, Saudi Arabia, and Myanmar, that
block Hotmail, Gmail, etc, etc, at the national level, as well
as all port 25 and 110 mail traffic to and from servers outside
the country. But this method of double-encryption would even
foil man-in-the-middle attacks. The MOTM would decrypt
the first level of encryption, but not the second.

I use heavy encryption when I go to China to broadcast
figure skating events, becuase China is one of a handful
of countries that block Skype, and I use that to take incoming
calls for the talk show I run. I have an encrypted proxy
that requires a small client program to be run. I run that,
then change the browser settings to my that proxy, and
connect to Skype through that. This is a proprietary
encryption system, impervious to MOTM attacks.
So the people monitoring the "Great Firewall Of
China" will have no idea what I am up to, since I
am using a product with a non-standard proprietary
encryption, that supports Socks and HTTP. They
would know I was making a connection to a strange
address, using an strange encryption routine that MOTM
attacks could not decode, but thre is no POSSIBLE
way the censors at the Great Firewall Of China could
POSSIBLY known that I was taking incoming calls
via Skype. I have been to China twice, since I switched
my stations phone service to Skype in 2006, and
have NEVER had problems using my encrypted proxy
to use Skype. I was there for the Winter Asian Games
in January of this year, and for Cup Of China in
November. Thats another option, if you have to use
services, for your work, that may be blocked in the
country you are travelling to. If you use a non-standard
encryption system that cannot be decoded through a
standard MOTM attack, then the government censors
cannot figure out what you are up to.

And if your company's mail server also uses encryption,
using a program like that will, like I said, encrypt it
twice, so that even if they could get a man in the
middle attack to work, theuy would only uncover
ONE layer of encryption at best.


.

Relevant Pages

  • SSL E-mail - was Re: When do you turn off your Ubuntu boxes?
    ... what do you use for the mail server? ... encryption is necessary because I do everything on localhost. ... SSL only works if both ... was much that could be done to secure mail on the way out other than ...
    (Ubuntu)
  • Re: encryption
    ... your PC is on, the encryption is useless... ... containing sensitive data? ... The end result email would have to have some kind of decryption client ... The goal is to have the encrypted text on the mail server and decrypt it ...
    (Ubuntu)
  • [opensuse] Re: Implementation of Private & Secure Mail Server & Mailing Lists Manager
    ... it decrypts it using existing subscriber's private key stored in SQL ... Then the Mail Server encrypts this message with the Mailing List ... You are tying to solve a non-technical problem with encryption and your ... and having wrong security is worse than no ...
    (SuSE)
  • Re: Digital ID problems
    ... There will be some additional headers in the Inbox, ... "Received;" headers which are inserted by each mail server that the ... encryption password is used (I use strong encryption requiring ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: is pptp via VPN secured ?
    ... products containing strong encryption. ... encryption import countries' ... have an enterprise CA, which issued the machine certificates for the VPN, ...
    (microsoft.public.windows.server.networking)