|
| Information Security This Week (EU-IST) | ||
| Published | 02 March 2006 | |
| Editor | Urs. E. Gattiker | |
| ISSN | 1600-1869 | |
| Related Links |
Download Firefox plug-in for customising Google extension to https for sending and reading email on the web |
|
| Public hotspot - reading mail securely at the coffee shop with your web browser - nice trick | ||
| There are companies that provide email primarily through web browsers and most provide a secure (https) page for logging in to check email, but that's it. Accordingly, while your password will be safe, however, none of your emails will. In fact, reading and writing emails is done using plain http, which means that everything is sent in the clear. To illustrate, Gmail doesn't use https for reading emails (it does use it for logging in, though). Once the Firefox extension is installed (see link below), go to: |
||
| - Tools, CustomizeGoogle Options. - Go to the Gmail tab and make sure that "Secure (switch to https)" is checked. - finally, press OK to close the window, and you're done. |
||
| From now on, it will be possible to log onto Gmail on an https page and, most importantly, this will enable one to send and read email on https pages as well. To install this plug-in for Firefox (it only works in Firefox): |
||
| TIDBIT 1 The solution described above is pretty neat indeed because one does not have to think about it again. All that said, it is possible to switch to https once logged into Gmail by simply clicking in your address bar, changing the http to https, and then loading the page. Now everything is secure ... as long as you don't close your browser. If you do, you need to manually change to https again, and again. This solution is perfect for a labtop which does not allow you to install any plug ins etc but if you have the rights, the Firefox plug in is a good way to better secure reading and sending e-mails using a web browser. TIDBIT 2 Hotmail offers a "secure mode" that uses SSL, but by default you login at an insecure http page, just like you do with Yahoo! - which isn't good. For either service you can click on the tiny "Sign in using enhanced security" or "Submit over SSL" link. Worst is that, unfortunately, all other email actions - reading and writing - are strictly http only, with no possibility for https. That's pretty terrible. If you access mail through a web interface provided by your ISP, you need to look and see if it supports SSL. If you're not sure, call and ask. If they support it, use it; if not, use something else such as Gmail which is free. |
||