Systems Engineering

Are people reading what you write (without asking)? Part 1

June 2, 2008

  • Guest Blogger

When connecting to remote systems, it’s often easy to overlook a very simple fact;  many methods of communication are not protected in any way, shape, or form.  Even as you read this post, the data is being sent in cleartext and anyone with the desire to watch over your shoulder, can.  Data is the foundation of the internet and businesses in general, and not all of it is a big deal if someone else gets it.  However, there is a lot of information that should be protected, and there are a lot of ways to protect it.

First, a common example and, hopefully, some answers.  Let’s start with probably the #1 offender: Instant Messaging.  IMs have exploded on the internet in the last few years as a great, simple way for people to talk (ok, type) to each other.  Here is the problem.  Odds are very good that your message to your wife with your account information for the bank website was sent in the clear because you aren’t using any encryption.  Yes, most IM technology has no concept of secure communication at all, so everything you type is like talking on a party line; anyone that’s listening can hear it, too.

Now, depending on what IM system you are using (AIM, Yahoo!, MSN, etc), there are different ways to deal with this one.  Some of them may have an encryption option built in, which is a lot more rare than it should be.  Because of this, there are some third-party IM client solutions.  One of the more popular IM clients is pidgin. Not only does it allow for multiple messaging protocols (because you can’t get all your friends to use the sameone), but it’s available for most Operating Systems, and has more than one encryption option available as a plugin.  If you primarily use AIM, then the OTR plugin is probably what you want.  Adium (the MacOS native IM client based on the pidgin libraries), has OTR built in.  The pidgin-encryption plugin is another option that has been around almost as long as pidgin.

Unfortunately, this is just one of many potential examples/solutions.  Do a little research into whether or not your favorite IM client or protocol has any way to encrypt your messages.  The real point is just to be aware that what you are sending is probably vulnerable, so don’t send anything that you deem to be important without setting something up first.