Last Updated: 2012-02-07 02:18:33 UTC
by Johannes Ullrich (Version: 1)
Recently attacks by the "not so sophisticated persistent threat" focused on e-mail security. In many cases, e-mail credentials were either brute forced, or retrieved from compromised databases (in some of these cases, password re-use was a contributing factor).
During Wednesday's threat update webcast, I would like to do a segment focusing on e-mail security, and was wondering what our readers do to secure e-mail. Some of the challenges I see:
- the use of "cloud based" e-mail services like gmail.
- mobile access to e-mail
- access to e-mail from multiple devices
- e-mail encryption and authentication (PGP/S-Mime)
- e-mail forwarding security (if someone has e-mail forwarded to a personal e-mail address)
Please let me know if you have any novel ideas to address these problems that I should cover, or if you would like me to cover any additional questions.