Una de las cosas que se deben hacer, cuando uno ha desarrollado su website y lo ha publicado convenientemente en algún lugar del Ciberespacio, es decirle a los buscadores más usados y meritorios que nuestro site está ahí. Por ello es indispensable la indexación de éste.

Los buscadores más usados, variando sustancialmente su nivel de penetración en la Red, dependiendo del país donde nos encontremos, son Google, Yahoo! y Bing. Siempre por este escrupuloso orden.

Para indexar nuestra web en Google deberemos ir a este enlace, y allí teclear nuestra convincente url. La dirección para añadir nuestro site al directorio de Yahoo! será esta. Importante es saber que para este último caso creo que hay que tener un ID y password de Yahoo!, por lo que hay que estar anticipadamente registrado en su portal. Lo cual ha hecho que pase descaradamente de mandar este blog a su base de datos. Eso y que su motor apesta descaradamente a perdedor de vieja hornada. No en vano Micro$oft se lo fagocitará un día de estos para darle un mejor uso.

Finalmente tenemos al novedoso y excelente Bing —en estado beta—, quien ya tiene el 10% de cuota de mercado en USA, a costa de comerle terreno al paupérrimo Yahoo!, a quien le salva únicamente sus comunidades tipo Flickr y su webmail. Para añadir nuestra web a Bing deberemos ir a esta dirección.

No es indispensable u obligatorio realizar la indexación manualmente para que los dichosos buscadores nos introduzcan en su extensa base de datos. Pero si es esta una forma adecuada de ayudarles a realizar una tarea de la cual se haría cargo un bot (robot). Y ya se sabe, nunca mandes a un humano a realizar un trabajo de una máquina. ¿O era al revés? —Sr. Smith dixit.

Birkaç gündür müşterilerimizden outlook üzerinden mail atamadıkları şeklinde şikayetler alıyoruz. Ben de bu konuda bir yazı yazarak bu konuda bilgi vermek istedim.

Eğer sadece mail atarken sorun yaşıyorsanız, ki bizim müşterilerimiz bu konuda sorun yaşıyorlar, bunun nedeni büyük ihtimalle SMTP portunun yanlış ayarlanmasıdır. Eğer webmail üzerinden mail atabiliyorsanız, bunun nedeni kesinlikle SMTP portudur. Türk Telekom geçtiğimiz günlerde SMTP portunu 25 yerine 587 ile değiştirdi. Bunun nedeni maillere çok sık spam ve virüs gelmesi. Bunu düzeltmek için outlook’ta araçlar(tools) sekmesinden e-posta hesaplarını(email accounts) seçiniz. Burada çıkacak ekranda varolan hesapları görüntüle ve değiştiri seçiniz. Gelen ekranda hesabınızı seçiniz ve değiştir deyiniz. Karşınıza hesabınızla ilgili bilgiler gelecek. Bunlar doğru ise alttaki diğer ayarlar butonuna basınız. Yeni bir ekran karşınıza çıkacaktır. Burada gelişmiş sekmesini seçiniz ve 25 olan SMTP portunu 587 ile değiştiriniz.

Eğer buradaki port 587 ise değiştirmeyiniz. Bunun yerine giden sunucu sekmesinden “Gelen sunucum (SMTP) için kimlik doğrulaması gerekiyor” kutucuğunu işaretleyin. Bundan sonra tekrar mail atmayı deneyin. Büyük ihtimalle mail atabileceksiniz. Eğer hala atamıyorsanız SMTP portunu 25 yapıp bir kez daha deneyin. Yine olmazsa mail hesabınızı barındıran şirketle irtibata geçmenizi tavsiye ederim.

*Bu anlattıklarım Outlook 2003 için geçerlidir ancak diğer Outlook versiyonlarında da yaklaşık olarak aynıdır.

Gmail adalah penyedia layanan surat elektronik (email) gratis milik Google yang diluncurkan pada tanggal 31 Maret 2004. Gmail sampai saat ini masih dalam tahap beta.

Membuat Akun di Gmail

1. Buka alamat berikut http://www.gmail.com

2. Klik Buat Akun, sehingga muncul tampilan sebagai berikut. Kemudian masukkan biodata Anda dan klik Saya Menerima, Buat Akunku.

3. Jika terjadi kesalahan maka akan muncul halaman kesalahan seperti gambar di bawah. Biasanya account tersebut sudah dipakai oleh orang lain atau terlalu pendek.

4. Setelah berhasil membuat akun, lalu klik Tampilkan Akunku, untuk masuk account Anda di Gmail.

Fasilitas yang disediakan

Gmail juga mengaplikasi teknologi pencarian Google yang memudahkan penggunanya mencari sesuatu dari email mereka. Gmail juga menampilkan iklan yang didasarkan dari email yang diterima pengguna. Iklan tersebut hanya diperlihatkan ke pengguna Gmail dan tidak dikirimkan ke alamat eksternal.Gmail dapat mengirimkan attachment (lampiran) sampai 20 MB per email.

Salah satu dari hal baru yang ditawarkan Gmail adalah penyortiran email dalam bentuk “Conversation view”. Dengan begini email yang diterima akan diurutkan dalam bentuk percakapan, sehingga semua balasan dan topik tidak terpisah-pisah. Hal ini bisa membuat pengguna mudah untuk melihat email yang mereka dapat. Gmail kadang salah mengira email mana yang harus dikelompokkan bersama-sama, namun hal ini sudah jarang terjadi.

Salah satu perubahan baru adalah kemampuan untuk melabeli email. Sebuah email dapat mempunyai lebih dari satu label. Fitur ini berguna untuk menyortir email sesuai dengan label yang diberikanya, Google juga dapat memberikan label secara otomatis dengan sebuah filter.

Got an ‘urgent’ email today from ICS about webmail being upgraded to Novell Groupwise webmail version 8. Obviously so urgent it has to be done tomorrow. New features: “auto-save of work in progress, the ability to customize email messages and an improved calender graphical interface”. Right, my dissection:
* Auto-save. Fair enough, but I’ve survived so far without it (doesn’t Firefox do that anyway? Yes, it does, I had to restart when I realised the en-gb dictionary wasn’t installed.)
* “customize email messages” – what, I can, like, waste time fiddling with options that I’ve coped well without so far? Maybe if it allows real HTML mail (hyperlinks primarily) it could be of use (but I can use the desktop client if needs be), as long as it’s not a bogged down speed. If I want a really slow client, I’ll use the Groupwise desktop client (I’m looking at you java/v7 for Linux!), thank you very much!
* “improved calender graphical interface” – what, changing the window dressing will make me find/use it?

Well, what I’d really find useful is an m.wordpress.com type equivalent to webmail. And if it doesn’t kick you out if you restart/kill the browser.

Looking at the Novell Groupwise comparison, I hope that webmail hasn’t been bloated to infinity and back, or I’ll have to find a lean, portable IMAP client to hide the monstrosity…

Pardon my scepticism, I’ll see tomorrow if it lives up to reputation…

Keg party ends in gunshots [The Daily Helmsman, The University of Memphis]

NASA grant funds lunar living research [The Informer, University of Hartford]

NSIT to implement e-mail forwarding, new Web portal [Chicago Maroon, The University of Chicago]

Turnout drops for Drop Fees [The Varsity, University of Toronto]

Delta Chi brothers serve all-you-can-eat pancakes, cheaply [The Pitt News, University of Pittsburgh]

Cet épisode a également remis en question la politique de l’éducation numérique française en général et l’enseignement supérieur en particulier. Alors que nous avions dit et promis par l’ORL, l’espace de travail numérique célèbres! Si Microsoft, Google et Consors pour prendre soin de nous, c’est un aveu d’impuissance et de résignation. Sans compter que, dans l’intervalle constaté que les réseaux sociaux seront probablement ENT stigmatisation des rares qui avaient encore des difficultés à mettre cette (Facebook est-elle la prochaine grande société américaine à venir frapper aux portes de nos universités). Nous pouvons clairement voir comment le public ne peut pas (ou plus) contre le secteur privé, et il est très inquiétant pour ceux qui restent attachés à la notion de propriété commune. L’exemple le plus récent est le risque que nos bibliothèques publiques numérisées par Google … et non la nôtre.

C’est ce que je vous laisse avec ce traité que j’aime les mains des élèves surpris des propositions, mais reconnais que ce contrat mai certains avantages à court terme, mais tout le monde finit par ralentir à long terme. Descartes Paris vend ses élèves à Micro $ oft! SNESup – Octobre 2009 – Tract de l’université se prépare à un accord avec Microsoft pour utiliser les services de colis peinture Live @ edu. Il a été affecté à Microsoft étudiant webmail et les bénévoles du personnel. Une offre alléchante: gratuit, sans publicité, avec 100 Go chacun, un logiciel de chat, un espace de stockage personnel, l’accès au package Office Web … et il est compatible avec Linux, MacOS, Firefox! What else?

Avec ce projet, les avis étudiants universitaires un meilleur service webmail que l’offre actuelle à un prix inférieur à ce que nos ingénieurs peuvent faire. Mais les histoires de l’externalisation est toujours le même: avant de signer le contrat, tout est rose, après la signature d’un haut prix que vous payez. Un service a un coût, le long terme, nous allons payer Microsoft: Microsoft est un géant, nous allons imposer des conditions si elles le souhaitent. Pour faciliter l’accès des étudiants à la suite Office Web est un cadeau empoisonné. Au lieu de la formation des utilisateurs les plus expérimentés d’ordinateurs, se prépare à l’université de la consommation dépend de produits Microsoft. En quittant l’université, deviennent dépendants, ils achèteront la vente de produits de même. L’université est levée sa mission de formation pour les intérêts commerciaux d’une entreprise à servir. Aujourd’hui, les ingénieurs et les enseignants de Paris Descartes apprendre l’ordinateur via le logiciel libre: chacun peut et utilisation des nouvelles technologies et temps libre. Aurons-nous encore cette liberté quand Paris Descartes sera pacsee avec Microsoft?

]]> http://regio.wordpress.com/2009/11/07/idea-enviar-archivo-por-webmail-rapido/ Sat, 07 Nov 2009 05:17:27 +0000 dregio http://regio.wordpress.com/2009/11/07/idea-enviar-archivo-por-webmail-rapido/

Tengo un archivo en mi compu que quiero enviar a alguien. Hago clic derecho sobre el archivo, elijo “Enviar a…”, “destinatario de correo”… Y se abre el Outlook, pero yo uso GMail! ¡Argh! ¿Cómo hago?

Los proveedores de correo web deberían incluir una pequeña utilidad que permita facilitar esto, y que “Enviar a… destinatario de correo” abra en el navegador la página de redacción de nuevo mensaje, adjuntando automáticamente el archivo.

¿A mí solo me parece obvio?

A practical add on to get your mails on your browser.

Gmail, Hotmail, Yahoo,…..all the new mails are available with notifier.

you don’t need to sign up each time.

(Be sure that you use your own PC / User Account. Don’t use it in a shared account!)

get it:

https://addons.mozilla.org/en-US/firefox/addon/4490

oxmail.de kostenloses email postfach

oxmail.de eine noch unauffällige seite bietet sehr guten Mac support !

oxmail bietet ein email postfach mit webdisk (webspeicherplatz für datein) einen Organizer und massig Einstellungen zu pop3, Weiterleitung. Ein Pda/Mobil Zugang ist auch vorhanden Interessant fand ich den Bereich Software dort ist mir direkt

Mac OS X (Mailprüfer)
Hier können Sie den Mailprüfer für Mac OS X herunterladen. Wir empfehlen Mac OS X 10.5 oder höher.

aufgefallen ! Nach dem Installieren steht mir in MacOS ein Icon zur Verfügung mit dem ich meine Emails prüfen kann, eine neue erstelle oder die Mailbox aufrufe.

oxmail.de MailChecker macosx

There are 2 important things you should know about your new Managed Solutions email account.

1. Your spam quarantine is by default only accessible via the webmail interface.
2. You have flexibility if you do not like the default Spam quarantine options.

Step 1 – Login to Webmail – Point your browser to https://webmail.managedsolutions.com
Step 2 – type the email address of your account and password provided. Contact us if you’ve forgotten or lost your password.

The webmail looks something like this:

Once logged in you will know if there are unread messages in your Spam quarantine by looking at the folder on the left hand side under Email Folders something like this:

In this example there is one unread message in the inbox and 116 messages in the Spam Quarantine. You can then click the Spam folder to manage those messages. The interface is fairly intuitive. Should you decide you wish to modify the Spam Quarantine options, access the Settings button all the way on the top right of your browser window (just above search).  Select the Spam Settings Folder and make the adjustments that you favor. Be sure to click save if you do make a change.

We hope you’ve found this article to be helpful. Let us know if there is anything we can do to improve it.

Sono sempre di più i siti che, quando visitiamo lo loro home page ci  salutano per nome,quasi come se a quel indirizzo fossimo ormai di casa. Eppure non ci siamo mai registrati , ne abbiamo mai fornito altri dati personali. Come è possibile? L’arcano mistero è presto svelato. Quando navighiamo su internet lasciamo sempre delle tracce che, se seguite permettono di risalire alla nostra identità. Può sembrare un problema da nulla , ma non lo è affatto .E’ un pò come avere sempre alle spalle qualcuno che ci spia e sa tutto quello che facciamo durante le nostre navigazioni. Per fortuna non è difficile difendersi , ma prima di farlo dobbiamo conoscere bene il nostro nemico.

SIAMO TUTTI SCHEDATI

Ogni volta che ci colleghiamo a Internet ,il nostro Provider ci assegna un indirizzo IP,ovvero un gruppo di quattro numeri ,compresi tra 0 e 255, e separati da un punto ( ad esempio 217.201.196.16) A qualsiasi nostra azione compiuta in rete viene associato questa sorta di codice personale .Un indirizzo IP ‘ univoco e permette di identificare in ogni momento l’intestatario della linea telefonica usata per connettersi a Internet. In linea di principio ,soltanto i Provider e le autorità giudiziarie possono associare un indirizzo IP a una persona fisica .In realtà ,basta compilare un modulo di registrazione con i nostri dati per fornire di fatto all’amministratore di un sito la possibilità di identificarci e capire chi siamo , sul momento e in futuro anche mediante l’utilizzo di altri strumenti di controllo ,come i famigerati Cookie archiviati dal Browser , che tengano traccia delle nostre abitudini in rete. Non sono pochi ,poi i siti Web che vendono tutte le informazioni che hanno sul nostro conto ad aziende specializzate nelle ricerche di mercato che utilizzano a loro volta per inviarci pubblicità mirata tramite fastidiose finestre Popup.

RENDIAMOCI IRRICONOSCIBILI.

Per difendere il nostro anonimato , basta camuffare l’indirizzo IP assegnatoci dal Provider e mostrarne uno diverso ai siti Web che visitiamo. Occorre però camuffare adeguatamente il Browser, usando ad esempio i cosiddeti  Proxy, dei particolari dispositivi che fungono da intermediari tra il nostro sistema e il sito che vogliamo visitare, scaricano per noi le pagine nella loro memoria interna e solo dopo le inviano al nostro computer. Tutto questo “traffico” risulta completamente trasparente ai nostri occhi , ma permette di proteggere in maniera abbastanza efficace la nostra identità, in quanto al sito internet visitato risulterà solo l’indirizzo IP del Proxy e non il nostro.

LA RETE? E’ ANONIMA !

L’utilizzo di un semplice Proxy , per quanto efficiente non basta però a garantire il perfetto anonimato in Rete: basta infatti scardinare le misure di protezione per scoprire cosa fanno gli utenti che lo utilizzano e soprattutto chi sono. Per superare anche queste limitazioni  esiste il progetto TOR ( The Onion Routing)

Si tratta di una rete di comunicazione che permette ai suoi utilizzatori di difendersi dalla cosiddetta “ analisi del traffico” che consiste nel monitorare le nostre connessioni per scoprire cosa facciamo su Internet.Il funzionamento di TOR riprende quello dei Proxy , migliorandolo significativamente. L’dea alla base del progetto è semplicissima: perché usare un solo Proxy ,quando possiamo utilizzarne tanti ? I questo modo , le nostre richieste per il caricamento di un sito Internet passano attraverso almeno tre “intermediari” , chiamati in gergo Relay , in modo tale che nessuno malintenzionato in grado di spiare un solo punto del percorso possa capire dove sia diretta la richiesta e, soprattutto da chi è stata effettuata. I dati scambiati fra i diversi Relay , sono cifrati e ognuno conosce solo quale Realy gli ha passato le informazioni e a quale inoltrarne , senza sapere chi ha dato vita alla richiesta di tale informazioni., cioè il nostro computer. In questo modo anche se un Relay venisse compromesso , sarebbe impossibile a differenza dell’utilizzo di un singolo Proxy , risalire alla nostra identità. Tutta la rete TOR , inoltre è strutturata in modo da modificare automaticamente ogni 10 minuti il percorso seguito dai nostri dati , per evitare che qualcuno possa collegare le azioni che noi effettuiamo su Internet

E SE NON BASTA ANCORA………

L’aver camuffato il nostro indirizzo IP non ci mette ancor al riparo da altre pericoloso minacce: Cookie ,e codici Javascript malevoli sono sempre in agguato .Brevemente si tratta di semplici file di testo archiviati nella Cache dei Browser dai siti internet visitati e in cui vengono memorizzati alcuni nostri dati personali .I questo modo , viene facilitata la navigazione , evitandoci ad esempio la seccatura di doverci identificare ogni qualvolta usufruiamo dei servizi offerti. E fin qui , non ci sarebbe niente di male nel loro utilizzo. Il fatto è che i cookie permettono di associare l’indirizzo IP alla nostra identità. E se pensiamo a quanti Banner pubblicitari ci sono sui vari siti Internet e a tutte le aziende senza scrupoli che si nascondono dietro , è evidente quanto poco rispettata sia la nostra privacy. C’è poi da tenere in considerazione il fatto che ogni volta che clicchiamo

un link all’interno di una pagina Web , il nuovo sito internet può conoscere esattamente l’indirizzo di quello da cui proveniamo , il cosiddetto Referer. E la stessa cosa può succedere anche quando clicchiamo su un collegamento presente in un messaggio di posta giunto alla nostra Webmail. Un malintenzionato capace di metter emano al codice HTML delle pagine Web può iniettarvi dentro dei pezzi di codice Javascript in grado memorizzazione dei cookie nella cache del Browser e disattivare l’esecuzione di codice Javascript . Ma in questo modo dovremmo rinunciare a molti servizi , animazioni e contenuti multimediali presenti sui tanti siti legittimi e “FIDATI” sparsi per la rete. La soluzione ? Usare due Browser : il primo per la navigazione tradizionale , il secondo io consiglio Firefox , opportunamente configurato per muoversi in anonimato e senza lasciare traccia .

Domani leggerete come configurare Firefox ( in abbinata a THOR ) per non lasciare tracce

Yahoo! seem to have the knack of putting their collective foot in it.

I was checking my Yahoo profile, wondering why the picture had disappeared from it, and why some users of YahooGroups mailing lists I run were being told suddenly that they were not authorised to post.

Then I saw they offered to import addresses from other providers, and thought I would try that, since I haven’t updated my Yahoo contacts list for three years or more.

They had a third party to do the transfer.

The third party asked a few questions:

1. Do you want us to tell everyone you’ve switched to a new Yahoo address? (No)
2. Do you want to change all your e-mail to your new Yahoo address? (No)
3. Do you want to copy your address book to your Yahoo address? (Yes)

So what do they do? They do 1, which I did not ask them to, and did not do 3, which I did ask them to do. They sent a message to everyone in my Gmail address list, telling them I have a “new” Yahoo address, and asking them to change to that in their address book.

I do not have a new Yahoo address, I have a very old one, which I’ve had since 1996. I found Yahoo mail very unreliable, so I switched to Gmail for web mail. At one point, in 2006, I lost access to my Yahoo address for 6 months, and could not log in to it. When access was restored, all my archived mail had been deleted (that happens if you don’t log in for more than three months). Since then, about 99,5% of the messages at my Yahoo address have been spam. I read it about once every 3-4 weeks, and delete the accumulated spam. So if you send me a message to the Yahoo address, I’m not likely to read it soon, and it might not stand out from the spam, so I might inadvertently delete it and never read it.

For web mail, I still prefer Gmail to Yahoo because:

1. It has a less clunky user interface
2. It puts the signature at the end of the message where it belongs — Yahoo have taken to putting it at the beginning.
3. It has a much more efficient spam filter — 99,5% of my Yahoo mail is spam, 99,5% of my Google mail is not spam
4. Yahoo have proved unreliable in the past, and I don’t trust them since the time that my Yahoo  mail didn’t work from July to December 2006 and they lost all my archived messsages

So now I had to send messages to all the people in my Gmail address list to tell them that the message they had received about my change of address was a hoax, and that they should not put my Yahoo address in their address books, because if they sent me a message there I might inadvertently delete it along with all the spam.

It was easier said than done, because there were errors in the Gmail address list, and I’d got up to “L” in the alphabet when Google informed me that I’d sent too many messages already, and must wait 24 hours before sending any more, as part of their anti-spam policy. So now the people from M to Z are sending me messages to say that they have changed my address in their address books. They’ll have to wait for tomorrow for my message informing them that it was a hoax, and they shouldn’t bother to change it, or rather, they should go through all the bother of changing it back again!

And, what is more, the hoax message sent out by Yahoo’s third-party group Trueswitch, was sent out with Lazy HTML. Lazy HTML is a trick used by spammers and distributors of malware. Some legitimate organisations, who don’t know any better, also use it for newsletters and things like that. But legitimate or not, I delete them unread, because my mail reader is set not to display the links.

This is the message my mail reader displays when I receive messages with Lazy HTML:

Message contains potentially dangerous “Lazy HTML” data

This message contains data that includes references to items that are not present on your computer — typically graphics or frames stored on a remote system on the Internet and accessed using HTTP URLs.

This type of message, called “Lazy HTML” can represent a privacy or security risk, for the followingt reasons:

• It can be used to send information about you without your knowledge, including the fact that you read the message, when you read it, how often you read it, whether or not you forwarded it, your computer’s IP address and more.
• It can be used to download unauthorised programs to your computer. This is a common vector of attack for viruses and Trojan horses.

Pegasus Mail protects you completely from any problems associated with this kind of data, because it never downloads remote-linked items by default. A side-effect of this is that that remote-linked graphics in the message will display as grey boxes in the Pegasus Mail message reader.

So instead of trying to puzzle out what might be in the grey boxes, I just delete it unread. Trueswitch sent out a hoax spam message in my name to everyone on my Gmail address book, when I specifically hadn’t asked them to, and used the spammers trick of writing it in Lazy HTML.

So if you’re on Yahoo, and you see tempting offers to import your address books from elsewhere via Trueswitch, be very, very careful. And be prepared for some unasked for and unexpected consequences. It’s not simple like importing it into Facebook or MySpace (though even that has dangers), but does much more.

1 Set your e-mail filters, many webmail providers you can actually get the opportunity to receive only e-mail from certain addresses that you approve. You can have as much as you want on this list. Always from a transmitter, the filter is rejected. 2 It should give everyone pamper your e-mail is like your phone number. You wouldnt be free to give your number to anyone, so it is not so liberal with your webmail. In many cases, much of the garbage that you receive is actually the result of your address when filling out forms (IE Competitions, games, etc.), introduction to online newsletters of subsidiary companies, posting on a website, etc. 3 Select all spam messages as spam, you can make from a sender you do not hear as spam, which means that you no longer wish to see, nothing is sent by that person in your inbox label. 4 – Use the Delete Never forget the power you need to delete all the messages! Removal takes less than one second and never open an e-mail before sending it to the Trash. 5 Use the Find an e-mail to know what it is, you spam, it will face, really annoying, you can always see a reverse lookup email search email address, so if you can find out who is behind them. This source can tell you interesting details about the sender, including IP address, name and other contact their ISP. You really have to complain about the spammers ISP and inform them about their activities. You can take action and remove these people are like messages of this kind often junky account banned.

Most office workers are familiar with the concept of “webmail”. It allows the employee to access their email from any web browser, on any internet connected PC. This gives staff flexibility, may remove the need to supply some staff with a laptop and allows access anytime and anywhere – for example, on holiday (if they are keen). Webmail looks similar to email in the office and allows the user access to their inbox, calendar and attachments.

Technical configuration is fairly straightforward – encryption is provided by the same type of system used to secure web-banking, and users get logged in either by using their office username and password, or occasionally a more sophisticated mechanism like SecurID (little fob with changing numbers). All major email packages include a webmail server and it’s straightforward to configure.

It is cheap to provide, easy to use, and popular with staff.

Some clients cannot accept the risks of providing a “vanilla” webmail solution. Why not?

The stereotypical answer of “security” is often used. But to understand why this answer is used, it’s necessary to look at aspects of a webmail system.

Firstly, the encryption. As the data travels across the public internet and untrusted systems, it’s necessary to encrypt it. This encryption is a flavour of “SSL” or Secure Sockets Layer – websites identified by a padlock and starting with https in a web browser. This is the exact same technology used by online buying and banking.

Whilst for most intents and purposes SSL is pretty secure, some organisations do not consider it secure enough, and if you are a man-in-the-middle you can potentially read encrypted data quite easily.

The other challenge is the “endpoint” – otherwise known as the PC or laptop. With a organisations own PC it’s possible to be reasonably confident that software patching is up-to-date, there’s no malware software installed, and anti-virus is up-to-date. This cannot be claimed of computers that are likely to be used for webmail access.

Computers used for webmail are likely to be home PCs (perhaps crawling with nasties) and public web-cafes. Web-cafes in Airports are a well-know target for people installing keylogging software as they are commonly used by businessmen. Such nasties can capture information and send it back to the attacker. It’s unlikely to be a targeted attack – the malware will be on millions of PCs – but it is unknown what the attacker will do with the information.

The attacker is probably seeking ebay login details or credit card numbers. But, potentially, for that session and maybe beyond, they can access what the user can access via webmail.

Finally, there is also the issue of data remnance. When a web page is loaded, all the information is stored locally on the PC to speed up access. This is especially true if the user accesses an attachment. This information is typically not encrypted (and, there is no way of controlling). Thus, the next user of the machine may very easily find information they are not intended to see.

Predictably, the market has developed solutions. Webmail can be accessed via a number of products all of which can check the endpoint to ensure anti-virus is up-to-date, ensure it passes a number of other tests, and wipe attachments when the session ends. It’s also possible to control what operating system and web browser the user is connecting from, though the PC may spoof this.

It’s also possible to setup filtering based systems where the webmail system either filters emails the user can see based on a label (i.e. do not show this email unless it’s labelled as “UNCLASSIFIED”), or the webmail system is a duplicate of the normal environment, but only containing non-sensitive emails.

Ultimately, the decision to implement such a solution lies with the organisations risk owners. Clearly, they need to be in full possession of the facts, risks and countermeasures. They will also need to support the development process because a novel solution like this is likely to attract attention.

The impact of not providing this facility needs assessed. How many staff effectively do this already by emailing documents to their hotmail account so they can work at home? Recently, transport unions have proposed short-notice 5-day strikes. How would the organisation cope if a key transport route was closed? What would be the impact of not providing this facility to carbon neutral and efficiency savings targets (need to buy 1000’s of people a blackberry or laptop?).

A likely technical solution would have the following aspects:

· A “front end” webserver in a secured (DMZ) network

· Use of best-commercial-grade SSL encryption

· Registration with companies on the internet that allow ongoing and continual penetration testing of websites

· Endpoint checking – a small software component would have to be downloaded to the untrusted endpoints. This checks the machine to ensure software patch levels and antivirus is at acceptable levels, and perhaps the operating system is agreeable. If the endpoint check fails, or cannot be loaded, access is denied

· A high degree of protective monitoring – user access would be closely logged and anomalies alerted (perhaps in real-time)

· There is an element of end-user responsibility therefore terms and conditions would have to be maintained and agreed. It may be necessary for the solution to be “opt in”

· Use of a one-time-password (RSA SecurID) to replace or complement a password

· It may be desired to redact some information or remove some webmail functionality – for example the ability to download or upload attachments

· It may be desirable to control what machines can access the webmail by performing an enrolment procedure and using certificates. This removes the ability to access from any PC but allows access from pre-agreed PCs (e.g. users home PC)

I’m a big fan of the Microsoft IAG product. At its most basic level it’s an SSL VPN, and brings with it the endpoint checking functionality – so we can ensure the client PC is at a certain patch level.

It also allows us to dip into the data being accessed – in real time- and perform filtering based on rules we set. Finally, it sits atop ISA Server 2006 which is a firewall that’s Common Criteria EAL4 evaluated – in other words, it’s a robust firewall.

A simplified solution architecture is shown below:

In conclusion, the effort required achieving this and the friction creating a solution that steps outside the normal security paradigm for a high-security organisation should not be underestimated. Technology to create a robust solution exists and is  commercially heavily used.