Re: Google Secure Access

tomstde...@gmail.com wrote:
> Well the ACTUAL solution to your problem has been solved via the use of
> SSL. Think about for it a second...
>
> 1. You connect to google securely. Check.
>
> 2. Google then SENDS YOUR LOGIN DETAILS IN THE CLEAR TO YOUR ISP.
> Oh... that's stupid.

Packetsniffing your login details from google to your mailserver
requires someone in a position of power (with access to a router along
the way) abuse that power to packetsniff your login. While it does
happen, it's not very common.

Packetsniffing your login when you're using unsecured wireless is
doable by anybody in the vicinity. They don't require any sort of
priveliged access whatsoever. Thus, the risk of password disclosure is
much, much higher.

As far as SSL support goes - as far as I'm aware, my ISP doesn't
provide SSL access to their mailservers (I run my own mailserver, so I
can't be certain), and I'm sure it's not the only one.

> In fact most marketdroids KNOW HOW TO USE SSL. It's not exactly rocket
> science to click the "login via SSL" button and have your competent
> sysadmin set up SSL certs back home.

I've already said it several times, but I'll say it again: The service
is not targeted at these people. The service is targeted at individuals
who want to connect when travelling, or 'marketdroids' using their
laptops to check non-business related material while on a trip. As
you've pointed out multiple times, IT departments already adequately
cover business security.
Received on Thu Sep 29 21:58:39 2005