WebWatch is the cooperative effort of two of Phnom Penh's most

experienced Internet users:

David Lewis of Telstra's Bigpond and

Bill Herod, information technology consultant at the NGO Forum on

Cambodia. Contact through: [email protected]

Email Security

Email, as the saying goes, is an electronic post card. That is, an

ordinary email message is no more private or secure than a scrap of paper on

your desk.

Most email messages exist in several copies, and those copies

may linger on various computers for months or even years. As an email message is

just a computer file, it can be opened, copied, changed or deleted at any number

of points.

When you send an email from one computer to another over the

Internet, you can't possibly know which computers (servers) that message will

pass through and whether they are secure or not. You can't even know for sure if

it will arrive at its intended destination at all. For example, if you make a

mistake in typing the address or there is a temporary power outage or some other

technical problem at the recipient server, the message would bounce back to the

account where it originated. If that happens to be a shared account at your

office or a "guest" account in an Internet café somewhere, your message may be

read with interest by a variety of people.

The same thing is true at the

recipient's computer - it may be shared by other people who could quite

innocently stumble across your message long after it was sent. In fact, for most

of us, the most serious considerations for email security will be at those two

points: the computers of the message's sender and recipient. It is technically

possible that email messages could be tampered with at any of the servers

through which they pass, but that is unlikely.

For the average

individual, common sense will cover most of the potential problems. If you

wouldn't leave your message on a sheet of paper in a public place, then don't

put it in an email.

If you occasionally have reason to transmit really

sensitive information there are a number of excellent security programs easily

available - at no cost - over the Internet. PGP (Pretty Good Privacy) is

a fairly robust encryption program in wide use, though some find its system of

"public keys" and "private keys" a little confusing. Another solution is

Hushmail - a free, web-based email service. If both correspondents use

Hushmail accounts, their messages are encrypted during transmission. Another new

service offering secure email is Zixmail, which combines encryption with

a digital signature for extra security. Zixmail can also handle PGP files and is

compatible with SecureDelivery (see below) for communicating with

recipients who do not also use Zixmail.

Digital signatures, as

currently used in email, aren't quite what the name suggests. A digital

signature doesn't really confirm that the message was sent by the person named,

but that it was sent through a particular, registered account.

Perhaps it

would be better to call these little files "digital seals" because they

primarily show whether the message has been tampered with during transmission.

They offer no protection against casual snooping on the sending or receiving

computers.

Finally, perhaps the simplest and safest form of secure

messaging is a kind of electronic "dead drop". Using one of these programs

(ZipLip or SecureDelivery, for example), you type a message into a form

on a web site where it is encrypted and stored for a period of time you

determine. You then send a message (or instruct the program to do so) to the

intended recipient, who logs on to the web site, enters a password and views the

message. You are then informed that the message has been seen and it is deleted.

No copies are retained on any computers. Deep Throat would have loved this!

Surf On

Last month saw a large increase in the amount of

surfing traffic in Cambodia. BigPond customers accessed over 2.5 gigabytes of

web pages a day. The most popular E-Destinations were :-

The Microsoft

Network, Yahoo, Olympics, CNN, AOL, Microsoft, The Sydney Morning Herald, The

BBC, Geocities.

Site Picks

We have recommended previously a whole range of

search engines and directories. Special mention goes this month to Google, which

is probably the Internet's prettiest, fastest and best search engine. It is

claimed that the search of over 1 billion sites is equivalent to searching a

stack of paper more than 70 miles high in half a second. No special conventions

or codes are needed - just type in a few words. You will be surprised by the

accuracy of results.

Moreover.com provides access to current news

articles derived from over 1500 news sources. The site is organised as 300

categories ranging from Asia Pacific to Motorsports to Public health. A quick

search for "Cambodia" yielded 220 relevant articles. Newshub is another

such service, with fewer categories and sources but it is well-presented and

updated every 15 minutes.

Link List

Secure Email:

www.pgp.com

www.hushmail.com

www.zixpmail.com

www.ziplip.com

www.securedelivery.com

Surf On:

www.msn.com

www.yahoo.com

www.olympics.com

www.cnn.com

www.aol.com

www.smh.com.au

www.bbc.co.uk

www.geocities.com

Site Picks:

www.google.com

www.moreover.com

www.newshub.com