Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education



Front Page

World

UK

UK Politics

Business

Sci/Tech

Health

Education

Sport

Entertainment

Talking Point

In Depth

On Air

Archive
Feedback
Low Graphics
Help

Tuesday, August 31, 1999 Published at 12:28 GMT 13:28 UK


Sci/Tech

Web e-mail inherently weak

Users of web-based e-mail services can encrypt their messages

By BBC Internet Correspondent Chris Nuttall

Security experts have been stressing the inherent weaknesses of Web-based e-mail services after hackers exposed an easy way to access any of Hotmail's 40 million accounts.

"These services are going to be less secure than POP3 [Post Office Protocol 3] services where people download their e-mail on to their local PC," said Graham Cluley, senior technology consultant at UK-based data security firm, Sophos.

"The messages are then deleted from the servers, but with Web-based services they stay there.

"This incident has done enormous damage to Microsoft's reputation. People will remember this for years and they may think about going to proper POP3 services in future."

Web-based encryption gaining favour

Web-based e-mail services have proliferated with many portal sites offering free e-mail and UK Internet Service Providers (ISPs) beginning to offer e-mail, voicemail and faxes through Web browsers.

The Hotmail break-in could see users turning to Web e-mail scrambled with encryption techniques. Hushmail.com and Ziplip.com have been gaining in popularity with their promise of secure online e-mail services.

Hushmail offers strong 1024-bit encryption through a Java applet initiated when users access its Website to send e-mail. Ziplip does not require registration and allows visitors to its site to write messages and encrypt them on its servers protected with a password. It then notifies the recipient who can pick up the message only if they know the password. Both Ziplip and Hushmail are free.

Microsoft stresses usability

Microsoft has taken the brunt of criticism for security flaws exposed over the Internet, with its scripting, Windows operating system, Outlook e-mail program, Internet Explorer browser, instant messaging software and Hotmail all being targeted by hackers.

This is more than Microsoft being picked on because of its domination of the software industry. Much of the blame can be attributed to the company's concentration on usability.

Hotmail's attraction is that it can be used on any computer in the world connected to the Internet, meaning security cross-checks such as cookie files of personal information on the user's own computer cannot be utilised.

"Microsoft are the Number One target as far as hackers are concerned," says Graham Cluley, "They have to strike a balance between functionality and security. Up to now they have though a lot more about ease-of-use - it's what sells their products."



Advanced options | Search tips




Back to top | BBC News Home | BBC Homepage | ©


Sci/Tech Contents


Relevant Stories

31 Aug 99 | Sci/Tech
Hackers strike Hotmail

31 Aug 99 | Sci/Tech
Your reaction to the Hotmail hackers

31 Aug 99 | Sci/Tech
The self-destructing e-mail

31 Aug 99 | Sci/Tech
Virgin sues spam man





Internet Links


Hotmail

Ziplip

Hushmail


The BBC is not responsible for the content of external internet sites.




In this section

World's smallest transistor

Scientists join forces to study Arctic ozone

Mathematicians crack big puzzle

From Business
The growing threat of internet fraud

Who watches the pilots?

From Health
Cold 'cure' comes one step closer