RE: CRIME secure mail programs/internet

From: Kuo, Jimmy (Jimmy_Kuo@private)
Date: Fri Nov 30 2001 - 09:57:43 PST

  • Next message: Christiansen, John (SEA): "RE: CRIME secure mail programs/internet"

    Unfortunately, some of the exploits are with IE so switching mailers may not
    affect that unless you go to something that doesn't render anything in the
    mail, which is nice for some of us, but not for the average user.
    
    So, I'll let some of the other admins with experience in this area offer
    suggestions.
    
    I think however, you may have another problem with using Hotmail.  Do you
    clean up after you send the data?  Or is it hanging in a Sent folder?  I
    work with the assumption that any data left on hotmail is public
    information!  That includes *incoming* since that will sit on the server for
    some amount of time.  If it's temporary/outgoing, it's not as bad.  But if
    it's going to sit in a Sent folder, assume others can read it!  (This
    feeling was established based on the hotmail exploits of the past, which may
    or may not have been fixed.)  And based on your questions about encryption,
    it sounds like that's not yet implemented.
    
    If I recall correctly, HIPAA in 2004.  But do continue to check on that for
    a more specific date.  Most importantly, get to know the admins of the
    companies you deal with.  If you do HIPAA, then anyone else you share such
    info with also has to deal with HIPAA.  So, you're going to need to know
    them sooner or later, and take the same security measures.
    
    Jimmy
    
    -----Original Message-----
    From: Heidi
    To: CRIME
    Sent: 11/30/01 8:18 AM
    Subject: CRIME secure mail programs/internet
    
    As I have seen here on the list that some do not recommend that Outlook
    or Outlook Express be used for e-mail due to security holes, I would
    appreciate recommendations. This would be for people working on home
    computers, who have medical information stored on their systems.  These
    are only connected to a network when they log in to transfer their work
    to the network. When the work is transferred they log in using a VPN.
    Otherwise, they are stand-alone PCs, which are used by some of the
    people for their work, as well as personal internet use.  Hotmail is
    being used on the network end to send information to the home PCs.  The
    concern here is when these people are surfing the internet that the
    medical files would be vulnerable to access, especially after reading
    the latest advisory sent below, in relation to internet explorer and
    previous postings I have read here on the list about not using Outlook.
    This system for these people is fairly new and they are in the learning
    stages of file protection, VPN, etc.  
    Also, does any one in the medical related industry know what the dates
    are that we will have to be complaint using encryption on our files, and
    if there will be training provided using the required encryption, etc.
    to meet the compliance requirements for HIPA?  . I have been asked by my
    employer to relay any of this information regarding security issues back
    to them.  Thank you for any help in advance. Heidi
    This is the latest advisory I make reference to:
     
    National Infrastructure Protection Center 
    "Multiple Vulnerabilities in Microsoft Internet Explorer - All Versions"
    
    Assessment 01-028 
    29 November 2001
    You can respond to me individually at mcps@private <mailto:mcps@private>
    .  Thank you, Heidi Henry
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:36:11 PDT