Share via

Should I use Outlook Web Access (OWA), Gmail, Hotmail or other webmail from a cyber cafe?

  • Article

Absolutley NOT unless the information in your messages and contacts is already in the public domain!

Don't get me wrong - OWA provides an excellent webmail system.

My point is that if you don't have a reason to trust the client machine you shouldn't view/access or enter sensitive information as anything you see/type can be stolen by a malicious third party. Using multi-factor authentication (aka "blinkin' tokens"), HTTPS/SSL on protects the transport (and authentication of the parties).

I am staggered at the number of organisations who allow (and encourage) their employees to access corporate information from unmanaged machines!!!!

There ARE cyber cafes who are very good at ensuring the security of the client machine - it's a differentiator - however the VAST majority of cyber cafes do not provide this assurance

Comments

  • Anonymous
    January 01, 2003
    Matt> I'm saying that if the client machine is compromised then strong authentication and transport (SSL) won't save you.

  • Anonymous
    January 01, 2003
    As I've explained before I like to do mail in the morning before I leave the house. Finding myself running

  • Anonymous
    January 01, 2003
    Ian> absolutely not for exactly the reason you state - they are a multitude of ways your I/O can be compromised on an unmanaged machine

  • Anonymous
    January 01, 2003
    Edgar> of course - go ahead

  • Anonymous
    December 08, 2007
    Hmmm... not sure that I entirely agree.  I mean - it depends on the sensitivity of the information.  I wouldn't think that the average business or would have a lot of sensitive information that was at serious confidentiality risk through this scenario.  Sure - you wouldn't want to publish that info, but it is unlikely that the agent/individual who compromises the data from the public terminal would have any interest in it or any particular use for it. I would, however, insist that any access from a public terminal require two-factor authentication as the password itself is sensitive enough material to worry about it being compromised.

  • Anonymous
    December 11, 2007
    hi to you guys i lake to ask you a question ? its that o.k.

  • Anonymous
    December 12, 2007
    Steve, are you saying that you believe that it is inherently insecure and putting a corporation at risk if they are using multi factor "blinkin' tokens", as you put it, to access corporate data/apps? It wasn't 100% clear from your post. And if so how does this differ from the the "TS Web Access/TS Gateway" solution presented at the recent Technet sessions that yourself and James O'Neill gave? Thanks

  • Anonymous
    December 12, 2007
    Going one step further - should we ever trust a client machine which we don't physically own? The best HTTPS and SSL security layers can't stop a device-level keylogger.

  • Anonymous
    January 21, 2008
    I wish to import my current contacts list and mail from outlook 2oo5 folders to OWA.

  • Anonymous
    January 21, 2008
    I wish to import my contacts list and mail folders from existing outlook 2005