When Lavabit — an email service that National Security Agency leaker Edward Snowden used — suspended service last week amid hints that it had received a government demand for information, a competing service called Silent Circle made a draconian decision: to obliterate all of its customers’ stored email.
The episode pointed out two fundamental weaknesses in email. First, even if an email service encrypts messages for secrecy, as Lavabit and Silent Circle did, the email headers and routing protocols reveal who the senders and receivers are, and that information can be valuable in its own right. And second, the passcodes used as keys to decrypt messages can be requested by the government (if held by the email company) or simply stolen by sophisticated malware.
SOURCE: mashable.com/
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.