Is it safe to send personal resumes through non-encrypted HTTP?



jack
07-09-2005, 11:52 PM
Nowadays many people looking for jobs send their CVs to different Email
addresses through non-encrpted HTTP.

It seems that it is impossible to send *encrypted* information to a email
address without digital certificate. How can I search those email addresses
one after another for their digital certificates?

In addition to that, what can I do for protecting my privacy and
preventing personal information from abusing?

Imhotep
07-09-2005, 11:52 PM
jack wrote:

> Nowadays many people looking for jobs send their CVs to different Email
> addresses through non-encrpted HTTP.

First if you send your resume though email you are not using http. You are
using smtp (well gateway-to-gateway anyway). Second gateway to gateway
encryption is supported with sendmail and other mail servers. If it is
configured to do it. My personal (ie home) email server is configured that
way and if I send an email to another gateway that supports encryption they
will auto negotiate and use encryption. If the other email gateway does
not, then encryption will not happen...

> It seems that it is impossible to send *encrypted* information to a email
> address without digital certificate. How can I search those email
> addresses one after another for their digital certificates?

Not true. You can use S/MIME or PGP...or gateway-to-gateway encryption
(SSL)...

> In addition to that, what can I do for protecting my privacy and
> preventing personal information from abusing?

Do you send out your Social Security Number in your resume (please say no).
Really the only items that you need to send is your name and email address.
Not really a big deal. Just don't send more info than that. OK?

On a serious note, just two days ago I got an email from a so called
"recruiter" about a job opp. She pulled my resume from somewhere. She asked
that I send my social Security number "because the company wanted to make
sure that my resume was not already submitted"...I politely declined by
assuring her my resume was not submitted to the company. I have not heard
from her since.....NEVER send your SS number through the email or give it
to anyone who does not need it. I believe she was trying to do scam to get
SS numbers....

Identity fraudsters are getting quite good at it. Don't mind
hackers/crackers but I hate hate thieves...and hackers/crackers who are
thieves....

-Imhotep

jack
07-09-2005, 11:52 PM
"Imhotep" <NoSpam@nothanks.net> ??????:56Xke.22801$wq.22281@fed1read06...
jack wrote:

> Nowadays many people looking for jobs send their CVs to different Email
> addresses through non-encrpted HTTP.

First if you send your resume though email you are not using http. You are
using smtp (well gateway-to-gateway anyway). Second gateway to gateway
encryption is supported with sendmail and other mail servers. If it is
configured to do it. My personal (ie home) email server is configured that
way and if I send an email to another gateway that supports encryption they
will auto negotiate and use encryption. If the other email gateway does
not, then encryption will not happen...

>> How can I know whether my email server is configured as gateway to
>> gateway encrytion or not? Are the most popular email services, such as
>> hotmail and yahoo, configured that way? If I use webmail through
>> hotmail.com, don't I use HTTP to send emails?


> It seems that it is impossible to send *encrypted* information to a email
> address without digital certificate. How can I search those email
> addresses one after another for their digital certificates?

Not true. You can use S/MIME or PGP...or gateway-to-gateway encryption
(SSL)...

>>Yes. I can use PGP. But I am not sure whether the recipents use the
>>software or not. If they don't, they can not open the encrypted emails.
I know that Gmail is configured as a SSL encrypted server, but it ONLY works
when the recipents also use Gmail as their email service provider, right?
So, Do different domain names that email addresses contain always lead to
insecure delivery in the ciber space?

techguy
07-09-2005, 11:52 PM
true very true....I agree with Imhotep


--
techguy
------------------------------------------------------------------------
techguy's Profile: http://forums.techarena.in/member.php?userid=6552
View this thread: http://forums.techarena.in/showthread.php?t=182899
Visit - http://forums.techarena.in/archive/index.php/ | http://www.techarena.in

Imhotep
07-09-2005, 11:52 PM
jack wrote:

>
> "Imhotep" <NoSpam@nothanks.net> ??????:56Xke.22801$wq.22281@fed1read06...
> jack wrote:
>
>> Nowadays many people looking for jobs send their CVs to different Email
>> addresses through non-encrpted HTTP.
>
> First if you send your resume though email you are not using http. You are
> using smtp (well gateway-to-gateway anyway). Second gateway to gateway
> encryption is supported with sendmail and other mail servers. If it is
> configured to do it. My personal (ie home) email server is configured that
> way and if I send an email to another gateway that supports encryption
> they will auto negotiate and use encryption. If the other email gateway
> does not, then encryption will not happen...
>
>>> How can I know whether my email server is configured as gateway to
>>> gateway encrytion or not? Are the most popular email services, such as
>>> hotmail and yahoo, configured that way? If I use webmail through
>>> hotmail.com, don't I use HTTP to send emails?
>
>
>> It seems that it is impossible to send *encrypted* information to a email
>> address without digital certificate. How can I search those email
>> addresses one after another for their digital certificates?
>
> Not true. You can use S/MIME or PGP...or gateway-to-gateway encryption
> (SSL)...
>
>>>Yes. I can use PGP. But I am not sure whether the recipents use the
>>>software or not. If they don't, they can not open the encrypted emails.
> I know that Gmail is configured as a SSL encrypted server, but it ONLY
> works when the recipents also use Gmail as their email service provider,
> right? So, Do different domain names that email addresses contain always
> lead to insecure delivery in the ciber space?

First, I do not use GMail so please correct me if I got things wrong. It
sounds like when you use GMail you are interfacing with it by using a web
browser right? Now, if that is true you have to understand that their are
two things going on. First you have the web browser (really nothing more
than a email front end in this case) that is using SSL. Second, you have
SMTP that is actually "routing" your email through the Internet. That being
said, let's look at a couple of examples...

1) You log into GMail and your browser is using encryption (SSL). You email
someone within GMail. You have to remember when you email someone on the
same domain it is not getting routed (generally speaking, there are
exceptions but I think that is beyond the scope of this discussion). Since
the email is never leaving the domain it stays on the email server. When
your friend logs into GMail and gets your email (also using a browser with
SSL encryption) then yes, the email is safe since the only time it has been
"viewed" it was viewed with a secure connection.

2) In the second example, you send another email but you send it to another
domain, say hotmail. Now you again log into GMail with a web browser that
is using SSL. Again understand that the browser is nothing more than the
front end to the GMail email system (probably IMAP based). You send the
email to someone at hotmail. Now, if Hotmail's email gateways do encryption
*AND* GMail's gateways do encryption chances are that they will auto
negotiate and transmit the email using encryption through the Internet. If
one, or both, do not understand encryption then they will not and your
email will have been sent through the Internet without being encrypted...

So, to summarize. There are two things going on when you log into GMail. You
have a web based frontend that is sending data to the web server using
encryption and, in the case you are sending email outside of GMails domain,
you have SMTP (which may or may not be configured to use encryption)

Wooo... that was more typing than I generally do in one sitting. Damn, after
how many years I still do the "hunt and peak" typing "technique"...

Anyway, I hope that helps...

-Imhotep


Is it safe to send personal resumes through non-encrypted HTTP?