Net neutrality and how ISPs can impact your email security

by Bharat Suneja on November 18, 2014

There was a time ISPs limited themselves to providing layer 3 connectivity. You got a connection, and if the link was up and your computer or network configured correctly for Internet Protocol (IP) communication, you could send and receive TCP/IP packets over that link. The ISP controlled the bandwidth, which is the maximum rate at which packets would travel over the link. ISPs didn’t control or seem to care about the total amount of data transferred, the kind of traffic “on the wire” (such as, SMTP, HTTP, FTP, or an audio or video stream), the content or whether it was encrypted.

Over the years, with each round of consolidation in telecom (and cable) we’ve seen reduced competition in most markets. No wonder service providers are flexing their muscles and exerting more control over network traffic. Some examples:

  • Many service providers block certain ports or certain types of traffic that indicates business use – for example, an SMTP mail server or a web server. No business traffic on the “consumer web”.
  • AT&T has been sued by the FTC for illegally throttling customers with unlimited data plans. Although AT&T and other carriers don’t offer them any more, customers who had unlimited plans were grandfathered.
  • As widely reported, service providers are throttling certain content streams such as Netflix video, slowing down consumer traffic on the consumer web. Also as widely reported, Netflix is paying Comcast, Verizon & AT&T a toll to speed up its traffic. As Netflix explains, these are not the normal interconnect charges paid to transit carriers which typically carry traffic over long distances, but a toll to deliver traffic to customers on these carriers.

    Imagine if you had to pay an extra fee for speeding up your email to some networks or domains – besides what you already pay for Internet connectivity to your ISP.

  • Verizon and AT&T are tracking their users with ‘supercookies’ to collect information, including web sites visited. This enables them to profile users’ tastes and interests and use, sell or otherwise make this info available for targeted advertising. How’s that different from what Google does? Google’s services are free to consumers, but carriers charge you for Internet connectivity and should have no business tracking you or inspecting your traffic! Additionally, as the Washington Post reports:

    Consumers cannot erase these supercookies or evade them by using browser settings, such as the “private” or “incognito” modes that are popular among users wary of corporate or government surveillance.

There’s a general outcry over lack of Net neutrality, which requires that all lawful Internet traffic be treated equally. Whether we actually get meaningful laws to prevent ISP overreach remains to be seen.

How your ISP can remove your message security by preventing encryption

The Electronic Frontier Foundation (EFF) highlights the case of a mobile carrier Cricket preventing encrypted SMTP email traffic from an engineer at Golden Frog. I must admit, I hadn’t thought about this possibility, or a service provider’s ability to impact your organization’s security by preventing secure communication. How do they do this? By blocking the STARTTLS verb in SMTP communication.

Although most mail servers, including Microsoft Exchange, allow you to enforce TLS encryption (and use mutual TLS authentication, which uses certificates for authentication), most organizations continue to use opportunistic TLS, which involves the client sending the STARTTLS command to the SMTP server, volunteering to start communicating over a TLS-encrypted channel.

With TLS encryption taken out of the equation, the SMTP client and server can (and most do) continue their communication in the clear.

But the ISP is peeping into the application layer! In effect, it’s snooping on SMTP traffic to block STARTTLS – in security terms, a Man-In-The-Middle attack.

This may be an isolated incident, and the situation has returned to normal with STARTTLS working or being allowed again by the ISP. But if the questions remain unanswered, other ISPs may adopt similar methods.

As Golden Frog’s recent FCC filing shows, without any regulation to prevent such behaviour, service providers will go further in controlling and throttling traffic. Here’s what you can do.

Enter your email address to subscribe to Exchangepedia and receive notifications of new posts by email.

{ 2 comments }

If you spend greater part of your workday on a notebook/ultrabook, selecting your primary work tool is as important as selecting race cars is to race car drivers and selecting cameras & lighting equipment is to photographers. Some obsess over it more than others. I confess to being firmly in the latter category.

I won’t stir the hornet’s nest that the PC v/s Mac issue still is for the faithful, but suffice it to say that the MacBook Pro still sets a high bar in quality and design and it’s been a great notebook to run Windows on. But the MacBook Pro doesn’t have a touch screen, a serious handicap that dents its best-for-Windows credentials.

The lack of a touch screen means the MacBook Pro can no longer be considered the ‘best PC for Windows’.

After having recently given up my brushed aluminium-clad Asus Zenbook UX31A, my first choice is another Asus Zenbook. I’ve liked the two Zenbooks I’ve used in as many years. But the latest and greatest Zenbook UX303LN DB71T with QHD+ display (3200×1800) and discrete graphics is still a few days from its shipping date. In fact, the model can’t be found on Asus’ web site at the time of writing, but you can pre-order it from CDW.

Asus Zenbook UX301LA

The current top of the line Zenbook, UX301LA

The Surface Pro 3, with its excellent display, extremely portable tablet form factor and stylus is high on my list. It’s also the only device in this list that has a rear camera and sensors such as accelerometer, gyroscope, and ambient light sensor found on tablets. Visits to Microsoft Store in Bellevue, WA, and Santa Clara and Palo Alto here in the Valley, as also the neightborhood Best Buy, confirm it’s selling well. Although not a crowd puller, there were excited customers trying and buying the Surface Pro 3 at these stores. However, I require at least 2 USB ports on my primary PC and like to have a larger display and keyboard than what the Surface Pro 3 provides. If weight and dimensions are the top decision factors, the Surface Pro 3 is hard to beat.

Asus Zenbook UX301LA

The Surface Pro 3’s great display, extremely portable dimensions and stylus make it a topper.

Lenovo released the Yoga 3 Pro, an update to last year’s Yoga 2 Pro, an excellent ultrabook by all accounts. It’s super thin and light, and has the QHD+ display that won me over last year.

Yoga 3 Pro hinge

The Yoga 3 Pro display can be flipped a full 360 degrees, allowing you to use it in laptop, tablet and other modes.

For most part, both share identical specs – the same QHD+ display, versatile usage modes (laptop, tent, tablet and stand – and hence the name “Yoga”). The Yoga 3 Pro is lighter and thinner than its older sibling and costs $100 more. The new Intel M processor the Yoga 3 sports is supposed to consume even less power than the Haswell (4th gen) chip in Yoga 2 Pro. It makes even thinner ultrabooks like the Yoga 3 Pro with fanless design possible. The much talked about watch-link hinge on the Yoga 3 Pro is also an improvement over the Yoga 2.

Yoga 3 Pro hinge

The Yoga 3 Pro has a watch-like hinge that’s an improvement over last year’s model.

But the Yoga 2 Pro has a 4th Generation Intel Core i7-4510U processor, which provides better performance than the Intel M processor in the Yoga 3 Pro. And the $100 price difference ($150 with a coupon at the time of writing) makes it the ultrabook to buy at this time.

I decided to go for the Yoga 2 Pro, making it the first time in as long as I can remember when last year’s model made more sense.

It will have some stiff competition when the new Asus Zenbook ships in a few days. If you like the look and feel of brushed aluminium unibody, it may be worth the wait.

Spec Asus Zenbook Lenovo Yoga 3 Pro Lenovo Yoga 2 Pro Microsoft Surface Pro 3
Model UX303LN-DB71T 80HE0048US 59428042 i7 256 GB
CPU Intel Core i7 4510U
(2 GHz)
Intel Core M 5Y70
(1.10GHz 4MB)
Intel Core i7 4510U
(2 GHz)
Intel Core i7-4650U
(1.70 GHz)
Graphics Nvidia GeForce 840M  Intel® HD Graphics 5300 Intel® HD Graphics 4400 Intel HD Graphics 5000
Display 13.3″ QHD+ (3200×1800) 13.3″ QHD+ (3200×1800) 13.3″ QHD+ (3200×1800) 12″ 2160×1440
RAM 12 GB 8 GB 8 GB 8 GB
Storage  256 GB SSD  256 GB SSD  256 GB SSD  256 GB SSD
Network 802.11ac 802.11ac 802.11 b/g/n 802.11ac
Ports 3 x USB 3.0 2 x USB 3.0
1 x USB 2.0
2 x USB 3.0
1 x USB 2.0
1 x USB 3.0
Card reader SDHC SDHC 4-in-1 card reader
(SD, MMC, SDXC, SDHC)
microSD™ card reader
Display port Micro HDMI
Mini DisplayPort
Micro HDMI Micro HDMI Mini DisplayPort
Dimensions
w x d x h
12.7″ x 8.8″ x 0.8″ 13″ x 9″ x 0.5″ 12.99″ x 8.66″ x 0.61″ 11.50″ x 7.93″ x 0.36
Weight  3.2 lbs  2.62 lbs 3.06 lbs 1.76 lbs
Battery 3 Cell 50 Watt Hour Li-Polymer 4 Cell 44.8 Watt Hour Li-Polymer 4 Cell 54 Watt Hour Li-Polymer
Battery life Up to 8 hours Up to 9 hours Up to 7.2 hours Up to 9 hours (browsing)
Warranty 1 year 1 year 1 year 1 year

{ 2 comments }

Microsoft makes Office 365 the cloud productivity service to beat

October 29, 2014

Pushed back from its normal summer schedule to early fall, Microsoft’s last TechEd conference TechEd Europe 2014 could have been a ho hum affair. Evidently, Microsoft had different plans. In a slew of announcements at TechEd Europe 2014 in Barcelona, Microsoft has raised the bar significantly to make Office 365, the cloud-based productivity service, an almost irresistible proposition […]

Read the full article →

Synchronize your PowerShell Profile with OneDrive

September 24, 2014

I make frequent changes to my PowerShell profile and like to have the same PowerShell envirnoment on all computers that I use PS from. To accomplish this, I used to copy the PowerShell profile to a folder on OneDrive (previously known as SkyDrive) and copy it back to the WindowsPowerShell folder on other computers – […]

Read the full article →

The Garage Series show from MEC 2014: What’s New in Exchange 2013 SP1…

May 7, 2014

I’ve been participating in the Garage Series shows with host Jeremy Chapman. Most shows are recorded live at Microsoft events such as TechEd, TechReady (an internal Microsoft technical event), Microsoft Exchange Conference (MEC) and Microsoft SharePoint Conference, on the road (some recent ones have been in Prague and Hong Kong). You can find the shows […]

Read the full article →

Connection Filtering and RBLs in Exchange 2013

April 17, 2013

Exchange 2003 and later have included Connection Filtering in its repertoire of built-in anitspam tools. In Exchange 2007 and Exchange 2010, this is implemented using the Connection Filtering agent, a transport agent. Connection Filtering agent offers the following functionality: IP Allow List and IP Block List: Static lists of IP addresses you can populate to […]

Read the full article →

Make Bing the default search engine in Firefox address bar

March 19, 2013

I like Bing for a number of reasons. If you don’t prefer Bing, this is not a sales pitch to make you change your search habits. I’ll leave that to the Bing team with BING IT ON, the Bing Challenge commercials et al. Bing offers a better user experience. I also believe Microsoft has better […]

Read the full article →

Windows PowerShell 3 Wins InfoWorld’s 2013 Technology Of The Year Award

January 15, 2013

Windows PowerShell 3 has won InfoWorld’s 2013 Technology of the Year award. Finally, InfoWorld editors have discovered what IT pros have known for a long time – PowerShell is simply the most powerful yet easy-to-use management tool out there on any platform! The third time is definitely the charm for PowerShell, which provides the engine […]

Read the full article →

Change mailbox audit logging age limit in Exchange 2010 and later

January 9, 2013

In Exchange 2010 and later, you can use Mailbox Audit Logging to enable auditing of mailboxes for actions taken by mailbox owners, delegates and administrators. You can log events such as mailbox access, folder access, item access, deletes, hard deletes, moves, etc. For details, see Mailbox Audit Logging in Exchange 2013 documentation. By default, mailbox […]

Read the full article →

Remove a mobile device from your Exchange account

December 20, 2012

Most users switch to new mobile devices or add new ones. Over a period of time, your Exchange mailbox may have quite a few mobile devices. If you’re not using a smartphone or other Exchange ActiveSync (EAS) device (including Windows 8/Windows RT tablets, Apple iPad or other iOS devices), you can remove it from your […]

Read the full article →