Campus-wide implementation of a complete, updated version of BlitzMail, which includes standard security features that the current client lacks, is not a priority for Computer Services, according to David Bucciero, director of technical services. E-mail encryption, the main feature of the new version completed last May, prevents other users from reading private BlitzMail messages as they are sent and received -- a common feature of other clients, like Microsoft Outlook and Mozilla Thunderbird.
"This is tough for us right now," Bucciero said. "BlitzMail has been ingrained in Dartmouth for almost 20 years now and it would be tough to move away from that. On the other hand, it's a matter of us getting the staffing and the resources we need to make this a product, and that's not on the plan today."
Due to the compromised security of the current BlitzMail client, Bucciero himself uses Mozilla Thunderbird to send and receive his e-mails through the BlitzMail server.
The current version of BlitzMail also does not encrypt messages. This oversight that allows anyone on the wireless network to use software available on the internet to read messages as they are sent through the network, according to computer science doctoral candidate Chris Masone '02, who developed the new version of the BlitzMail client.
Masone said as a computer science major, it took him an hour or two to figure out how to read other students' BlitzMail message. "It's not something I'd expect just any random person off the street to be able to figure out, but with a little energy and time, it's not that hard," he said.
Windows users have the option to sign on to BlitzMail using Kerberos, which encrypts the user's e-mail. Currently, no similar option is available for Macintosh users. Activating the Virtual Protocol Network -- which is installed on all computers bought through the College and is available for download on the computer services web site -- secures messages between the computer and server. But this application does not guarantee security if the person on the other end of the message has not activated VPN. Additionally, VPN shuts down if the computer is moved or switched from wired to wireless internet access, Bucciero said.
The updated BlitzMail client also allows users to sign on without entering a username or password using an eToken and include a digital signature in messages to confirm that they are sent from the person listed under "sender."
Due to security concerns, an unofficial and unreleased "beta" version of the updated BlitzMail client has been implemented in College President James Wright's office, but no plans have yet been made to expand usage to the whole campus.
"One of the issues is making it a production-ready product," Bucciero said. "It's got to be put into our software development cycle. All the codes have got to be put in place -- compiled and such -- but it has to be tested in different scenarios."
According to Ellen Young, manager of consulting services for Computing Services, the users in Wright's office have not experienced any problems with the new client.
An additional delay in releasing the new version is that while the Macintosh BlitzMail client would be secure, no comparable version has been developed for the Windows client, which is owned and maintained by Dartmouth-Hitchcock Medical Center. Masone made the code available to incorporate into the Windows client, but updating it is not a primary concern at DHMC.
"Developing BlitzMail for Windows is not my number one priority in terms of my job," Doug Hornig, senior programming director at DHMC, said. At DHMC, most users use Kerberos to sign onto BlitzMail, so there is less incentive to support SSL, software that encrypts BlitzMail messages in the updated version, he said.
For students who are concerned about the security of their e-mail, Chief Information Officer Ellen Waite-Franzen, who prefers Microsoft Outlook to the BlitzMail client, suggests Windows users log on through Kerberos and Mac users switch to a more secure client.
Unfortunately for most students, other clients do not allow instantaneous communication as BlitzMail does.
"It takes about a minute for the messages to appear in the mailbox [when using another client]," Waite-Franzen said. "However, if we went to a totally different e-mail system, client and server, other systems do have the capability to provide the instant communication that BlitzMail provides."
While they offer features not available on BlitzMail, other clients can take up to 15 minutes to retrieve e-mail, and only the BlitzMail client offers Dartmouth Name Directory lookup and password change for the BlitzMail server.
Computing Services is considering the development of more secure wireless and wired Internet access, which would better protect BlitzMail message security along with all other internet activity -- although such a development would not secure BlitzMail if used on a different network.
d of the message has not activated VPN. Additionally, VPN shuts down if the computer is moved or switched from wired to wireless internet access, Bucciero said.
The updated BlitzMail client also allows users to sign on without entering a username or password using an eToken and include a digital signature in messages to confirm that they are sent from the person listed under "sender."
Due to security concerns, an unofficial and unreleased "beta" version of the updated BlitzMail client has been implemented in College President James Wright's office, but no plans have yet been made to expand usage to the whole campus.
"One of the issues is making it a production-ready product," Bucciero said. "It's got to be put into our software development cycle. All the codes have got to be put in place -- compiled and such -- but it has to be tested in different scenarios."
According to Ellen Young, manager of consulting services for Computing Services, the users in Wright's office have not experienced any problems with the new client.
An additional delay in releasing the new version is that while the Macintosh BlitzMail client would be secure, no comparable version has been developed for the Windows client, which is owned and maintained by Dartmouth-Hitchcock Medical Center. Masone made the code available to incorporate into the Windows client, but updating it is not a primary concern at DHMC.
"Developing BlitzMail for Windows is not my number one priority in terms of my job," Doug Hornig, senior programming director at DHMC, said. At DHMC, most users use Kerberos to sign onto BlitzMail, so there is less incentive to support SSL, software that encrypts BlitzMail messages in the updated version, he said.
For students who are concerned about the security of their e-mail, Chief Information Officer Ellen Waite-Franzen, who prefers Microsoft Outlook to the BlitzMail client, suggests Windows users log on through Kerberos and Mac users switch to a more secure client.
Unfortunately for most students, other clients do not allow instantaneous communication as BlitzMail does.
"It takes about a minute for the messages to appear in the mailbox [when using another client]," Waite-Franzen said. "However, if we went to a totally different e-mail system, client and server, other systems do have the capability to provide the instant communication that BlitzMail provides."
While they offer features not available on BlitzMail, other clients can take up to 15 minutes to retrieve e-mail, and only the BlitzMail client offers Dartmouth Name Directory lookup and password change for the BlitzMail server.
Computing Services is considering the development of more secure wireless and wired Internet access, which would better protect BlitzMail message security along with all other internet activity -- although such a development would not secure BlitzMail if used on a different network.
