Anti hacking techniques (Iris)

My 18 old neighbor  was able to hack all my incoming
and outgoing email contents (passwords ,credit cards ....)
Using Iris 1.01 .

  I have norton firewall 2001 installed ,it couldn't help
in this....

 I have installed iris myself in order to test .I was
able to hack  my emails .Iris has a guard mode that
is supposed to prevent other from hacking but the guard
feature is useless.

How can I prevent the contents of my emails and my browser from being hacked?
Who is Participating?
SunBowConnect With a Mentor Commented:
If you said what eMail service you use, I missed it.
Can you consider switching? There are many free eMail services on web, Web-Mail, such as for HotMail and NetScape. etc. Rather than download to PC, you and friends can send from one remote website to another.  It thus looks like other html, but is not on your local drive.

When you logon to the remotes, you can each be running SSL, for security, for in modern era thanx to NetScape invention, this kicks in automatically for whoever is using it on their browser.

Norton firewall is not among best. Try ZoneAlarm freebie here: - it is I think the only one that has a blocker for what leaves your PC. Others like BlackIce defend from packets coming in. ZoneAlarm looks the other way. McAfee & Symantec have holes in them.
You might want to post a pointer to this question in the security TA as well:

I am going to guess that you are on a cable system.  It seems to me that they function pretty much like the old time "party" telephone lines.  Everyone that's hooked up can "listen in" on each other.  If that's the case, I don't think there is a lot you can do about it, but you should certainly speak with your provider.

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Anything that you send or receive over the internet that is not encrypted can potentially be viewed by third parties.

For email, consider using PGP to encrypt your messages.  This will require that your recipients use PGP as well.

For browsing, don't send credit card numbers unless you are sure you are connected to a secure site.

For browsing, if you are logging into a site with a username/password combination, see if the site has a secure login option that uses SSL.  If the site doesn't offer a secure login option, just keep in mind that your login and password can be intercepted.

A firewall protects your machine from invasion -- it does not protect the data once it leaves your machine.

yes, use encryption where necessary.. get a secure digital ID for emails from Verisign where you contents are signed and encrypted...

Right, treat eMail like a telephone call made from a public phone booth with a crowd of people nearby. Don't say or write something you really don't want others to hear or read.  Encryption is nice, but in eMail, requires everyone to have the exact same system, often too proprietary for general use. But why you all using this ancient code? That version of Iris is Beta! AND, like other betaware, often leads directly to downtime.

Why you put passwords in eMail? eMail may be used to pass public keys, not private ones.
fadihAuthor Commented:
Most people I send email to don't even know what
pgp is .

 Is there a way to encrypt the data untill it reaches
the intended person only ,without using from his side
any encryption

"get a secure digital ID " how and how much can it help Haho?
Secure Digital ID - don't make me laugh.  That's a sales gimmick.  I don't think you need to pay a fee to a big corporation in order to get permission to run encryption.  Verisign is evil.  They bought Network Solutions and control the .COM and other databases. They only care about money, not security.
then get one secure digital ID FREE at:

from microsoft outlook's HELP:

How do digital IDs work?
A digital ID is composed of a "public key," a "private key," and a "digital signature." When you digitally sign your messages, you are adding your digital signature and public key to the message. The combination of a digital signature and public key is called a "certificate." With Outlook Express, you can specify a certificate to be used by others to send encrypted messages to you. This certificate can be different from your signing certificate.

Recipients can use your digital signature to verify your identity; they can use your public key to send you encrypted mail that only you can read by using your private key. To send encrypted messages, your address book must contain digital IDs for the recipients. That way, you can use their public keys to encrypt the messages. When a recipient gets an encrypted message, their private key is used to decrypt the message for reading.

Before you can start sending digitally signed messages, you must obtain a digital ID. If you are sending encrypted messages, your address book must contain a digital ID for each recipient.
it is quite easy to set up too.. :)
:) Have you noticed that those forking out $50K to put up a .kids to distinguish from .porn ended up losing battle completely???
fadihAuthor Commented:
Thank s every one

Haho: I will try digital siginute and get back to you
sunbow: I am using outlook I have tons of outgoing and incoming email .We based is not an option (i think)
I will try and get back to you
Don't see:

Do _NOT_ read this advisory, because it tells you how
to exploit a bug in IRIS to "crash" your neighbour's computer.

Do _NOT_ do this.
> How can I prevent the contents of my emails
> and my browser from being hacked?
> I will try 

Using ZoneAlarm will not solve this problem.

Your neighbour is "sniffing" the IP-packets *AFTER* they
have left your computer.

So, he can see any "clear-text" traffic (E-mail
and http:// requests),
but he cannot see any "encrypted" (https:// )
sessions through a web-browser running in "secure" mode.

Switch ISPs, i.e., from cable-modem to ADSL,
to get onto a different network than your neighbour.

Or, get your cable-modem provider to switch to Terayon cable-modems,
which do their own encryption/decryption -- which will
defeat your neighbour's packet-sniffing.
;-)   well I did say that as a Beta it can lead to downtime <heh>

ZoneAlarm is no encrypter. It more useful as packet blocker or at least detector. Since neighborhood has been compromised with non-standard wares, and at least some information about that has been shared; it may have use in identifying or cutting back activities of other programs that are potentially running that have not been identified.

Odds pretty good though, that even an eighteen year old will get bored with trying to read EM of others and find something else to occupy self with.

It is never considered wise to include passwords and credit card numbers in eMail.  Same for web. Same for other personal info like medical history, bank records.
:)hope you are happy now
Also IMO Norton's firewall is a joke.  In fact, I can't tell you how many clients have had their e-mail compromised by Norton Antivirus - it seems in some circumstances the software installs itself between your email client and the POP3 server and passes info between systems and Norton's (based on what I've seen).  So what happens is when Symantec's network has burps, you can't check your own mail. I assume they sniff mail passwords and check your mail for you after checking it for viruses - I consider this to be rather unethical behavior, and as a result, I can't recommend any of Norton's "security" products to clients... they're almost as bad as Microsoft now.  
not fair
 :- (
in this PAQ...
please flame firewalls here:

I was about to give it up and close (multiple awards permitted)
(replications from other threads permitted)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.