Fortunately, it is also relatively easy to clean out this cache and other information related to your Internet café session, including cookies, after your session. You can use the browser menu (Tools/Internet Options in IE and Tools/Options in Firefox). In fact, this should be second nature to anyone who uses a public terminal to check email. A responsible Internet café will remind you of this; some even provide an automated end-of-session cleanup process. To be safe, however, make sure to do it yourself. You can also set a browser not to cache any pages, but this setting can slow performance, and it may not be available on a public terminal.
Some readers will be aware that Web pages themselves can be created with a "no-cache" setting. You can verify such restrictions when you view the page source of a message in Yahoo Mail, for example. The "no-cache" instruction is generally respected by the browser cache and caching servers used by ISPs. The latter are another place from which your email could be illicitly retrieved by someone with sufficient SRM: skills, resources and motivation. Anyone checking email in public places should have an "SRM index" in mind. Is the email so sensitive that someone would apply a serious amount of skills, resources and motivation to obtain it?
The specific vulnerability involving Gmail and Microsoft Internet Explorer, recently publicized by application security vendor Cenzic, requires serious SRM. Other attacks could be easier, like putting a keystroke logger on a public computer or "shoulder-surfing" to capture messages as a user types them.
If you are accessing email wirelessly in a public place, someone could be sniffing the airwaves. Therefore, your precautions and countermeasures should be appropriate to the sensitivity of the data that is potentially exposed. For example, if you have internal sales data that must be transferred securely, encrypt the information and send it as an attachment to a message that says something innocuous like "Here is the data you requested."
In other words, risk is relative. A good rule of thumb is not to send or receive mission-critical data from a public place via webmail unless your company has put some serious rules and safeguards in place and cleared you to do so.
Related Q&A from Michael Cobb
Expert Michael Cobb explains how an HTTP referer header affects user privacy and outlines changes that can be made to ensure sensitive data is not ...continue reading
Expert Michael Cobb explains the difference between the REESSE3+ and IDEA block ciphers and explores when each is applicable in an enterprise setting.continue reading
While cookies are critical to delivering personalized Web content, they are a privacy concern. Learn how adding Bloom filters to cookies can help ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.