A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Windows 10 » Windows 10 Help Forum
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Good example why business emails should be PGP'ed



 
 
Thread Tools Rate Thread Display Modes
  #1  
Old September 23rd 18, 08:45 PM posted to alt.privacy.anon-server, alt.os.linux, comp.os.linux.misc,alt.comp.os.windows-10
Fritz Wuehler[_21_]
external usenet poster
 
Posts: 2
Default Good example why business emails should be PGP'ed

Hackers target real estate deals, with devastating impact

https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html

Here is a very simple PGP client that will automatically set itself up and is simple to use. You should insist a company you are dealing with uses PGP. I refused to buy precious metals once from a company because they wouldn't communicate with me using PGP. They were foolishly fearful that the IRS would think they were doing something illegal. So they opened their customers to being revealed and endangered.

https://sourceforge.net/projects/gentlegpg/


Some other:

https://www.gpg4win.org/
https://sourceforge.net/projects/ppgp/


Ads
  #2  
Old September 24th 18, 03:03 AM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
Carlos E. R.[_2_]
external usenet poster
 
Posts: 219
Default Good example why business emails should be PGP'ed

On 23/09/2018 15.45, Fritz Wuehler wrote:
Hackers target real estate deals, with devastating impact

https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html



«...and at closing time wired $272,000 from their bank following
instructions they received by email.

Within hours, the money had vanished.

Unbeknownst to the Colorado couple, the email account for the real
estate settlement company had been hacked, and fraudsters had altered
the wiring instruction to make off with the hefty sum representing a big
chunk of the Butchers' life savings, according to a lawsuit filed in
state court.»


Here is a very simple PGP client that will automatically set itself up and is simple to use. You should insist a company you are dealing with uses PGP. I refused to buy precious metals once from a company because they wouldn't communicate with me using PGP. They were foolishly fearful that the IRS would think they were doing something illegal. So they opened their customers to being revealed and endangered.


PGPG, huh?

And how would you know that the PGP public key you have is in fact the
key of the correct real state agency, and not of some other "person"?
How are you going to ensure the proper chain of trust, hein?

That's assuming that the hackers don't have control of the agency computer.

https://sourceforge.net/projects/gentlegpg/


Some other:

https://www.gpg4win.org/
https://sourceforge.net/projects/ppgp/




--
Cheers,
Carlos E.R.
  #3  
Old September 24th 18, 11:27 AM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
Dan Purgert
external usenet poster
 
Posts: 281
Default Good example why business emails should be PGP'ed

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Carlos E. R. wrote:
On 23/09/2018 15.45, Fritz Wuehler wrote:
Hackers target real estate deals, with devastating impact


Here is a very simple PGP client that will automatically set itself
up and is simple to use. You should insist a company you are
dealing with uses PGP. I refused to buy precious metals once from
a company because they wouldn't communicate with me using PGP.
They were foolishly fearful that the IRS would think they were
doing something illegal. So they opened their customers to being
revealed and endangered.


PGPG, huh?

And how would you know that the PGP public key you have is in fact the
key of the correct real state agency, and not of some other "person"?
How are you going to ensure the proper chain of trust, hein?


PGP uses the "Web of Trust" model, rather than the x.509 "Chain of
Trust", but it does rely on you trusting people who in turn trust the
signer's key. For example, none of you likely trust the signature on
this message very far .


That's assuming that the hackers don't have control of the agency
computer.


To be fair, that's the same problem with S/MIME -- no telling whether or
not the machine itself was compromised.

Honestly, the best way around that is physical -- i.e. "come down to the
office and ..."; rather than acting on instructions received via
electronic means (in fact, that's how several businesses I interact with
are - you either have to walk into their office, or use the phone
[although phone instructions can be rejected if they're "doing too
much"]).


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAluou9 EACgkQjhHd8xJ5
ooEZiQgAmBnE2KSt2BlN04B5dkN9rVPXBzK1j/qRxod827zwJS7q8a9XFsl5EPAp
CdczrxZrurY/dPAVIzjLfIqG1Xrn5bCQR7bYK78Z7qSlMdwJzYjDQrTmM/2pU4tg
+oBwsk2dlcbTGIqZzEwsdBxnDoCxvTbOqlrnNIeyml2Tl9MoWJ 0h9y3KC1S6WRGn
8j8eGB+S/jMl7ajEis9L5bnBPz2pPziHlFXw7TUUnxbLxR4803ufQ84I3Hh +FrzL
8lvFFkPGpnSAJwcJuM6Kj21IlwpW9nyIB+2tTpOsSFGjZzpmnV kNODdjLlUASSvT
2EbkRrDvvNCeukhZx8HkHwBWQlPPAw==
=fuaJ
-----END PGP SIGNATURE-----

--
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281
  #4  
Old September 24th 18, 01:48 PM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
anon
external usenet poster
 
Posts: 11
Default Good example why business emails should be PGP'ed

Carlos E. R. was thinking very hard :
On 23/09/2018 15.45, Fritz Wuehler wrote:
Hackers target real estate deals, with devastating impact

https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html



«...and at closing time wired $272,000 from their bank following
instructions they received by email.

Within hours, the money had vanished.

Unbeknownst to the Colorado couple, the email account for the real
estate settlement company had been hacked, and fraudsters had altered
the wiring instruction to make off with the hefty sum representing a
big chunk of the Butchers' life savings, according to a lawsuit filed
in state court.»


Here is a very simple PGP client that will automatically set
itself up and is simple to use. You should insist a company you are
dealing with uses PGP. I refused to buy precious metals once from a
company because they wouldn't communicate with me using PGP. They
were foolishly fearful that the IRS would think they were doing
something illegal. So they opened their customers to being revealed
and endangered.


PGPG, huh?

And how would you know that the PGP public key you have is in fact
the key of the correct real state agency, and not of some other
"person"? How are you going to ensure the proper chain of trust,
hein?

That's assuming that the hackers don't have control of the agency
computer.

https://sourceforge.net/projects/gentlegpg/


Some other:

https://www.gpg4win.org/
https://sourceforge.net/projects/ppgp/



Key are signed. You have to get their pgp public key from the
company also. You need to also verify a company's key through their
key ID. You could go on and on in fantizing problems and decide to do
nothing. Nota good path when it comes to security. The suggestion
above about only dealing directly with a company office is actually the
best thing to do, but a local office may not be available. But your
defeatism is not the answer.
  #5  
Old September 24th 18, 06:18 PM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
Carlos E. R.[_2_]
external usenet poster
 
Posts: 219
Default Good example why business emails should be PGP'ed

On 24/09/2018 08.48, anon wrote:
Carlos E. R. was thinking very hard :
On 23/09/2018 15.45, Fritz Wuehler wrote:
Hackers target real estate deals, with devastating impact

https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html




«...and at closing time wired $272,000 from their bank following
instructions they received by email.

Within hours, the money had vanished.

Unbeknownst to the Colorado couple, the email account for the real
estate settlement company had been hacked, and fraudsters had altered
the wiring instruction to make off with the hefty sum representing a
big chunk of the Butchers' life savings, according to a lawsuit filed
in state court.»


* Here is a very simple PGP client that will automatically set itself
up and is simple to use.* You should insist a company you are dealing
with uses PGP.* I refused to buy precious metals once from a company
because they wouldn't communicate with me using PGP.* They were
foolishly fearful that the IRS would think they were doing something
illegal.* So they opened their customers to being revealed and
endangered.


PGPG, huh?

And how would you know that the PGP public key you have is in fact the
key of the correct real state agency, and not of some other "person"?
How are you going to ensure the proper chain of trust, hein?

That's assuming that the hackers don't have control of the agency
computer.

https://sourceforge.net/projects/gentlegpg/


Some other:

https://www.gpg4win.org/
https://sourceforge.net/projects/ppgp/



*Key are signed.


By whom?

You need to walk to the company first, in person, and exchange keys. And
then make sure not to download other keys and not to trust the web of
trust, because you do not control who signs what.

I know quite well PGP, I use it, and it is not going to work for business.

--
Cheers,
Carlos E.R.
  #6  
Old September 25th 18, 02:16 PM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
anon
external usenet poster
 
Posts: 11
Default Good example why business emails should be PGP'ed

Carlos E. R. pretended :
On 24/09/2018 08.48, anon wrote:
Carlos E. R. was thinking very hard :
On 23/09/2018 15.45, Fritz Wuehler wrote:
Hackers target real estate deals, with devastating impact

https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html




«...and at closing time wired $272,000 from their bank following
instructions they received by email.

Within hours, the money had vanished.

Unbeknownst to the Colorado couple, the email account for the real
estate settlement company had been hacked, and fraudsters had
altered the wiring instruction to make off with the hefty sum
representing a big chunk of the Butchers' life savings, according
to a lawsuit filed in state court.»


* Here is a very simple PGP client that will automatically set
itself up and is simple to use.* You should insist a company you
are dealing with uses PGP.* I refused to buy precious metals once
from a company because they wouldn't communicate with me using
PGP.* They were foolishly fearful that the IRS would think they
were doing something illegal.* So they opened their customers to
being revealed and endangered.


PGPG, huh?

And how would you know that the PGP public key you have is in fact
the key of the correct real state agency, and not of some other
"person"? How are you going to ensure the proper chain of trust,
hein?

That's assuming that the hackers don't have control of the agency
computer.

https://sourceforge.net/projects/gentlegpg/


Some other:

https://www.gpg4win.org/
https://sourceforge.net/projects/ppgp/



*Key are signed.


By whom?

You need to walk to the company first, in person, and exchange keys.
And then make sure not to download other keys and not to trust the
web of trust, because you do not control who signs what.

I know quite well PGP, I use it, and it is not going to work for
business.


So do nothing, PLEASE! My your fall be great and embittering!
  #7  
Old September 25th 18, 03:26 PM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
Carlos E. R.[_2_]
external usenet poster
 
Posts: 219
Default Good example why business emails should be PGP'ed

On 25/09/2018 09.16, anon wrote:
Carlos E. R. pretended :
On 24/09/2018 08.48, anon wrote:
Carlos E. R. was thinking very hard :
On 23/09/2018 15.45, Fritz Wuehler wrote:
Hackers target real estate deals, with devastating impact

https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html





«...and at closing time wired $272,000 from their bank following
instructions they received by email.

Within hours, the money had vanished.

Unbeknownst to the Colorado couple, the email account for the real
estate settlement company had been hacked, and fraudsters had
altered the wiring instruction to make off with the hefty sum
representing a big chunk of the Butchers' life savings, according to
a lawsuit filed in state court.»


* Here is a very simple PGP client that will automatically set
itself up and is simple to use.* You should insist a company you
are dealing with uses PGP.* I refused to buy precious metals once
from a company because they wouldn't communicate with me using
PGP.* They were foolishly fearful that the IRS would think they
were doing something illegal.* So they opened their customers to
being revealed and endangered.


PGPG, huh?

And how would you know that the PGP public key you have is in fact
the key of the correct real state agency, and not of some other
"person"? How are you going to ensure the proper chain of trust, hein?

That's assuming that the hackers don't have control of the agency
computer.

https://sourceforge.net/projects/gentlegpg/


Some other:

https://www.gpg4win.org/
https://sourceforge.net/projects/ppgp/



*Key are signed.


By whom?

You need to walk to the company first, in person, and exchange keys.
And then make sure not to download other keys and not to trust the web
of trust, because you do not control who signs what.

I know quite well PGP, I use it, and it is not going to work for
business.


*So do nothing, PLEASE!* My your fall be great and embittering!


Why would I do nothing? I would not use PGP for business, that's all.

--
Cheers,
Carlos E.R.
  #8  
Old September 25th 18, 04:17 PM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
Wouter Verhelst
external usenet poster
 
Posts: 11
Default Good example why business emails should be PGP'ed

On 9/25/18 4:26 PM, Carlos E. R. wrote:
Why would I do nothing? I would not use PGP for business, that's all.


I have used it for business. When I send an email to my business partner
that is sensitive, I usually PGP-encrypt it to his key.

But yeah, I agree that it's fairly useless in the general case.
  #9  
Old September 26th 18, 07:16 PM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
Carlos E. R.[_2_]
external usenet poster
 
Posts: 219
Default Good example why business emails should be PGP'ed

On 25/09/2018 11.17, Wouter Verhelst wrote:
On 9/25/18 4:26 PM, Carlos E. R. wrote:
Why would I do nothing? I would not use PGP for business, that's all.


I have used it for business. When I send an email to my business partner
that is sensitive, I usually PGP-encrypt it to his key.

But yeah, I agree that it's fairly useless in the general case.


People with which I needed to use encryption were unable to set any
encryption method up. A lawyer, for instance. I would have to go to his
office and teach him.

With banks it is usually a web form. And the staff is forbidden from
installing anything, anyway, so asking is useless.

--
Cheers,
Carlos E.R.
  #10  
Old September 26th 18, 07:24 PM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
nospam
external usenet poster
 
Posts: 4,718
Default Good example why business emails should be PGP'ed

In article , Carlos E. R.
wrote:


People with which I needed to use encryption were unable to set any
encryption method up. A lawyer, for instance. I would have to go to his
office and teach him.


use an encrypted email service. there's nothing to set up. all they
need is a browser or an app on their phone.
  #11  
Old September 26th 18, 07:47 PM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
Carlos E. R.[_2_]
external usenet poster
 
Posts: 219
Default Good example why business emails should be PGP'ed

On 26/09/2018 14.24, nospam wrote:
In article , Carlos E. R.
wrote:


People with which I needed to use encryption were unable to set any
encryption method up. A lawyer, for instance. I would have to go to his
office and teach him.


use an encrypted email service. there's nothing to set up. all they
need is a browser or an app on their phone.


That would require a binding contract and spend money, which they did
not want to do.

--
Cheers,
Carlos E.R.
  #12  
Old September 26th 18, 07:56 PM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
nospam
external usenet poster
 
Posts: 4,718
Default Good example why business emails should be PGP'ed

In article , Carlos E. R.
wrote:

People with which I needed to use encryption were unable to set any
encryption method up. A lawyer, for instance. I would have to go to his
office and teach him.


use an encrypted email service. there's nothing to set up. all they
need is a browser or an app on their phone.


That would require a binding contract and spend money, which they did
not want to do.


no it wouldn't. it only needs a mutual agreement to use an encrypted
medium. there are free options as well as paid ones. choose whichever
one works best for all parties involved.

lawyers should be using such a system anyway because they are required
to keep certain information confidential.
  #13  
Old September 27th 18, 03:20 AM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
Carlos E. R.[_2_]
external usenet poster
 
Posts: 219
Default Good example why business emails should be PGP'ed

On 26/09/2018 14.56, nospam wrote:
In article , Carlos E. R.
wrote:

People with which I needed to use encryption were unable to set any
encryption method up. A lawyer, for instance. I would have to go to his
office and teach him.

use an encrypted email service. there's nothing to set up. all they
need is a browser or an app on their phone.


That would require a binding contract and spend money, which they did
not want to do.


no it wouldn't. it only needs a mutual agreement to use an encrypted
medium. there are free options as well as paid ones. choose whichever
one works best for all parties involved.


Not for a lawyer, it wouldn't. He would be directly liable if the email
gets intercepted or somehow compromised.


lawyers should be using such a system anyway because they are required
to keep certain information confidential.


Good old paper and couriers.


--
Cheers,
Carlos E.R.
  #14  
Old September 27th 18, 05:43 AM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
nospam
external usenet poster
 
Posts: 4,718
Default Good example why business emails should be PGP'ed

In article , Carlos E. R.
wrote:

People with which I needed to use encryption were unable to set any
encryption method up. A lawyer, for instance. I would have to go to his
office and teach him.

use an encrypted email service. there's nothing to set up. all they
need is a browser or an app on their phone.

That would require a binding contract and spend money, which they did
not want to do.


no it wouldn't. it only needs a mutual agreement to use an encrypted
medium. there are free options as well as paid ones. choose whichever
one works best for all parties involved.


Not for a lawyer, it wouldn't. He would be directly liable if the email
gets intercepted or somehow compromised.


it's actually ideal for a lawyer, since it's basically impossible to
intercept and crack end-to-end encrypted email unless the passcode is
something trivially guessed.

lawyers should be using such a system anyway because they are required
to keep certain information confidential.


Good old paper and couriers.


a courier could mysteriously disappear, along with the documents. then
what?

nothing is perfect.
  #15  
Old September 27th 18, 06:52 AM posted to alt.privacy.anon-server,alt.os.linux,comp.os.linux.misc,alt.comp.os.windows-10
The Natural Philosopher[_2_]
external usenet poster
 
Posts: 133
Default Good example why business emails should be PGP'ed

On 27/09/18 03:20, Carlos E. R. wrote:
On 26/09/2018 14.56, nospam wrote:
In article , Carlos E. R.
wrote:

People with which I needed to use encryption were unable to set any
encryption method up. A lawyer, for instance. I would have to go to his
office and teach him.

use an encrypted email service. there's nothing to set up. all they
need is a browser or an app on their phone.

That would require a binding contract and spend money, which they did
not want to do.


no it wouldn't. it only needs a mutual agreement to use an encrypted
medium. there are free options as well as paid ones. choose whichever
one works best for all parties involved.


Not for a lawyer, it wouldn't. He would be directly liable if the email
gets intercepted or somehow compromised.


lawyers should be using such a system anyway because they are required
to keep certain information confidential.


Good old paper and couriers.


A lawuer recently requitred me to use a secure logon to download email
because at some level their mail system identifed that I wasnt using TLS
or something.



--
"In our post-modern world, climate science is not powerful because it is
true: it is true because it is powerful."

Lucas Bergkamp
 




Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off






All times are GMT +1. The time now is 04:54 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.