If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 11:58:30 -0400, default
wrote: On Tue, 15 May 2018 11:26:31 -0400, Doomsdrzej wrote: On Tue, 15 May 2018 09:16:44 -0400, default wrote: On Tue, 15 May 2018 12:42:18 GMT, Tim wrote: Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I hear you. I went to a local lawyer to have a simple power of attorney drawn up. They email me the thing for approval/modification. I questioned their use of email for this, to find out "that's how we do it..." So I start poking around and figure out how to call up the header fields, to find out they don't even have their own domain, but their domain and email is held on Yahoo servers. The problem is huge, the perception is minuscule. And as we know, Yahoo is synonymous with prosperity and security, *especially* since they put a woman at the helm. https://en.wikipedia.org/wiki/21_Savage Do you really think that the CEO's of companies understand the business of the companies they manage? They only understand profit; let me restate that: they only understand PROFIT!!! Considering how much worth Yahoo lost while she was at the helm, I doubt that she even understood the concept of profit. She was probably put in that position for the same reason that Justin Trudeau put women in his cabinet: because it's 2016. You don't need to work hard or prove yourself to get to the top anymore; you just have to be something other than a white male which is supposedly overrepresented in business. Not the solvency of the company, not the long term viability of the company, not who they hurt or what they do, just the instantaneous peak dollar amount of the stock price. That is all that matters. Being female has nothing to do with it, greed and short-sighted stupidity affects women as well as men. Had she been competent, she would have understood that Yahoo had little to offer the technological world and sought a buyer before anyone realized how worthless the company actually is. Instead, she took her time, allowed everyone to notice how crappy their products were and how little they offered the Internet and let the value drop before being forced to accept a pathetic bid. At least, that's what *I* would have done if I didn't have a brilliant plant to make the company more relevant (like creating worthwhile digital content, possibly produce good online games or get exclusivity on online broadcasts of certain sports). However, let's be honest, Yahoo didn't have a hope. Their search engine sucks as do the e-mail, the forums and just about everything else. They are/were in the 1990s and still seem(ed) to think that web pages need(ed) to be designed for people on 28.8kbps modems. It was/is sad to watch. |
Ads |
#17
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 12:39:11 -0400, "Mayayana"
wrote: "default" wrote | And as we know, Yahoo is synonymous with prosperity and security, | *especially* since they put a woman at the helm. | | Being female has nothing to do with it, greed and short-sighted | stupidity affects women as well as men. And Marissa Meyer was a former Googlite, thus already tainted by arrogant disregard for human decency. She's been noted numerous times for not caring about privacy. She even cooperated to write software to let the NSA access yahoo email clandestinely, without even consulting her own security chief. She deserves to be hanged by the balls. The solution has to be partially encryption, but the real problem is that there are no laws to cover the issues. Companies that store data online are not punished. Companies that sell your data to each other are not punished. Even where it's illegal there are workarounds, such as CVS selling customer drug records to drug companies when doctors couldn't. I read the other day that an organization (caprivacy.org) is pushing a new California privacy law. But even that is just a joke. They want to enforce an opt-out option on selling data. You'd have to specifically tell companies you don't want them to sell your data! As I read their website, with warnings that I should enable javascript, I looked at the source code. They were trying to track me via both Facebook and Google Analytics. I wouldn't be surprised if the people pushing this new law don't even know their website is doing that. The ignorance and stupidity is jaw-dropping. It's so bad that I actually can't tell whether the caprivacy people are naive or whether they're really industry plants assigned to push a toothless law for PR purposes. I think Ed Markey and others are pushing a real privacy law, but I don't know the details. Fullscale encryption is great for people like political activists in Tibet or Iran, but for most people it's not a realistic solution. I don't know anyone who's even heard of PGP, much less set up end-to-end encryption. The only realistic approach is to make it seriously illegal for people to read your email or track you online, just as it's illegal to read your postal mail or set up surveillance in someone's house. But it has to be gravely illegal, because collecting and analyzing the data is so easy. There was an interesting article in the New Yorker some time ago, about Estonia. https://www.newyorker.com/magazine/2...gital-republic They have little privacy, but anyone accessing personal info is logged and the person is notified. If the accessing party doesn't have a very good reason they can be in big trouble. It's a completely different approach. Essentially computerization planned for society rather than engineered by "yahoos" (and Googlites, Facebookies, Amazonians, Apple maniacs, Microsofties, etc) operating in a Wild West environment with no real planning or vision -- only profits for big business on their minds. I'd say the end-to-end encryption should be enabled by default and even when a person is simply browsing the web. There should be a secure connection between the web site and the user (https, obviously) but also one which cloaks the address someone ventured onto from anyone snooping on the connection. A lot of people think that knowing that their neighbour went to something like bigtits.com doesn't matter since they don't know what they did on it, but I don't think my neighbour needs to know that I go onto pussycatswiththeirlegsspread.com. |
#18
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
"Doomsdrzej" wrote
| but I don't think my | neighbour needs to know that I go onto | pussycatswiththeirlegsspread.com. Especially if they're a member of PETA. Watch out for claws. Oddly, I find that cats with their legs spread are sometimes not trying to seduce me. |
#19
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 15:34:32 -0400, Doomsdrzej wrote:
On Tue, 15 May 2018 11:58:30 -0400, default wrote: On Tue, 15 May 2018 11:26:31 -0400, Doomsdrzej wrote: On Tue, 15 May 2018 09:16:44 -0400, default wrote: On Tue, 15 May 2018 12:42:18 GMT, Tim wrote: Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I hear you. I went to a local lawyer to have a simple power of attorney drawn up. They email me the thing for approval/modification. I questioned their use of email for this, to find out "that's how we do it..." So I start poking around and figure out how to call up the header fields, to find out they don't even have their own domain, but their domain and email is held on Yahoo servers. The problem is huge, the perception is minuscule. And as we know, Yahoo is synonymous with prosperity and security, *especially* since they put a woman at the helm. https://en.wikipedia.org/wiki/21_Savage Do you really think that the CEO's of companies understand the business of the companies they manage? They only understand profit; let me restate that: they only understand PROFIT!!! Considering how much worth Yahoo lost while she was at the helm, I doubt that she even understood the concept of profit. She was probably put in that position for the same reason that Justin Trudeau put women in his cabinet: because it's 2016. You don't need to work hard or prove yourself to get to the top anymore; you just have to be something other than a white male which is supposedly overrepresented in business. Not the solvency of the company, not the long term viability of the company, not who they hurt or what they do, just the instantaneous peak dollar amount of the stock price. That is all that matters. Being female has nothing to do with it, greed and short-sighted stupidity affects women as well as men. Had she been competent, she would have understood that Yahoo had little to offer the technological world and sought a buyer before anyone realized how worthless the company actually is. Instead, she took her time, allowed everyone to notice how crappy their products were and how little they offered the Internet and let the value drop before being forced to accept a pathetic bid. At least, that's what *I* would have done if I didn't have a brilliant plant to make the company more relevant (like creating worthwhile digital content, possibly produce good online games or get exclusivity on online broadcasts of certain sports). However, let's be honest, Yahoo didn't have a hope. Their search engine sucks as do the e-mail, the forums and just about everything else. They are/were in the 1990s and still seem(ed) to think that web pages need(ed) to be designed for people on 28.8kbps modems. It was/is sad to watch. You are preaching to the choir there. Take HP... another (dreaded) woman a the helm. She did everything "right." But only from a short-term marketing stand-point. She was perfection itself - but Wall Street and actual people are something else entirely. She is/was competent - but the formulas that worked in the past, just weren't working. It wasn't her ability so much as it was someone thrust into the center of a mess and expected to do something - that she'd been trained not to. Carly Fiorina, is a self aggrandizing idiot and asshole, IMO, but I can't fault her for following her programming. HP was already on the rails, she applied all the short-sighted stupid ideas that all before her did... A+ for book-learning, but no new insight and direction. (hey, I was the last 56K modem on the block, asshole, would probably still be, except the ISP's software didn't allow me better than 12K) It ain't about women or men, it is about human greed, altruism and stupidity. What matters isn't money. If enough people caught on to that, Wall Street would have a problem, but society may teach them a few things. |
#20
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed,researchers say
Anonymous wrote:
Mr. Man-wai Chang was thinking very hard : https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html it would be nice if this guy could figure out how to correctly reply to a post instead of littering up the news group with unthreaded replies | Injection-Info: toylet.eternal-september.org says it all. |
#21
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 14:24:51 -0400, nospam
wrote: In article , Mayayana wrote: | And as we know, Yahoo is synonymous with prosperity and security, | *especially* since they put a woman at the helm. | | Being female has nothing to do with it, greed and short-sighted | stupidity affects women as well as men. And Marissa Meyer was a former Googlite, thus already tainted by arrogant disregard for human decency. you've said a lot of ignorant things, but that one is at the top. This is getting away from me- apparently some of the Usenet servers don't carry "you-all." Philosophically speaking, saying ignorant things is not the purview of idiots. We all do it. The only important thing is that we learn from the ideas of others. Good or bad - LEARN! Teaching is passive - learning is active. is everyone who works at google tainted? all 75,000+ of them? are the dozen 'googlites', who quit their jobs in protest of what google is doing, also tainted? if so, why did they quit? They had ideals? (character, opinions, foundation, courage) https://arstechnica.com/gadgets/2018...resign-in-prot est-of-googlepentagon-drone-program/ Despite protests from employees, Google is still charging ahead with a Department of Defense collaboration to produce machine-learning software for drones. Google hasn't listened to a contingent of its employees that is unhappy with Google's involvement in the military-industrial complex, and now a report from Gizmodo says "about a dozen" employees have resigned over the issue. Fullscale encryption is great for people like political activists in Tibet or Iran, but for most people it's not a realistic solution. I don't know anyone who's even heard of PGP, much less set up end-to-end encryption. apparently you're oblivious to just how easy it actually is. simply download and install an encrypted messaging app. no need to know what pgp is. here's a list of popular options: https://fossbytes.com/best-secure-encrypted-messaging-apps/ there are also encrypted email options, although not as common as messaging. The only realistic approach is to make it seriously illegal for people to read your email or track you online, just as it's illegal to read your postal mail or set up surveillance in someone's house. reading other people's email is illegal except in very specific circumstances, such as a court order. at google, reading *any* user data requires multiple authorizations and anyone who tries to get around that will be fired on the spot. But it has to be gravely illegal, because collecting and analyzing the data is so easy. collecting and analyzing data isn't anything new and not necessarily bad. it's just *much* easier now and can be done in ways that were once impossible. Sure. But unless you were born today.. you know that human greed avarice and stupidity will more than likely screw things up. I'm a 70+ year old retired electrical engineer. If there's anything I understand is that I DON'T understand. I understand lots of things and understand lots of people, but I'm far from knowing it all. I worked (indirectly - in my "chain of command") in the 60's for the NSA, in electronics "espionage." It wasn't really espionage - since it was broadcast over the air waves and we managed to decrypt it. But there were no limits, and no ethics as far as what we could/should do. None of this is new. It has been happening long before personal computers. You have no idea how/what/where/when the our government, other nationalities, and marketing corporations want the least smidgen of your life for their data banks. I'm a dinosaur. I understand electronics very well. I cut my teeth on vacuum toobes (transistors cost more in those days). I got my first ever (personal) computer in 1990 (after programming and using some corporate computers to "robotics" what we did in pharmaceuticals). Thanks to my NSA background, and a paranoid mother, I'm the least likely of persons you'd track along the Internet... but not because it couldn't be done, and very easily, but only because there's so much data, and "they" couldn't possibly deal with it all. That is my faith... Practically? most of what I knew is probably declassified today. The millions of dollars, the sites, and the infrastructure. (massive concrete buildings with only one entrance, and a Marine guard) There's only a tale or two left and an organization that will remember 'till the last member dies. BUT DON'T EVER BELIEVE YOUR GOVERNMENT HAS YOUR BEST INTERESTS AT HEART OR THAT THEY ACTUALLY DO WHAT THEY SAY THEY DO. It's all a lot of bull**** to keep us believing what we want to believe, and not reality. If you know, you can't talk, if you do talk, your life changes forever and not for the better. |
#22
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed,researchers say
On 15/05/2018 23:45, default wrote:
On Tue, 15 May 2018 14:24:51 -0400, nospam wrote: In article , Mayayana wrote: | And as we know, Yahoo is synonymous with prosperity and security, | *especially* since they put a woman at the helm. | | Being female has nothing to do with it, greed and short-sighted | stupidity affects women as well as men. And Marissa Meyer was a former Googlite, thus already tainted by arrogant disregard for human decency. you've said a lot of ignorant things, but that one is at the top. This is getting away from me- apparently some of the Usenet servers don't carry "you-all." Philosophically speaking, saying ignorant things is not the purview of idiots. We all do it. The only important thing is that we learn from the ideas of others. Good or bad - LEARN! Teaching is passive - learning is active. is everyone who works at google tainted? all 75,000+ of them? are the dozen 'googlites', who quit their jobs in protest of what google is doing, also tainted? if so, why did they quit? They had ideals? (character, opinions, foundation, courage) https://arstechnica.com/gadgets/2018...resign-in-prot est-of-googlepentagon-drone-program/ Despite protests from employees, Google is still charging ahead with a Department of Defense collaboration to produce machine-learning software for drones. Google hasn't listened to a contingent of its employees that is unhappy with Google's involvement in the military-industrial complex, and now a report from Gizmodo says "about a dozen" employees have resigned over the issue. Fullscale encryption is great for people like political activists in Tibet or Iran, but for most people it's not a realistic solution. I don't know anyone who's even heard of PGP, much less set up end-to-end encryption. apparently you're oblivious to just how easy it actually is. simply download and install an encrypted messaging app. no need to know what pgp is. here's a list of popular options: https://fossbytes.com/best-secure-encrypted-messaging-apps/ there are also encrypted email options, although not as common as messaging. The only realistic approach is to make it seriously illegal for people to read your email or track you online, just as it's illegal to read your postal mail or set up surveillance in someone's house. reading other people's email is illegal except in very specific circumstances, such as a court order. at google, reading *any* user data requires multiple authorizations and anyone who tries to get around that will be fired on the spot. But it has to be gravely illegal, because collecting and analyzing the data is so easy. collecting and analyzing data isn't anything new and not necessarily bad. it's just *much* easier now and can be done in ways that were once impossible. Sure. But unless you were born today.. you know that human greed avarice and stupidity will more than likely screw things up. I'm a 70+ year old retired electrical engineer. If there's anything I understand is that I DON'T understand. I understand lots of things and understand lots of people, but I'm far from knowing it all. I worked (indirectly - in my "chain of command") in the 60's for the NSA, in electronics "espionage." It wasn't really espionage - since it was broadcast over the air waves and we managed to decrypt it. But there were no limits, and no ethics as far as what we could/should do. None of this is new. It has been happening long before personal computers. You have no idea how/what/where/when the our government, other nationalities, and marketing corporations want the least smidgen of your life for their data banks. I'm a dinosaur. I understand electronics very well. I cut my teeth on vacuum toobes (transistors cost more in those days). I got my first ever (personal) computer in 1990 (after programming and using some corporate computers to "robotics" what we did in pharmaceuticals). Thanks to my NSA background, and a paranoid mother, I'm the least likely of persons you'd track along the Internet... but not because it couldn't be done, and very easily, but only because there's so much data, and "they" couldn't possibly deal with it all. That is my faith... Practically? most of what I knew is probably declassified today. The millions of dollars, the sites, and the infrastructure. (massive concrete buildings with only one entrance, and a Marine guard) There's only a tale or two left and an organization that will remember 'till the last member dies. BUT DON'T EVER BELIEVE YOUR GOVERNMENT HAS YOUR BEST INTERESTS AT HEART OR THAT THEY ACTUALLY DO WHAT THEY SAY THEY DO. It's all a lot of bull**** to keep us believing what we want to believe, and not reality. If you know, you can't talk, if you do talk, your life changes forever and not for the better. An interesting post ....... *A pleasure to read*! :-) -- David B |
#23
|
|||
|
|||
Email security is unsafe and cannot be easily fixed,researchers say
In article
Anonymous wrote: Mr. Man-wai Chang was thinking very hard : https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html it would be nice if this guy could figure out how to correctly reply to a post instead of littering up the news group with unthreaded replies No whining on Usenet. |
#24
|
|||
|
|||
Email security is unsafe and cannot be easily fixed, researchers say
On Wed, 16 May 2018 11:10:32 +0000, "David"
wrote: In article Anonymous wrote: Mr. Man-wai Chang was thinking very hard : https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html it would be nice if this guy could figure out how to correctly reply to a post instead of littering up the news group with unthreaded replies No whining on Usenet. If that's an unspoken rule, it would eliminate about 95% of the posts. |
#25
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed,researchers say
On 5/15/2018 11:34 PM, Anonymous wrote:
Mr. Man-wai Chang was thinking very hard : https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html it would be nice if this guy could figure out how to correctly reply to a post instead of littering up the news group with unthreaded replies I was just trying to fix the broken link, not replying. I don't use PGP nor S/MIME. Always plain text mail. -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 不借貸! 不詐騙! 不*錢! 不援交! 不打交! 不打劫! 不自殺! 不求神! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
#26
|
|||
|
|||
Email security is unsafe and cannot be easily fixed,researchers say
In article
Doomsdrzej wrote: On Wed, 16 May 2018 11:10:32 +0000, "David" wrote: In article Anonymous wrote: Mr. Man-wai Chang was thinking very hard : https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html it would be nice if this guy could figure out how to correctly reply to a post instead of littering up the news group with unthreaded replies No whining on Usenet. If that's an unspoken rule, it would eliminate about 95% of the posts. :-) |
#27
|
|||
|
|||
Email security is unsafe and cannot be easily fixed, researcherssay
On 5/16/2018 7:42 PM, Doomsdrzej wrote:
If that's an unspoken rule, it would eliminate about 95% of the posts. That's exactly why many are doing! Why would someone suddenly care about what others wrote, if not paid to do a job? Don't they have better jobs to do? How come they got so much spare time when everyone else are busy? -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 不借貸! 不詐騙! 不*錢! 不援交! 不打交! 不打劫! 不自殺! 不求神! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|