If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Good example why business emails should be PGP'ed
Hackers target real estate deals, with devastating impact
https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html Here is a very simple PGP client that will automatically set itself up and is simple to use. You should insist a company you are dealing with uses PGP. I refused to buy precious metals once from a company because they wouldn't communicate with me using PGP. They were foolishly fearful that the IRS would think they were doing something illegal. So they opened their customers to being revealed and endangered. https://sourceforge.net/projects/gentlegpg/ Some other: https://www.gpg4win.org/ https://sourceforge.net/projects/ppgp/ |
Ads |
#2
|
|||
|
|||
Good example why business emails should be PGP'ed
On 23/09/2018 15.45, Fritz Wuehler wrote:
Hackers target real estate deals, with devastating impact https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html «...and at closing time wired $272,000 from their bank following instructions they received by email. Within hours, the money had vanished. Unbeknownst to the Colorado couple, the email account for the real estate settlement company had been hacked, and fraudsters had altered the wiring instruction to make off with the hefty sum representing a big chunk of the Butchers' life savings, according to a lawsuit filed in state court.» Here is a very simple PGP client that will automatically set itself up and is simple to use. You should insist a company you are dealing with uses PGP. I refused to buy precious metals once from a company because they wouldn't communicate with me using PGP. They were foolishly fearful that the IRS would think they were doing something illegal. So they opened their customers to being revealed and endangered. PGPG, huh? And how would you know that the PGP public key you have is in fact the key of the correct real state agency, and not of some other "person"? How are you going to ensure the proper chain of trust, hein? That's assuming that the hackers don't have control of the agency computer. https://sourceforge.net/projects/gentlegpg/ Some other: https://www.gpg4win.org/ https://sourceforge.net/projects/ppgp/ -- Cheers, Carlos E.R. |
#3
|
|||
|
|||
Good example why business emails should be PGP'ed
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256 Carlos E. R. wrote: On 23/09/2018 15.45, Fritz Wuehler wrote: Hackers target real estate deals, with devastating impact Here is a very simple PGP client that will automatically set itself up and is simple to use. You should insist a company you are dealing with uses PGP. I refused to buy precious metals once from a company because they wouldn't communicate with me using PGP. They were foolishly fearful that the IRS would think they were doing something illegal. So they opened their customers to being revealed and endangered. PGPG, huh? And how would you know that the PGP public key you have is in fact the key of the correct real state agency, and not of some other "person"? How are you going to ensure the proper chain of trust, hein? PGP uses the "Web of Trust" model, rather than the x.509 "Chain of Trust", but it does rely on you trusting people who in turn trust the signer's key. For example, none of you likely trust the signature on this message very far . That's assuming that the hackers don't have control of the agency computer. To be fair, that's the same problem with S/MIME -- no telling whether or not the machine itself was compromised. Honestly, the best way around that is physical -- i.e. "come down to the office and ..."; rather than acting on instructions received via electronic means (in fact, that's how several businesses I interact with are - you either have to walk into their office, or use the phone [although phone instructions can be rejected if they're "doing too much"]). -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAluou9 EACgkQjhHd8xJ5 ooEZiQgAmBnE2KSt2BlN04B5dkN9rVPXBzK1j/qRxod827zwJS7q8a9XFsl5EPAp CdczrxZrurY/dPAVIzjLfIqG1Xrn5bCQR7bYK78Z7qSlMdwJzYjDQrTmM/2pU4tg +oBwsk2dlcbTGIqZzEwsdBxnDoCxvTbOqlrnNIeyml2Tl9MoWJ 0h9y3KC1S6WRGn 8j8eGB+S/jMl7ajEis9L5bnBPz2pPziHlFXw7TUUnxbLxR4803ufQ84I3Hh +FrzL 8lvFFkPGpnSAJwcJuM6Kj21IlwpW9nyIB+2tTpOsSFGjZzpmnV kNODdjLlUASSvT 2EbkRrDvvNCeukhZx8HkHwBWQlPPAw== =fuaJ -----END PGP SIGNATURE----- -- |_|O|_| Registered Linux user #585947 |_|_|O| Github: https://github.com/dpurgert |O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5 4AEE 8E11 DDF3 1279 A281 |
#4
|
|||
|
|||
Good example why business emails should be PGP'ed
Carlos E. R. was thinking very hard :
On 23/09/2018 15.45, Fritz Wuehler wrote: Hackers target real estate deals, with devastating impact https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html «...and at closing time wired $272,000 from their bank following instructions they received by email. Within hours, the money had vanished. Unbeknownst to the Colorado couple, the email account for the real estate settlement company had been hacked, and fraudsters had altered the wiring instruction to make off with the hefty sum representing a big chunk of the Butchers' life savings, according to a lawsuit filed in state court.» Here is a very simple PGP client that will automatically set itself up and is simple to use. You should insist a company you are dealing with uses PGP. I refused to buy precious metals once from a company because they wouldn't communicate with me using PGP. They were foolishly fearful that the IRS would think they were doing something illegal. So they opened their customers to being revealed and endangered. PGPG, huh? And how would you know that the PGP public key you have is in fact the key of the correct real state agency, and not of some other "person"? How are you going to ensure the proper chain of trust, hein? That's assuming that the hackers don't have control of the agency computer. https://sourceforge.net/projects/gentlegpg/ Some other: https://www.gpg4win.org/ https://sourceforge.net/projects/ppgp/ Key are signed. You have to get their pgp public key from the company also. You need to also verify a company's key through their key ID. You could go on and on in fantizing problems and decide to do nothing. Nota good path when it comes to security. The suggestion above about only dealing directly with a company office is actually the best thing to do, but a local office may not be available. But your defeatism is not the answer. |
#5
|
|||
|
|||
Good example why business emails should be PGP'ed
On 24/09/2018 08.48, anon wrote:
Carlos E. R. was thinking very hard : On 23/09/2018 15.45, Fritz Wuehler wrote: Hackers target real estate deals, with devastating impact https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html «...and at closing time wired $272,000 from their bank following instructions they received by email. Within hours, the money had vanished. Unbeknownst to the Colorado couple, the email account for the real estate settlement company had been hacked, and fraudsters had altered the wiring instruction to make off with the hefty sum representing a big chunk of the Butchers' life savings, according to a lawsuit filed in state court.» * Here is a very simple PGP client that will automatically set itself up and is simple to use.* You should insist a company you are dealing with uses PGP.* I refused to buy precious metals once from a company because they wouldn't communicate with me using PGP.* They were foolishly fearful that the IRS would think they were doing something illegal.* So they opened their customers to being revealed and endangered. PGPG, huh? And how would you know that the PGP public key you have is in fact the key of the correct real state agency, and not of some other "person"? How are you going to ensure the proper chain of trust, hein? That's assuming that the hackers don't have control of the agency computer. https://sourceforge.net/projects/gentlegpg/ Some other: https://www.gpg4win.org/ https://sourceforge.net/projects/ppgp/ *Key are signed. By whom? You need to walk to the company first, in person, and exchange keys. And then make sure not to download other keys and not to trust the web of trust, because you do not control who signs what. I know quite well PGP, I use it, and it is not going to work for business. -- Cheers, Carlos E.R. |
#6
|
|||
|
|||
Good example why business emails should be PGP'ed
Carlos E. R. pretended :
On 24/09/2018 08.48, anon wrote: Carlos E. R. was thinking very hard : On 23/09/2018 15.45, Fritz Wuehler wrote: Hackers target real estate deals, with devastating impact https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html «...and at closing time wired $272,000 from their bank following instructions they received by email. Within hours, the money had vanished. Unbeknownst to the Colorado couple, the email account for the real estate settlement company had been hacked, and fraudsters had altered the wiring instruction to make off with the hefty sum representing a big chunk of the Butchers' life savings, according to a lawsuit filed in state court.» * Here is a very simple PGP client that will automatically set itself up and is simple to use.* You should insist a company you are dealing with uses PGP.* I refused to buy precious metals once from a company because they wouldn't communicate with me using PGP.* They were foolishly fearful that the IRS would think they were doing something illegal.* So they opened their customers to being revealed and endangered. PGPG, huh? And how would you know that the PGP public key you have is in fact the key of the correct real state agency, and not of some other "person"? How are you going to ensure the proper chain of trust, hein? That's assuming that the hackers don't have control of the agency computer. https://sourceforge.net/projects/gentlegpg/ Some other: https://www.gpg4win.org/ https://sourceforge.net/projects/ppgp/ *Key are signed. By whom? You need to walk to the company first, in person, and exchange keys. And then make sure not to download other keys and not to trust the web of trust, because you do not control who signs what. I know quite well PGP, I use it, and it is not going to work for business. So do nothing, PLEASE! My your fall be great and embittering! |
#7
|
|||
|
|||
Good example why business emails should be PGP'ed
On 25/09/2018 09.16, anon wrote:
Carlos E. R. pretended : On 24/09/2018 08.48, anon wrote: Carlos E. R. was thinking very hard : On 23/09/2018 15.45, Fritz Wuehler wrote: Hackers target real estate deals, with devastating impact https://www.yahoo.com/news/hackers-target-real-estate-deals-devastating-impact-015558592.html «...and at closing time wired $272,000 from their bank following instructions they received by email. Within hours, the money had vanished. Unbeknownst to the Colorado couple, the email account for the real estate settlement company had been hacked, and fraudsters had altered the wiring instruction to make off with the hefty sum representing a big chunk of the Butchers' life savings, according to a lawsuit filed in state court.» * Here is a very simple PGP client that will automatically set itself up and is simple to use.* You should insist a company you are dealing with uses PGP.* I refused to buy precious metals once from a company because they wouldn't communicate with me using PGP.* They were foolishly fearful that the IRS would think they were doing something illegal.* So they opened their customers to being revealed and endangered. PGPG, huh? And how would you know that the PGP public key you have is in fact the key of the correct real state agency, and not of some other "person"? How are you going to ensure the proper chain of trust, hein? That's assuming that the hackers don't have control of the agency computer. https://sourceforge.net/projects/gentlegpg/ Some other: https://www.gpg4win.org/ https://sourceforge.net/projects/ppgp/ *Key are signed. By whom? You need to walk to the company first, in person, and exchange keys. And then make sure not to download other keys and not to trust the web of trust, because you do not control who signs what. I know quite well PGP, I use it, and it is not going to work for business. *So do nothing, PLEASE!* My your fall be great and embittering! Why would I do nothing? I would not use PGP for business, that's all. -- Cheers, Carlos E.R. |
#8
|
|||
|
|||
Good example why business emails should be PGP'ed
On 9/25/18 4:26 PM, Carlos E. R. wrote:
Why would I do nothing? I would not use PGP for business, that's all. I have used it for business. When I send an email to my business partner that is sensitive, I usually PGP-encrypt it to his key. But yeah, I agree that it's fairly useless in the general case. |
#9
|
|||
|
|||
Good example why business emails should be PGP'ed
On 25/09/2018 11.17, Wouter Verhelst wrote:
On 9/25/18 4:26 PM, Carlos E. R. wrote: Why would I do nothing? I would not use PGP for business, that's all. I have used it for business. When I send an email to my business partner that is sensitive, I usually PGP-encrypt it to his key. But yeah, I agree that it's fairly useless in the general case. People with which I needed to use encryption were unable to set any encryption method up. A lawyer, for instance. I would have to go to his office and teach him. With banks it is usually a web form. And the staff is forbidden from installing anything, anyway, so asking is useless. -- Cheers, Carlos E.R. |
#10
|
|||
|
|||
Good example why business emails should be PGP'ed
In article , Carlos E. R.
wrote: People with which I needed to use encryption were unable to set any encryption method up. A lawyer, for instance. I would have to go to his office and teach him. use an encrypted email service. there's nothing to set up. all they need is a browser or an app on their phone. |
#11
|
|||
|
|||
Good example why business emails should be PGP'ed
On 26/09/2018 14.24, nospam wrote:
In article , Carlos E. R. wrote: People with which I needed to use encryption were unable to set any encryption method up. A lawyer, for instance. I would have to go to his office and teach him. use an encrypted email service. there's nothing to set up. all they need is a browser or an app on their phone. That would require a binding contract and spend money, which they did not want to do. -- Cheers, Carlos E.R. |
#12
|
|||
|
|||
Good example why business emails should be PGP'ed
In article , Carlos E. R.
wrote: People with which I needed to use encryption were unable to set any encryption method up. A lawyer, for instance. I would have to go to his office and teach him. use an encrypted email service. there's nothing to set up. all they need is a browser or an app on their phone. That would require a binding contract and spend money, which they did not want to do. no it wouldn't. it only needs a mutual agreement to use an encrypted medium. there are free options as well as paid ones. choose whichever one works best for all parties involved. lawyers should be using such a system anyway because they are required to keep certain information confidential. |
#13
|
|||
|
|||
Good example why business emails should be PGP'ed
On 26/09/2018 14.56, nospam wrote:
In article , Carlos E. R. wrote: People with which I needed to use encryption were unable to set any encryption method up. A lawyer, for instance. I would have to go to his office and teach him. use an encrypted email service. there's nothing to set up. all they need is a browser or an app on their phone. That would require a binding contract and spend money, which they did not want to do. no it wouldn't. it only needs a mutual agreement to use an encrypted medium. there are free options as well as paid ones. choose whichever one works best for all parties involved. Not for a lawyer, it wouldn't. He would be directly liable if the email gets intercepted or somehow compromised. lawyers should be using such a system anyway because they are required to keep certain information confidential. Good old paper and couriers. -- Cheers, Carlos E.R. |
#14
|
|||
|
|||
Good example why business emails should be PGP'ed
In article , Carlos E. R.
wrote: People with which I needed to use encryption were unable to set any encryption method up. A lawyer, for instance. I would have to go to his office and teach him. use an encrypted email service. there's nothing to set up. all they need is a browser or an app on their phone. That would require a binding contract and spend money, which they did not want to do. no it wouldn't. it only needs a mutual agreement to use an encrypted medium. there are free options as well as paid ones. choose whichever one works best for all parties involved. Not for a lawyer, it wouldn't. He would be directly liable if the email gets intercepted or somehow compromised. it's actually ideal for a lawyer, since it's basically impossible to intercept and crack end-to-end encrypted email unless the passcode is something trivially guessed. lawyers should be using such a system anyway because they are required to keep certain information confidential. Good old paper and couriers. a courier could mysteriously disappear, along with the documents. then what? nothing is perfect. |
#15
|
|||
|
|||
Good example why business emails should be PGP'ed
On 27/09/18 03:20, Carlos E. R. wrote:
On 26/09/2018 14.56, nospam wrote: In article , Carlos E. R. wrote: People with which I needed to use encryption were unable to set any encryption method up. A lawyer, for instance. I would have to go to his office and teach him. use an encrypted email service. there's nothing to set up. all they need is a browser or an app on their phone. That would require a binding contract and spend money, which they did not want to do. no it wouldn't. it only needs a mutual agreement to use an encrypted medium. there are free options as well as paid ones. choose whichever one works best for all parties involved. Not for a lawyer, it wouldn't. He would be directly liable if the email gets intercepted or somehow compromised. lawyers should be using such a system anyway because they are required to keep certain information confidential. Good old paper and couriers. A lawuer recently requitred me to use a secure logon to download email because at some level their mail system identifed that I wasnt using TLS or something. -- "In our post-modern world, climate science is not powerful because it is true: it is true because it is powerful." Lucas Bergkamp |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|