If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
|
#1
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed,researchers say
https://www.independent.co.uk/life-style/gadgets-and-
tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html |
#2
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio
wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html I hope nospam is paying attention.... https://en.wikipedia.org/wiki/Boundless_Informant |
#3
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio
wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. |
#4
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@
4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. |
#5
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 12:42:18 GMT, Tim wrote:
Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I hear you. I went to a local lawyer to have a simple power of attorney drawn up. They email me the thing for approval/modification. I questioned their use of email for this, to find out "that's how we do it..." So I start poking around and figure out how to call up the header fields, to find out they don't even have their own domain, but their domain and email is held on Yahoo servers. The problem is huge, the perception is minuscule. |
#6
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 09:16:44 -0400, default
wrote: On Tue, 15 May 2018 12:42:18 GMT, Tim wrote: Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I hear you. I went to a local lawyer to have a simple power of attorney drawn up. They email me the thing for approval/modification. I questioned their use of email for this, to find out "that's how we do it..." So I start poking around and figure out how to call up the header fields, to find out they don't even have their own domain, but their domain and email is held on Yahoo servers. The problem is huge, the perception is minuscule. And as we know, Yahoo is synonymous with prosperity and security, *especially* since they put a woman at the helm. |
#7
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 11:26:31 -0400, Doomsdrzej wrote:
On Tue, 15 May 2018 09:16:44 -0400, default wrote: On Tue, 15 May 2018 12:42:18 GMT, Tim wrote: Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I hear you. I went to a local lawyer to have a simple power of attorney drawn up. They email me the thing for approval/modification. I questioned their use of email for this, to find out "that's how we do it..." So I start poking around and figure out how to call up the header fields, to find out they don't even have their own domain, but their domain and email is held on Yahoo servers. The problem is huge, the perception is minuscule. And as we know, Yahoo is synonymous with prosperity and security, *especially* since they put a woman at the helm. Do you really think that the CEO's of companies understand the business of the companies they manage? They only understand profit; let me restate that: they only understand PROFIT!!! Not the solvency of the company, not the long term viability of the company, not who they hurt or what they do, just the instantaneous peak dollar amount of the stock price. That is all that matters. Being female has nothing to do with it, greed and short-sighted stupidity affects women as well as men. |
#8
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 09:16:44 -0400, default
wrote: On Tue, 15 May 2018 12:42:18 GMT, Tim wrote: Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I hear you. I went to a local lawyer to have a simple power of attorney drawn up. They email me the thing for approval/modification. I questioned their use of email for this, to find out "that's how we do it..." So I start poking around and figure out how to call up the header fields, to find out they don't even have their own domain, but their domain and email is held on Yahoo servers. The problem is huge, the perception is minuscule. I recently bought a European SIM card for a family member who'll be traveling there soon from the States. Among other things, you have to provide the traveler's full name, birthday, passport number, and more. The company offered several methods to get the thing activated, but they stressed that email was their preferred method. You guessed it, they had an @gmail.com address! Seriously? You just have to wonder. |
#9
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
In article , Char Jackson
wrote: I recently bought a European SIM card for a family member who'll be traveling there soon from the States. Among other things, you have to provide the traveler's full name, birthday, passport number, and more. that's not unusual. The company offered several methods to get the thing activated, but they stressed that email was their preferred method. You guessed it, they had an @gmail.com address! Seriously? You just have to wonder. not really. they were probably using gsuite, which is *very* secu https://gsuite.google.com/faq/security/ |
#10
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 12:42:18 GMT, Tim wrote:
Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. ARPANet was designed to be secure through its obscurity as far as I can tell. When it was released to the public, nobody seemed to foresee how things would need to be secured any further than with a username and password from what I can tell. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I think that's a good idea.You're doing with security what the government did with highways here in Quebec. You can usie the public system and get to your destination but you'll sit in traffic or you can pay to use the 25 and avoid congestion. I can see such a system working with security as well since there are always people who think that sitting in traffic for an hour is better than just paying a $3 toll. |
#11
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed,researchers say
https://www.independent.co.uk/life-style/gadgets-an tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 不借貸! 不詐騙! 不*錢! 不援交! 不打交! 不打劫! 不自殺! 不求神! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
#12
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed,researchers say
https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 不借貸! 不詐騙! 不*錢! 不援交! 不打交! 不打劫! 不自殺! 不求神! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
#13
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
Mr. Man-wai Chang was thinking very hard :
https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html it would be nice if this guy could figure out how to correctly reply to a post instead of littering up the news group with unthreaded replies |
#14
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed,researchers say
Anonymous wrote:
Mr. Man-wai Chang was thinking very hard : https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html it would be nice if this guy could figure out how to correctly reply to a post instead of littering up the news group with unthreaded replies | Injection-Info: toylet.eternal-september.org says it all. |
#15
|
|||
|
|||
Email security is unsafe and cannot be easily fixed,researchers say
In article
Anonymous wrote: Mr. Man-wai Chang was thinking very hard : https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html it would be nice if this guy could figure out how to correctly reply to a post instead of littering up the news group with unthreaded replies No whining on Usenet. |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|