If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed,researchers say
https://www.independent.co.uk/life-style/gadgets-and-
tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html |
Ads |
#2
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio
wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html I hope nospam is paying attention.... https://en.wikipedia.org/wiki/Boundless_Informant |
#3
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio
wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. |
#4
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@
4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. |
#5
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 12:42:18 GMT, Tim wrote:
Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I hear you. I went to a local lawyer to have a simple power of attorney drawn up. They email me the thing for approval/modification. I questioned their use of email for this, to find out "that's how we do it..." So I start poking around and figure out how to call up the header fields, to find out they don't even have their own domain, but their domain and email is held on Yahoo servers. The problem is huge, the perception is minuscule. |
#6
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 12:42:18 GMT, Tim wrote:
Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. ARPANet was designed to be secure through its obscurity as far as I can tell. When it was released to the public, nobody seemed to foresee how things would need to be secured any further than with a username and password from what I can tell. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I think that's a good idea.You're doing with security what the government did with highways here in Quebec. You can usie the public system and get to your destination but you'll sit in traffic or you can pay to use the 25 and avoid congestion. I can see such a system working with security as well since there are always people who think that sitting in traffic for an hour is better than just paying a $3 toll. |
#7
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed,researchers say
https://www.independent.co.uk/life-style/gadgets-an tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 不借貸! 不詐騙! 不*錢! 不援交! 不打交! 不打劫! 不自殺! 不求神! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
#8
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed,researchers say
https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html -- @~@ Remain silent! Drink, Blink, Stretch! Live long and prosper!! / v \ Simplicity is Beauty! /( _ )\ May the Force and farces be with you! ^ ^ (x86_64 Ubuntu 9.10) Linux 2.6.39.3 不借貸! 不詐騙! 不*錢! 不援交! 不打交! 不打劫! 不自殺! 不求神! 請考慮綜援 (CSSA): http://www.swd.gov.hk/tc/index/site_...sub_addressesa |
#9
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 09:16:44 -0400, default
wrote: On Tue, 15 May 2018 12:42:18 GMT, Tim wrote: Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I hear you. I went to a local lawyer to have a simple power of attorney drawn up. They email me the thing for approval/modification. I questioned their use of email for this, to find out "that's how we do it..." So I start poking around and figure out how to call up the header fields, to find out they don't even have their own domain, but their domain and email is held on Yahoo servers. The problem is huge, the perception is minuscule. And as we know, Yahoo is synonymous with prosperity and security, *especially* since they put a woman at the helm. |
#10
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 09:16:44 -0400, default
wrote: On Tue, 15 May 2018 12:42:18 GMT, Tim wrote: Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I hear you. I went to a local lawyer to have a simple power of attorney drawn up. They email me the thing for approval/modification. I questioned their use of email for this, to find out "that's how we do it..." So I start poking around and figure out how to call up the header fields, to find out they don't even have their own domain, but their domain and email is held on Yahoo servers. The problem is huge, the perception is minuscule. I recently bought a European SIM card for a family member who'll be traveling there soon from the States. Among other things, you have to provide the traveler's full name, birthday, passport number, and more. The company offered several methods to get the thing activated, but they stressed that email was their preferred method. You guessed it, they had an @gmail.com address! Seriously? You just have to wonder. |
#11
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
Mr. Man-wai Chang was thinking very hard :
https://www.independent.co.uk/life-style/gadgets-and-tech/news/email-security-s-mime-pgp-encryption-latest-broken-not-working-fix-how-to-a8351116.html it would be nice if this guy could figure out how to correctly reply to a post instead of littering up the news group with unthreaded replies |
#12
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
On Tue, 15 May 2018 11:26:31 -0400, Doomsdrzej wrote:
On Tue, 15 May 2018 09:16:44 -0400, default wrote: On Tue, 15 May 2018 12:42:18 GMT, Tim wrote: Doomsdrzej wrote in news:n1jlfddcit6u2j4v62370beu8ipges0tgk@ 4ax.com: On Tue, 15 May 2018 02:24:11 +0200 (CEST), Nomen Nescio wrote: https://www.independent.co.uk/life-style/gadgets-and- tech/news/email-security-s-mime-pgp-encryption-latest-broken-not- working-fix-how-to-a8351116.html The last paragraph says it all: PGP itself is safe but the way the third-party clients decrypt it is not. I have said it before, and I'll say it again: Until we start at Layer 2 and build in all the encryption/authentication/verification things we have learned and developed over the last forty years, and include ways to add others as they are developed, the Internet will not be universally safe. We have piecemeal answers for some of the problems, but there is no overall structure for implementing the things we need today to provide secure communications. Personally, I can see a tiered structure. The lowest tier is essentially the way the Internet is today, You roll the dice and you take your chances. Good for things like newsletters, bulk mailings, etc, but pretty much unsecure. The next tier up starts implementing things like white lists, verified receipt, and other lower level functions to increase security and reliability. Each tier upwards adds more features such as stronger encryption, authentication, secure identification, etc. And one will have the option to add additional tiers for unique requirements above and beyond ones universally available. Of course, there will be costs associated with each tier, and it will be up to the individual user whether they will be willing to pay for those features. I hear you. I went to a local lawyer to have a simple power of attorney drawn up. They email me the thing for approval/modification. I questioned their use of email for this, to find out "that's how we do it..." So I start poking around and figure out how to call up the header fields, to find out they don't even have their own domain, but their domain and email is held on Yahoo servers. The problem is huge, the perception is minuscule. And as we know, Yahoo is synonymous with prosperity and security, *especially* since they put a woman at the helm. Do you really think that the CEO's of companies understand the business of the companies they manage? They only understand profit; let me restate that: they only understand PROFIT!!! Not the solvency of the company, not the long term viability of the company, not who they hurt or what they do, just the instantaneous peak dollar amount of the stock price. That is all that matters. Being female has nothing to do with it, greed and short-sighted stupidity affects women as well as men. |
#13
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
"default" wrote
| And as we know, Yahoo is synonymous with prosperity and security, | *especially* since they put a woman at the helm. | | Being female has nothing to do with it, greed and short-sighted | stupidity affects women as well as men. And Marissa Meyer was a former Googlite, thus already tainted by arrogant disregard for human decency. She's been noted numerous times for not caring about privacy. She even cooperated to write software to let the NSA access yahoo email clandestinely, without even consulting her own security chief. The solution has to be partially encryption, but the real problem is that there are no laws to cover the issues. Companies that store data online are not punished. Companies that sell your data to each other are not punished. Even where it's illegal there are workarounds, such as CVS selling customer drug records to drug companies when doctors couldn't. I read the other day that an organization (caprivacy.org) is pushing a new California privacy law. But even that is just a joke. They want to enforce an opt-out option on selling data. You'd have to specifically tell companies you don't want them to sell your data! As I read their website, with warnings that I should enable javascript, I looked at the source code. They were trying to track me via both Facebook and Google Analytics. I wouldn't be surprised if the people pushing this new law don't even know their website is doing that. The ignorance and stupidity is jaw-dropping. It's so bad that I actually can't tell whether the caprivacy people are naive or whether they're really industry plants assigned to push a toothless law for PR purposes. I think Ed Markey and others are pushing a real privacy law, but I don't know the details. Fullscale encryption is great for people like political activists in Tibet or Iran, but for most people it's not a realistic solution. I don't know anyone who's even heard of PGP, much less set up end-to-end encryption. The only realistic approach is to make it seriously illegal for people to read your email or track you online, just as it's illegal to read your postal mail or set up surveillance in someone's house. But it has to be gravely illegal, because collecting and analyzing the data is so easy. There was an interesting article in the New Yorker some time ago, about Estonia. https://www.newyorker.com/magazine/2...gital-republic They have little privacy, but anyone accessing personal info is logged and the person is notified. If the accessing party doesn't have a very good reason they can be in big trouble. It's a completely different approach. Essentially computerization planned for society rather than engineered by "yahoos" (and Googlites, Facebookies, Amazonians, Apple maniacs, Microsofties, etc) operating in a Wild West environment with no real planning or vision -- only profits for big business on their minds. |
#14
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
In article , Mayayana
wrote: | And as we know, Yahoo is synonymous with prosperity and security, | *especially* since they put a woman at the helm. | | Being female has nothing to do with it, greed and short-sighted | stupidity affects women as well as men. And Marissa Meyer was a former Googlite, thus already tainted by arrogant disregard for human decency. you've said a lot of ignorant things, but that one is at the top. is everyone who works at google tainted? all 75,000+ of them? are the dozen 'googlites', who quit their jobs in protest of what google is doing, also tainted? if so, why did they quit? https://arstechnica.com/gadgets/2018...resign-in-prot est-of-googlepentagon-drone-program/ Despite protests from employees, Google is still charging ahead with a Department of Defense collaboration to produce machine-learning software for drones. Google hasn't listened to a contingent of its employees that is unhappy with Google's involvement in the military-industrial complex, and now a report from Gizmodo says "about a dozen" employees have resigned over the issue. Fullscale encryption is great for people like political activists in Tibet or Iran, but for most people it's not a realistic solution. I don't know anyone who's even heard of PGP, much less set up end-to-end encryption. apparently you're oblivious to just how easy it actually is. simply download and install an encrypted messaging app. no need to know what pgp is. here's a list of popular options: https://fossbytes.com/best-secure-encrypted-messaging-apps/ there are also encrypted email options, although not as common as messaging. The only realistic approach is to make it seriously illegal for people to read your email or track you online, just as it's illegal to read your postal mail or set up surveillance in someone's house. reading other people's email is illegal except in very specific circumstances, such as a court order. at google, reading *any* user data requires multiple authorizations and anyone who tries to get around that will be fired on the spot. But it has to be gravely illegal, because collecting and analyzing the data is so easy. collecting and analyzing data isn't anything new and not necessarily bad. it's just *much* easier now and can be done in ways that were once impossible. |
#15
|
|||
|
|||
PGP unsafe! Email security is unsafe and cannot be easily fixed, researchers say
In article , Char Jackson
wrote: I recently bought a European SIM card for a family member who'll be traveling there soon from the States. Among other things, you have to provide the traveler's full name, birthday, passport number, and more. that's not unusual. The company offered several methods to get the thing activated, but they stressed that email was their preferred method. You guessed it, they had an @gmail.com address! Seriously? You just have to wonder. not really. they were probably using gsuite, which is *very* secu https://gsuite.google.com/faq/security/ |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|