Re: [vox-tech] Email vs. FAX Security
on Wed, Feb 02, 2005 at 10:20:14AM -0800, Robert G. Scofield ([EMAIL PROTECTED]) wrote: I think I know the answer to this, but I want to make sure. I believe that it is more secure to FAX a document than it is to email a document or message, right? This assumes that one does not use email encryption. As stated: it depends. Some businesses (businesses, law offices) prefer faxes because the documents can be shredded. If you're sending to a print-on-receipt FAX machine, the main hope for interception is while the message is live on the wire. That said, US intelligence services are thought to tap into the global telecoms networks, particularly long-distance satellite and fiber links, with the capacity to store (if not meaningfully process) the intercepts. This is one reason for other nations to take an interest in developing independent coms nets. I realize that someone can tap a phone line, and that would enable a person to intercept a FAX. But at least a FAX does not sit on a server waiting to be downloaded, Bad assumption. If you _don't_ know what the remote fax system does, you're rather more vulnerable. More systems are now store, print on demane, which means your FAX sits on a disk somewhere until recalled. And may continue to do so. Other systems use electronic delivery: your recipient gets a TIFF of your document, not the actual document itself. Once data are in binary format, they can of course be readily disseminated, though w/o OCR, the resulting files are large and somewhat unweildy, and OCR is notoriously inexact, particularly on poorer-quality faxes. like an email message does. It would seem easy for an ISP's system administrator to use the root password to read the email of the ISP's customers. ( I know I can log in as root on my Linux system and use the more command to read my downloaded email.) Or your boss. Or cow-orkers. Or an unfriendly war driver. Or the person who buys the PC at an electronics recycling event, finding an unwiped HD. Note too that your greatest risks are generally _not_ transmit-time intercepts, but unauthorized access from storage (or binnage). Hard drives, remaindered hardware, dumpster diving. Does anybody here believe that ISP system administrator's ever do such a thing? Routinely. Usually as a method of testing systems. Most administrators are probably not security threats, and respect customer confidentiality. Some don't. Most helpful is knowing who you're dealing with, what their security precautions are, and establishing your own expectations. For a low cost, security envelopes with a scotch-taped flap are among the better ways of transmitting documents in a tamper-resistant form, with reasonable expectations of privacy. Otherwise, I think if you Google for gpg rant you might find something worth reading. ...and after that, look at Steve Bellovin's Can Someone Read My E-Mail? http://www1.cs.columbia.edu/~smb/securemail.html Peace. -- Karsten M. Self kmself@ix.netcom.comhttp://kmself.home.netcom.com/ What Part of Gestalt don't you understand? Free Software Primer -- concepts you need to understand http://twiki.iwethey.org/Main/FreeSoftwarePrimer signature.asc Description: Digital signature ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Email vs. FAX Security
Peter Jay Salzman wrote: It would seem easy for an ISP's system administrator to use the root password to read the email of the ISP's customers. ( I know I can log in as root on my Linux system and use the more command to read my downloaded email.) Does anybody here believe that ISP system administrator's ever do such a thing? Yes, but in the same kind of way that 16 year old McDonalds employees spit into the hamburgers (or worse). It's probably VERY rare. The statistics are such that it would (probably) NEVER happen to you. I doubt that it's as rare as you seem to think. In particular, I have heard enough stories of bosses reading employees' emails to believe that at least some of them must be true. Especially since a company can be held liable for sexually harassing or otherwise inappropriate comments sent over company email: it would probably be unwise /not/ to check employee e-mails. However, I think it's very unsportsmanly not to at least ensure that everyone is acutely aware of the public nature of corporate e-mail. Also, consider that mail might also be read incidentally by a sysadmin trying to trace problems with the mail service or a mildly corrupted mailbox. Or just a BOFH-style sysadmin: I suspect there are plenty with the BOFH attitude, if not the BOFH skill. Another case where I personally have read mail not intended for my eyes is when I have deemed it unacceptable to lose any mail sent to a particular domain, and have all mail not matching an actual mailbox sent to me. This helps catch misspellings and other problems, but if the mail is of a personal nature then I might rather have lost it... ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
[vox-tech] Email vs. FAX Security
I think I know the answer to this, but I want to make sure. I believe that it is more secure to FAX a document than it is to email a document or message, right? This assumes that one does not use email encryption. I realize that someone can tap a phone line, and that would enable a person to intercept a FAX. But at least a FAX does not sit on a server waiting to be downloaded, like an email message does. It would seem easy for an ISP's system administrator to use the root password to read the email of the ISP's customers. ( I know I can log in as root on my Linux system and use the more command to read my downloaded email.) Does anybody here believe that ISP system administrator's ever do such a thing? Thank you. Bob ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Email vs. FAX Security
The answer to all of these questions is it depends. But I'll make sweeping generalizations. Keep in mind that almost all sweeping generalizations are untrue. On Wed 02 Feb 05, 10:20 AM, Robert G. Scofield [EMAIL PROTECTED] said: I think I know the answer to this, but I want to make sure. I believe that it is more secure to FAX a document than it is to email a document or message, right? This assumes that one does not use email encryption. Yeah, that's probably correct. Encryption changes that dramatically. I realize that someone can tap a phone line, and that would enable a person to intercept a FAX. But at least a FAX does not sit on a server waiting to be downloaded, like an email message does. True. It also depends on how you collect your email, who has access to the fax, etc. It would seem easy for an ISP's system administrator to use the root password to read the email of the ISP's customers. ( I know I can log in as root on my Linux system and use the more command to read my downloaded email.) Does anybody here believe that ISP system administrator's ever do such a thing? Yes, but in the same kind of way that 16 year old McDonalds employees spit into the hamburgers (or worse). It's probably VERY rare. The statistics are such that it would (probably) NEVER happen to you. But I'm sure it happens. Pete -- The mathematics of physics has become ever more abstract, rather than more complicated. The mind of God appears to be abstract but not complicated. He also appears to like group theory. -- Tony Zee's Fearful Symmetry GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech
Re: [vox-tech] Email vs. FAX Security
On Wed, Feb 02, 2005 at 10:20:14AM -0800, Robert G. Scofield wrote: I think I know the answer to this, but I want to make sure. I believe that it is more secure to FAX a document than it is to email a document or message, right? This assumes that one does not use email encryption. I tend to agree. I recently signed on with a banner ad agency, and couldn't get around to faxing, so I ended up scanning and emailing scanned copies of the documents. I was sure to yank my SSN out of the scanned copy, and call them over the phone to give it to them. If only email encryption were more wide-spread. (And, like, I got off my duff and used it, too :) ) -bill! ___ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech