on Wed, Feb 02, 2005 at 10:20:14AM -0800, Robert G. Scofield ([EMAIL PROTECTED]) wrote: > I think I know the answer to this, but I want to make sure. I believe > that it is more secure to FAX a document than it is to email a > document or message, right? This assumes that one does not use email > encryption.
As stated: it depends. Some businesses (businesses, law offices) prefer faxes because the documents can be shredded. If you're sending to a print-on-receipt FAX machine, the main hope for interception is while the message is live on the wire. That said, US intelligence services are thought to tap into the global telecoms networks, particularly long-distance satellite and fiber links, with the capacity to store (if not meaningfully process) the intercepts. This is one reason for other nations to take an interest in developing independent coms nets. > I realize that someone can tap a phone line, and that would enable a > person to intercept a FAX. But at least a FAX does not sit on a > server waiting to be downloaded, Bad assumption. If you _don't_ know what the remote fax system does, you're rather more vulnerable. More systems are now "store, print on demane", which means your FAX sits on a disk somewhere until recalled. And may continue to do so. Other systems use electronic delivery: your recipient gets a TIFF of your document, not the actual document itself. Once data are in binary format, they can of course be readily disseminated, though w/o OCR, the resulting files are large and somewhat unweildy, and OCR is notoriously inexact, particularly on poorer-quality faxes. > like an email message does. It would > seem easy for an ISP's system administrator to use the root password > to read the email of the ISP's customers. ( I know I can log in as > root on my Linux system and use the "more" command to read my > downloaded email.) Or your boss. Or cow-orkers. Or an unfriendly war driver. Or the person who buys the PC at an electronics recycling event, finding an unwiped HD. Note too that your greatest risks are generally _not_ transmit-time intercepts, but unauthorized access from storage (or binnage). Hard drives, remaindered hardware, dumpster diving. > Does anybody here believe that ISP system administrator's ever do such > a thing? Routinely. Usually as a method of testing systems. Most administrators are probably not security threats, and respect customer confidentiality. Some don't. Most helpful is knowing who you're dealing with, what their security precautions are, and establishing your own expectations. For a low cost, "security" envelopes with a scotch-taped flap are among the better ways of transmitting documents in a tamper-resistant form, with reasonable expectations of privacy. Otherwise, I think if you Google for "gpg rant" you might find something worth reading. ...and after that, look at Steve Bellovin's "Can Someone Read My E-Mail?" http://www1.cs.columbia.edu/~smb/securemail.html Peace. -- Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/ What Part of "Gestalt" don't you understand? Free Software Primer -- concepts you need to understand http://twiki.iwethey.org/Main/FreeSoftwarePrimer
signature.asc
Description: Digital signature
_______________________________________________ vox-tech mailing list vox-tech@lists.lugod.org http://lists.lugod.org/mailman/listinfo/vox-tech