| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <F261Gj03oHMwVN7miR9000006f3@hotmail.com> Date: Thu, 13 Mar 2003 19:20:13 +0000 From: "er t" <er587@...mail.com> To: bugtraq@...urityfocus.com Subject: RE: response to tax software not encrypting tax info Mom and Pop use this software, your English teacher uses this software, probably even your local baker... This is a case of Vendor vs. User... I Thank PivX for helping the Community and WE must help out our users. You can almost bet the that the users of the Tax program use IE to surf the internet, and mostly unpatched. The dangerous web site, knowing the default location of the Tax files, or even the unprotected "net use IP C:" doesn't help out our users. What could help our users is a default simple encryption of the Tax files. You are correct when saying "I am wondering, is it really the responsibility of every piece of software that handles potentially sensitive info to provide (strong)encryption capabilities?" Because not everyone using today's computers can utilized EFS or a third party encryption tool. .er.587 -----Original Message----- From: auto40951@...hmail.com [mailto:auto40951@...hmail.com] Sent: Thursday, March 13, 2003 1:27 PM To: bugtraq@...urityfocus.com Subject: response to tax software not encrypting tax info -----BEGIN PGP SIGNED MESSAGE----- PivX: I am wondering, is it really the responsibility of every piece of software that handles potentially sensitive info to provide (strong)encryption capabilities? I think the onus of protecting sensitive info should fall on the user in many cases. This obviously includes not sharing your tax info on KaZaA or on network shares and using reliable third-party encryption software to protect anything that you really don't want other people to know about. NTFS permissions and EFS can also be used to this effect. In the end, these measures will also be way way way more effective than relying on some hacked together info encoding algorithm that merely obsfucates your tax info and introduces the additional security "vulnerability" of weakly encoding the information. -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wl0EARECAB4FAj5wzmoXHGF1dG80MDk1MUBodXNobWFpbC5jb20ACgkQ7s7ZokLom1is MQCgkLFM8vUJ/boRAC0EUTRlPlucuFcAl26K776nL35aCX8x5xU/IR/Olb8= =SwAH -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _________________________________________________________________ Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
Powered by blists - more mailing lists