| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40A1FB94.803A3A16@swift.com> From: jimmy.kuijpers at swift.com (KUIJPERS Jimmy) Subject: Wireless ISPs Isn't it also the responsibility of the site where your ordering? To have any data submitted by e-mail to be delivered securely. For example by having the e-mail itself encrypted? [devil's advocate mode] Sure, one can also have the debate that wireless links should be encrypted but that's something else entirely, even a wired link is sniffable and they we're never encrypted. So why encrypt the wireless links? [/devil's advocate mode] my 2ct, Jimmy Sean Milheim wrote: > I agree with Brian. I feel that merchants sending information through > email is irresponsible and this is a customer service issue. > > We have online ordering and do not send sensitive data via email. None > of the merchants that I have made online purchases with recently have > done this either. > > However there is also pop3s and imaps. > > -- > Sean Milheim <sean@...eus.com> > iDREUS Corporation > > ------------------------------------------------------------------------------------------------------------------------------------ > > Subject: Re: [Full-Disclosure] Wireless ISPs > Date: Tue, 11 May 2004 12:20:45 -0700 (PDT) > From: D B <geggam692000@...oo.com> > To: Brian Toovey <btoovey@...global.com> > CC: full-disclosure@...ts.netsys.com > > Hi Brian > > Sit down sometime inside a wireless ISPs area and run > kismet. You can see someone connect to a service via > SSL, then immediately after they purchase something > they check the email. Guess what ? the Credit card # > and address are in that email. > > Doesn't take some 15 year veteran of the internet to > see how this is a bad thing. > > Go flame some newb who has no brain. > > Dan Becker > > --- Brian Toovey <btoovey@...global.com> wrote: > > Dan, > > > > Your post is troubling, if not confusing - > > > > You are talking about two seperate issues - email > > confirmations with companies that you buy goods and > > services from online and wireless data transmission. > > Most wireless "computer equipment" that is sold now > > by default comes with some kind of encryption, > > completely hackable but "encrypted" - so it becomes > > the end user's responsibility to use the proper > > equipment / software to protect yourself. > > > > The other issue, automatic replies with sensitive > > data, are best directed to the customer service > > department of the company in transgression. > > > > Dan, the internet is an unsafe place for sensitive > > data. I would suggest some study in different > > encryption methodlogies to educate yourself. > > Education leads to positive, well thought out data > > communication, which leads to peace of mind. > > > > Regards, > > Brian > > > > On May 11, 2004 02:33 PM, D B > > <geggam692000@...oo.com> wrote: > > > > > I'm not real sure how to post this, nor am I sure > > of > > > the scope. I am still learning about computers. > > > > > > > > > All transactions done via secure websites are > > secure, > > > however the auto mailing feature to confirm orders > > > sometimes contains sensitive data. When the > > customer > > > is on a wireless connection, be it ISP or home LAN > > > that data is broadcasted in the clear for anyone > > > within range to eavesdrop. A wired internet > > connection > > > limits the number of people who have access to > > this > > > data simply by the nature of the internet putting > > it > > > within acceptable risk. > > > > > > It is legal according to US law to eavesdrop on > > > wireless connections. > > > > > > > > > http://www.usdoj.gov/criminal/cybercrime/wiretap2510_2522.htm > > > > > > The only solutions I can offer are one of two > > things. > > > > > > 1. Quit sending auto confirmations with sensitive > > data > > > > > > 2. Encrypt all wireless transmissions at least > > making > > > someone who gains access to this data > > prosecutable. > > > > > > Please direct all flames to /dev/null > > > > > > Dan Becker > > > > > > > > > > > > > > > __________________________________ > > > Do you Yahoo!? > > > Win a $20,000 Career Makeover at Yahoo! HotJobs > > > > > http://hotjobs.sweepstakes.yahoo.com/careermakeover > > > > > > _______________________________________________ > > > Full-Disclosure - We believe in it. > > > Charter: > > http://lists.netsys.com/full-disclosure-charter.html > > > > Brian Toovey > > igxglobal > > 389 Main Street Suite 206 > > Hackensack, NJ 07601 > > Ph: 201-498-0555x2225 > > btoovey@...global.com > > > > Subscribe to the igxglobal Daily Security Briefing > > http://www.igxglobal.com/dsb/register.html > > > > igxglobal announces Daily Security Briefing > > newsletter > > http://www.prweb.com/releases/2004/5/prweb123759.htm > > > > > > The electronic message that you have received and > > any attachments are solely intended for the use of > > the addressee(s) and may contain information that is > > confidential. If you receive this email in error, > > please advise us by responding to NOC@...global.com. > > You are required to delete the contents and destroy > > any copies immediately. > > igxglobal is not liable for the views expressed in > > this electronic message or for the consequences of > > any computer viruses that may be unknowingly > > transmitted within this message. This electronic > > message is also subject to standard > > copyright/ownership laws. It is not intended to be > > reproduced, or re-transmitted without the consent of > > the originator. > > > > > > > > > > > > > > > > > > > > __________________________________ > Do you Yahoo!? > Win a $20,000 Career Makeover at Yahoo! HotJobs > http://hotjobs.sweepstakes.yahoo.com/careermakeover > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists