[Cryptography] Insecure email might be an even bigger problem than we suspected
Tom Mitchell
mitch at niftyegg.com
Fri Aug 26 20:19:06 EDT 2016
On Wed, Aug 24, 2016 at 11:45 AM, Phillip Hallam-Baker <
phill at hallambaker.com> wrote:
> Over the past few months we have seen some very remarkable and quite
> unexpected developments:
>
.......
> Note that I am not saying that I am 100% sure that these events are
> connected or that they are the result of Russian covert operations. It is
> however impossible to assert with confidence that there is no connection
> and that we are not seeing the results of a Russian lamplighter operation
> that has succeeded beyond the wildest expectations of the planners.
>
> [*] When I first started writing this memo yesterday it was a private memo
> for the managers of News Corporation. It was of course obvious that if the
> Russians attacked the DNC they would attack the RNC as well.
>
....
> If you have someone's entire email history, manipulating them into taking
> actions you want them to take becomes quite easy.
>
....
> Which is why we absolutely must stop worrying about the 'terrorist' threat
> if the NSA is unable to read all the email on the Internet and instead
> start worrying about the threat posed by Putin's minions being able to read
> all the email on the Internet.
>
I once rushed a fraternity and noted the locks on refrigerators were an
obvious contradiction to
the ethics the house.
The lesson is that if you have something of interest or value others will
take it if they can.
The internet has massive reach and great speed thus risks need to be
addressed.
A look at my log of an ad hock machine on the net without a famous name and
find hundreds of
abusers yanking on the doorknob each day. If it was my home I would move
and be armed.
No physical bank or store has thugs attempting to steal their property
fifty times a day.
This relentless assault on all connected devices should make it obvious to
all but
the most arrogant that data security at all levels is at risk. More
importantly the
security tools I have to manage access to pictures of my puppy are much the
same
the same as those the State Department has for email.
It is a sad state that some TLAs are permitted to collect exploits that are
mindless
in what they can exploit.
It comes as no surprise for those that sit in engineering meetings and are
involved
in bug management. Even when reported the industry has been very slow
at fixing them. It is better today with the exception of smart phones and
vendor
feature additions...
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160826/e5ea89c2/attachment.html>
More information about the cryptography
mailing list