[Cryptography] another security vulnerability / travesty
Florian Weimer
fw at deneb.enyo.de
Sun Oct 2 03:44:40 EDT 2016
* Peter Gutmann:
> John Denker <jsd at av8n.com> writes:
>
>>2) The odd thing is that they consider _fax_ to be HIPAA compliant. That
>>seems quaint, like using an amulet to ward off disease.
>
> Why? Fax is a lot harder to get at than email. Account breaches are so
> routine and so vast in scope that they don't even make the news any more
> unless it's 100 million plus accounts affected.
An account breach doesn't mean that email is actually compromised.
I expect that for redirecting faxes, you don't even need to guess a
password. You just need to obtain a fax machine, and then place a
phone call or visit a store.
> OTOH when was the last time you heard about a single fax being
> intercepted? (And I mean intercepted remotely by a third party, not
> "someone walked out of the office with a copy").
Another explanation is that faxes going wrong are routinely blamed on
the victims. Look at UK phone hacking—the network operators hardly
received any criticism for enabling that.
More information about the cryptography
mailing list