[Cialug] Dumb. Dumb Security.

Todd Walton tdwalton at gmail.com
Mon Aug 20 16:38:18 CDT 2012


On Mon, Aug 20, 2012 at 4:10 PM, L. V. Lammert <lvl at omnitec.net> wrote:
> They aren't talking about *Internet* security, rather Google/Gmail and a
> lot of other email systems default to TLS, which sends email via SSL
> connection and is fairly secure.

Here's how I responded to them:

Thank you, Bryan, for your assistance.  And your response is something
more like what I was expecting when I first emailed about this issue.

But though your response is substantive, it is incorrect.  With all
due respect, I think you have a mistaken view of network security.
It's true that the *transmission* of data over the network is
typically secured with TLS, maybe SMTPS or IMAPS in the case of an
email.  But it's not a safe assumption that an email will always be
*stored* in an encrypted form.  And it's not at all safe to assume
that the email will always be in the hands of a secure or honest
network provider.  That's just not the way email works, and it's not
the way the Internet is built.  It doesn't matter how securely you
pass it from one person to another, once it gets there they have the
message, and the messages that FutureAdvisor is sending are
unencrypted.

"Encrypted email" is something other than what you're talking about.
Your use of that term is not the way others use it:

http://en.wikipedia.org/wiki/Encrypted_email

I appreciate the help, and I hope that FutureAdvisor.com does well as
a company.  But I really hope that you address this issue soon.  Not
all of your customers will be tech savvy enough to understand the
security risk presented here.

--
Todd Walton


More information about the Cialug mailing list