To be more direct, the protocols that define email are horribly out of date and have no place in the modern world. If email is to ever going to have any remote possibility of being secured, SMTP needs to be completely thrown out the window in favor or something else. The protocols are broken, there is no TRUE and 100% accepted way of verifying senders, and it's horrible for sending or linking files. Of course, that ain't gonna happen any time soon, unfortunately
On Fri, Dec 6, 2013 at 3:10 PM, Edmund Cramp <[email protected]> wrote: > The reply from the customer support is *“Currently, our system is set to > send the remittances in the secure format. The only other option would be > for us to change the format to non-secure, this way the email won’t contain > any html files.”* > > > > This brings to mind a tagline that used to appear in the ASR newsgroup … > "I would like to shake the hand of the man who first decided that e-mail > clients should slice, dice and run arbitrary programs. Then I'd like to > stir, blend and puree his hand." > > > > ROT-13 would be a lot less dangerous and probably more secure - "V jbhyq > yvxr gb funxr gur unaq bs gur zna jub svefg qrpvqrq gung r-znvy pyvragf > fubhyq fyvpr, qvpr naq eha neovgenel cebtenzf. Gura V'q yvxr gb fgve, oyraq > naq cherr uvf unaq." > > > > > > *From:* General [mailto:[email protected]] *On Behalf Of *Shannon > Roddy > *Sent:* Wednesday, December 04, 2013 1:33 PM > > *To:* [email protected] > *Subject:* Re: [brlug-general] Spearfishing > > > > It appears to me to be Cisco IronPort. > > > > http://www.networkworld.com/community/node/19588 > > > > Yuck. > > > > On Wed, Dec 4, 2013 at 1:40 PM, Jarred White <[email protected]> > wrote: > > It looks to be legit, but what an awful freaking idea BofA. > > http://securemsg.bankofamerica.com/Secure_Email_Recipient_Guide_en.pdf > > > > On Wed, Dec 4, 2013 at 1:32 PM, Keith Stokes <[email protected]> > wrote: > > Yes, unfortunately it is this easy. > > > > On Dec 4, 2013, at 12:21 PM, Edmund Cramp <[email protected]> wrote: > > > > A user received an email that purports to come from one of our customers > with the instructions: > > "Click the securedoc.html attachment to open (view) the secure message. > For best results, save the file first and open it from the saved location > using a Web browser." > > My email system, very sensibly stripped and quarantined the file, and > stored it with a couple of hundred of assorted New Order.zip and payroll > report.xls files in the quarantine directory. Opening the file with > notepad shows it to be mostly javascript with various references that make > it appear to come from the Bank of America. > > My immediate reaction was unprintable but hell, assuming that it's "real" > and that's not certain yet, these people want me to let users open any HTML > web page that floats into their inbox? > > This has got to be a gift from the gods if you are up to mischief - just > email everyone a securedoc.html file and they will open it and enter their > password ... which javascript (love that stuff) will promptly send to the > web site of your choice. > > Spearfishing is this easy? > > Edmund Cramp - google.com/+edmundcramp > -- > I am a drinker with writing problems. Brendan Behan > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > > > > > --- > > > > Keith Stokes > > > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > > > > > -- > > ~Running amok on technology with no apologies > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net > >
_______________________________________________ General mailing list [email protected] http://brlug.net/mailman/listinfo/general_brlug.net
