On 7/10/2014 12:12 PM, John Hardin wrote:
On Thu, 10 Jul 2014, Ted Mittelstaedt wrote:
On 7/10/2014 8:26 AM, David F. Skoll wrote:
On Wed, 9 Jul 2014 17:44:26 -0700 (PDT)
John Hardin<jhar...@impsec.org> wrote:
> I'm not excusing their approach, but I'm saying there are a lot of
> sources of real-world friction that lead to suboptimal solutions like
> this. I expect the desire to avoid requiring installation (and
> maintenance!) of PGP/GPG by their (assumed non-technical) customers
> is the primary reason they are doing it this way.
Yes.
Symantec is the real culprit here. It is actively encouraging the
compromising of computers with the workflow of its product.
The proper approach would have been to make freely available a
"Symantec Encrypted Archive" viewer, similar to how Adobe makes PDF
readers freely available.
By using PGP they are using an open source encryption algorithm. If
they supply their own encrypted viewer then almost certainly it would be
closed source and there's no way to know if the NSA or some other
malevolent agency inserted a back door - like was done with RSA.
Agreed. It would be better if there was an open-source PGP/GPG archive
viewer application. However...
SO I think that using PGP was the right course of action here.
PGP is a red herring here.
Fundamentally the problem as i see it is lack of verification. You
pointed that out yourself.
Um, no, the problem is that this Symantec tool is training people to
rename and run executable email attachments. The misnamed-executable
practice is to bypass security policies that dictate email messages
shall not have executable attachments in order to avoid malware.
As you properly pointed out - this is a lack of verification problem,
NOT a lack of encryption problem.
That too, but when you've trained users to not view "rename and run this
file" with immediate suspicion, you've drastically lowered the bar for
malware.
Oh we are already so far down the path to evil under Windows that's nothing.
Under Windows, users don't think of it as "rename and run" they thing of
it as "rename and open" Microsoft has conflated the notion of running
an executable with the notion of opening a file to edit or view or read.
Hiding the extensions by default is like the icing on the cake - it's
like Microsoft built Windows to be hacked.
If your going to tell users "don't open an attachment if you have to
rename it" then you are IMPLYING that if they DON'T have to rename the
attachment then the attachment is safe, just save it and "open" it.
The bar has already been drastically lowered by the Windows paradigm as
Microsoft has defined it. And if that wasn't bad enough they introduced
another paradigm in Windows 8 of applets and such, giving the evildoers
even more hidey-holes in the OS to run malware.
Fundamentally I think the problem is with attachments. An email
attachment should be regarded as an anachronism. Users should not be
emailing each other attachments they should be emailing each other links
to attachments that exist on servers, and the SSL paradigm should be
re-architected to do more than just let users click though a simple
warning message.
30 years ago when a lot of email was carried by UUCP then an attachment
made sense. But today in a connected Internet - absolutely not.
Ted
If Symantec replaces PGP with their own custom thing now your not only
introducing the lack of verification your also introducing
unreliability of encryption, too. Use of PGP is actually the proper
thing to do.
Again, PGP is a red herring here.
---
This email is free from viruses and malware because avast! Antivirus protection
is active.
http://www.avast.com
