Mailinglist Archive: opensuse (783 mails)

< Previous Next >
Re: [opensuse] No encryption on imap on some servers [WAS: Basically every WiFi device just hacked?]
On 2017-10-17 03:43, Anton Aylward wrote:
On 16/10/17 05:59 PM, Carlos E. R. wrote:


Oh, I use other email providers as well.

But is Gmail really secure? The FBI and CIA will be reading it. Google
machine reads it. So I guess it is not really more secure and private.


It might be worse, much worse.

There's an entry in my DatabaseOfDotSigQuotes


Using encryption on the Internet is the equivalent of arranging
an armored car to deliver credit card information from someone
living in a cardboard box to someone living on a park bench.
-- Gene Spafford

I'm sure I don't live in a cardboard and that my end is safe. That's as
much as I can do.


Or perhaps in reverse. Securing the end points but leaving the steps along
the
way unsecured.

That is what is actually happening with plain email today.



If and only if the originator used a secured machine that overwrote the temp
file, overwrote the temp memory, after using TLS to authenticate itself the
server and SMTP-S to transfer, and the server was the machine you accessed via
TLS and IMAPS so you didn't have to worry about the security of any
intermediate
machines (check the 'received-by in your headers!), and it also wiped
temporary
storage .... and you PGP encrypted the message ... and traffic analysis wasn't
an issue for your operational security, then OK.

I'd worry about that if I had to transmit state or industry secrets.


But I don't think all that holds when reading this list.

And WTF, its not like most mailing list that I subscribe to don't send me a
reminder of what my password each and every month, in plain text.

Not this one :-)

Getting the list password does not allow people to intercept or fake
list email, I think.

--
Cheers / Saludos,

Carlos E. R.
(from 42.2 x86_64 "Malachite" at Telcontar)

< Previous Next >