Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
When Encrypted Communication Is Not Good Enough
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
5/19/2015 | 9:00:26 AM
Re: The group didn't answer the question.
@LysaMyers, the adage -- "Don't let perfect be the enemy of the good." -- doesn't totally apply in this case because there will always be risk in electronic communications. But in many of these extreme cases where bulllet proof security would be imposilbe the "good" will have to suffice. I assume that's what the panel concluded. So in the end the issue becomes one of guaging risk versus benefit.

 
LysaMyers
50%
50%
LysaMyers,
User Rank: Author
5/18/2015 | 3:23:22 PM
Re: The group didn't answer the question.
In person, we did answer the question. For the purposes of this article I chose to discuss just the first few minutes of a much more in-depth conversation. The answer is not a simple one - If you absolutely, positively need to discuss things electronically, there are a variety of things you will need to consider. Part of that consideration needs to be understanding that you will, at the very least, be exposing the metadata for the conversation. If one or the other party of the conversation are under surveillance, you may not be able to guarantee that your conversation is not being eavesdropped upon, even if you're using the most secure electronic communication method available.
RetiredUser
100%
0%
RetiredUser,
User Rank: Ninja
5/16/2015 | 12:40:37 AM
If Pressed, Then I Choose...
...from a couple of apps deemend by the EFF to fit the bill:  Cryptocat or TextSecure.  I use 4096-bit GnuPG encryption for files that I exchange with trusted key-holders and talk on private IRCs with OTR encryption.

But, yeah, let's face it: True privacy, true security, is never assured, but at least let's do what we can to achieve it, best we can.  
AMARGHEIM570
50%
50%
AMARGHEIM570,
User Rank: Apprentice
5/15/2015 | 9:48:15 AM
The group didn't answer the question.
I give your article a thumbs-up for emphasizing the dangers of electronic communication but it gets a thumbs-down for not answering the original question.  The group's response would have been much more useful if they would have told us what they would do when a face-to-face meeting isn't possible(since face-to-face meetings aren't possible in many, if not most, situations).
Marilyn Cohodas
100%
0%
Marilyn Cohodas,
User Rank: Strategist
5/15/2015 | 8:25:22 AM
Very thoughtful
Great insight on the limitations of encryption in the digital era. Thanks, Lysa. Nice job putting the issue into a real-world context.


COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25514
PUBLISHED: 2020-09-22
Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.
CVE-2020-25515
PUBLISHED: 2020-09-22
Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.
CVE-2020-14022
PUBLISHED: 2020-09-22
Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Star...
CVE-2020-14023
PUBLISHED: 2020-09-22
Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.
CVE-2020-14024
PUBLISHED: 2020-09-22
Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuratio...