Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

When Encrypted Communication Is Not Good Enough
Newest First  |  Oldest First  |  Threaded View
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/19/2015 | 9:00:26 AM
Re: The group didn't answer the question.
@LysaMyers, the adage -- "Don't let perfect be the enemy of the good." -- doesn't totally apply in this case because there will always be risk in electronic communications. But in many of these extreme cases where bulllet proof security would be imposilbe the "good" will have to suffice. I assume that's what the panel concluded. So in the end the issue becomes one of guaging risk versus benefit.

User Rank: Author
5/18/2015 | 3:23:22 PM
Re: The group didn't answer the question.
In person, we did answer the question. For the purposes of this article I chose to discuss just the first few minutes of a much more in-depth conversation. The answer is not a simple one - If you absolutely, positively need to discuss things electronically, there are a variety of things you will need to consider. Part of that consideration needs to be understanding that you will, at the very least, be exposing the metadata for the conversation. If one or the other party of the conversation are under surveillance, you may not be able to guarantee that your conversation is not being eavesdropped upon, even if you're using the most secure electronic communication method available.
User Rank: Ninja
5/16/2015 | 12:40:37 AM
If Pressed, Then I Choose...
...from a couple of apps deemend by the EFF to fit the bill:  Cryptocat or TextSecure.  I use 4096-bit GnuPG encryption for files that I exchange with trusted key-holders and talk on private IRCs with OTR encryption.

But, yeah, let's face it: True privacy, true security, is never assured, but at least let's do what we can to achieve it, best we can.  
User Rank: Apprentice
5/15/2015 | 9:48:15 AM
The group didn't answer the question.
I give your article a thumbs-up for emphasizing the dangers of electronic communication but it gets a thumbs-down for not answering the original question.  The group's response would have been much more useful if they would have told us what they would do when a face-to-face meeting isn't possible(since face-to-face meetings aren't possible in many, if not most, situations).
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
5/15/2015 | 8:25:22 AM
Very thoughtful
Great insight on the limitations of encryption in the digital era. Thanks, Lysa. Nice job putting the issue into a real-world context.

COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Latest Comment: Exactly
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-09-22
PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.
PUBLISHED: 2020-09-22
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.
PUBLISHED: 2020-09-22
WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.
PUBLISHED: 2020-09-22
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only� or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing ...
PUBLISHED: 2020-09-22
IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.