RE: response to tax software not encrypting tax info

From: er t (er587at_private)
Date: Thu Mar 13 2003 - 11:20:13 PST

Next message: David Brumley: "Vulnerability in OpenSSL"

Previous message: Martin Schulze: "[SECURITY] [DSA 261-1] New tcpdump packages fix denial of service vulnerability"
Maybe in reply to: auto40951at_private: "response to tax software not encrypting tax info"
Next in thread: Andreas Beck: "Obfuscating sensitive data? (was: response to tax software not encrypting tax info)"
Reply: Andreas Beck: "Obfuscating sensitive data? (was: response to tax software not encrypting tax info)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Mom and Pop use this software, your English teacher uses this software, 
probably even your local baker... This is a case of Vendor vs. User... I 
Thank PivX for helping the Community and WE must help out our users.

You can almost bet the that the users of the Tax program use IE to surf the 
internet, and mostly unpatched. The dangerous web site, knowing the default 
location of the Tax files, or even the unprotected "net use IP C:" doesn't 
help out our users.

What could help our users is a default simple encryption of the Tax files.

You are correct when saying

"I am wondering, is it really the responsibility of every piece of software 
that handles potentially sensitive info to provide (strong)encryption 
capabilities?"

Because not everyone using today's computers can utilized EFS or a third 
party encryption tool.



.er.587

-----Original Message-----
From: auto40951at_private [mailto:auto40951at_private]
Sent: Thursday, March 13, 2003 1:27 PM
To: bugtraqat_private
Subject: response to tax software not encrypting tax info



-----BEGIN PGP SIGNED MESSAGE-----

PivX:

I am wondering, is it really the responsibility of every piece of software 
that handles potentially sensitive info to provide (strong)encryption 
capabilities?

I think the onus of protecting sensitive info should fall on the user in 
many cases. This obviously includes not sharing your tax info on KaZaA or on 
network shares and using reliable third-party encryption software to protect 
anything that you really don't want other people to know about. NTFS 
permissions and EFS can also be used to this effect. In the end, these 
measures will also be way way way more effective than relying on some hacked 
together info encoding algorithm that merely obsfucates your tax info and 
introduces the additional security "vulnerability" of weakly encoding the 
information.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wl0EARECAB4FAj5wzmoXHGF1dG80MDk1MUBodXNobWFpbC5jb20ACgkQ7s7ZokLom1is
MQCgkLFM8vUJ/boRAC0EUTRlPlucuFcAl26K776nL35aCX8x5xU/IR/Olb8=
=SwAH
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427










_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. 
http://join.msn.com/?page=features/junkmail

Next message: David Brumley: "Vulnerability in OpenSSL"
Previous message: Martin Schulze: "[SECURITY] [DSA 261-1] New tcpdump packages fix denial of service vulnerability"
Maybe in reply to: auto40951at_private: "response to tax software not encrypting tax info"
Next in thread: Andreas Beck: "Obfuscating sensitive data? (was: response to tax software not encrypting tax info)"
Reply: Andreas Beck: "Obfuscating sensitive data? (was: response to tax software not encrypting tax info)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Mar 14 2003 - 10:19:42 PST