EV-specific trailers incoming!

[Crissa]

Someone who hired family as their lawyer is not hiring with a full deck.

-Crissa

Sponsored

 

[SwampNut]

That would be stupid. I would never do that, and it would likely be illegal or a bad practice. I would however talk to her about the security of communication methods with regard to the lawyers I work with.

 

[FutureBoy]

Wow... didn't see that coming.

All the tech back and forth gets resolved as an agreement that hiring a family member as personal lawyer is a bad idea.

 

[Crissa]

It would create a conflict of interest.

-Crissa

 

[SwampNut]

Hah, yeah, and I honestly don't know the details of what is involved. I think for SOME cases it would be acceptable. I don't think it's always inherently conflicting. In this case, one thing I'm working on is my late mom's estate, and she would benefit (via my son's portion), so she can't be involved. She's ALSO not a specialist on that topic. The other two matters are business related and she's also not a specialist on that, nor licensed in my state.

But I believe in taking expertise from people in their field so I had the discussion with here and our actual attorneys about email and fax. They laugh at the idea of fax. But all of them are fairly young, and fax seems to just be old-think.

Now I have a new topic of chatter next time I see her. What is involved in working for family?

 

[Ogre]

Maybe you guys can create a new thread about lawyers? Though I suppose this one is dead for any on topic purpose anyhow.

 

[Bill906]

one thing I'm working on is my late mom's estate,

I am sorry for your loss.

 

[SwampNut]

I am sorry for your loss.

Thank you.

 

[ldjessee]

There are lots of ways. You have to realize that in all stages of transmittal, a fax is just an analog noise. Everyone has heard a fax or modem tone right? It's the same as sending music or voice down a wire. You record it. Literally just record it onto a tape. It's exactly the same as voice.

If you open a room with these in it, and run a wire from any station cord to the mic input on a $20 recorder, it will record the fax.

I just came home from walking this property. It's big, and EVERY one of these rooms was accessible to me without staff intervention. Ridiculous.

I got my start in telecom by reading a Radio Shack book as a child, and then attacking the phone network whenever I could sneak into places like this. And it was, and is, easy. Nobody protects them.

Now, most faxes eventually get converted into unencrypted digital signals. So it travels alongside the emails. But the emails ON THE SAME WIRE are encrypted. Fax is not. On my network (I run a small phone company) any of the admins can tell the digital signal to copy itself onto a hard drive. And now we have a recording of the fax with no manual access. I can be anywhere in the world and instruct a server or switch to record all calls including faxes. I can then download that and play it, or in the case of fax, just dump it into software and view it. We do this with permission only of course, to troubleshoot. But I could just as well do it nefariously.

1) Most faxes I see being marketed to lawyers are not unencrypted, but use 2048 bit private-public key, using 256bit AES for transport (seems kind of weak, but atleast it is a better than unecrypted). These same faxes are marketed to medical professionals as HIPAA compliant.

2) Having remote access to the phone switch... is that easy for you or your employees? If you are saying it is not for your phone company, I feel sorry for your customers. If there was a malicious employee, how would email fix that? Only encrypted email with private-public keys (not just signed, but encrypted) would protect email from a malicious employee... assuming that employee did not also have physical access to the computer the person uses to check their email (thus having the keys)...

Physical access to the end points kind of makes a lot of forms of security fall apart pretty quickly. That is why many companies have locks, security systems, layered security for access to network equipment...

(If I was running a phone company or vendor service for lawyers, I would try to set it up so that I and my employees have ZERO access to their communications. I would NEVER want to be in the position when a lawsuit goes down and to be dragged to court to then reveal that all my employees and myself could record and copy lawyers speaking to clients. Seems like a good way to get sued out of business and into the poor house.)

I have installed old punch down phone systems, but that went away, I see nothing but VoIP phones, even if there are analog lines into the building, it is easier to have it turned into IP traffic in the network area (room, closet, or a whole floor for some buildings) and routed over IP to phones that just plug into the network like computers, routers, etc.

But, outside of the scenario where someone has physical access to the end points (or a malicious employee who has remote access to the phone server on the network), how vulnerable are faxes again?

And, I do not see emails being more secure in that scenario, because the email server is probably in the same or nearby rack as the phone server, and a malicious employee could have access to that as well... and if they can get to the network, they can probably read emails as well...

Having done phone, satellite, webdev, and database security, it is a scary world...

 

[ldjessee]

Because I’m literally standing in a data center staring at encrypted data between mail clients this very second. SSL is encryption. Most everything else you said is wrong. I personally do capture faxes remotely. You are under completely mistaken assumptions about networks.

Yes, between email servers, but most emails are relayed, they are un-encrypted and then re-encrypted on that email server. If that email server is compromised, then so are your emails.

You standing with physical access to the server only proves that you can get access to the emails, just as you would be able to faxes.

If your receiving un-encrypted faxes onto a server and not securing that server... you could do the same with emails. You can setup email to not be secure. The question I have is, why are the faxes being left so unsecure for your clients?

If we do not understand what you understand, then tell me how having physical access to that rack does not bypass security for both email and faxes?

And maybe you can also tell me how emails are more secure than faxes when you have physical access to the network?

Because my experience, which I realize is limited and not perfect, could be the issue... but I am just not seeing it.

 

[ldjessee]

Let’s suppose that I send an email from my Gmail account to my lawyer’s office 365 account. At what point in the chain do you believe that the email is unencrypted?

OH OH Oh! I can answer this!

Where it was typed, where it was relayed between google and office 365, and where it was read!

That was easy! Got another one?

 

[SwampNut]

And maybe you can also tell me how emails are more secure than faxes when you have physical access to the network?

The email is encrypted. The faxes are by their very nature unencrypted and there is no way to send them encrypted.

 

[Crissa]

The email is encrypted. The faxes are by their very nature unencrypted and there is no way to send them encrypted.

This is how I know you don't understand email protocols. It is, by its standard, the least encrypted protocol.

-Crissa

 

[SwampNut]

LOL. I’ve only been doing it for 30 years, one day I’ll get to your level.

 

[CyberGus]

"Email is prone to the disclosure of information. Most emails are encrypted during transmission, but they are stored in clear text, making them readable by third parties such as email providers.[1] By default, popular email services such as Gmail and Outlook do not enable end-to-end encryption.[2] By means of some available tools, persons other than the designated recipients can read the email contents.[3]"
https://en.wikipedia.org/wiki/Email_encryption


I've spent significant remote time with lawyers over the last few years for several purposes, most notably the handling of an estate and the sale of a home. Never did we use email for anything other than casual conversation. Documents were submitted and/or downloaded via a secure web server, and Docusign used for signatures.

If something is 99% secure, it is 0% secure. Whenever I send email, I just assume Putin is reading it.

Sponsored