EV-specific trailers incoming!

[Crissa]

I have no idea if that’s a serious question or trolling. I’m always happy to engage on real questions.

Both would be hard to do internationally. Fax is obviously easier because if it hits an IP network, and that network is hacked, they can just capture and reassemble the fax. In most cases, even if the network is hacked, the email stays encrypted and inaccessible. If they capture the packets they can’t be reassembled.

I still don't think you understand which is more difficult to do.

-Crissa

Sponsored

 

[Ogre]

What are the chances of a Russian hacker getting information that was emailed, verses getting information that was faxed?

Depends on who it is.

If you have enough resources either.

 

[SwampNut]

I still don't think you understand which is more difficult to do.

-Crissa

I know you don’t, and it’s sad how many people run with bad assumptions and refuse to listen to people actually working in the field. I have no idea why. Since I’ve worked on both, daily, for decades, I know from experience and not some wild theory. I’m just mystified and maybe people are right that you’re just trolling.

 

[ldjessee]

Other than social engineering (which I understands happens and is a commonly used attack method, but applies to all forms of communication, not just fax nor email), how would one intercept a fax?

I could see ways to get copies after the fact, I could see ways potentially intercept and play man in the middle with physical access to the phone ‘closet’ (rack, etc) at either end, but I am not aware of how it would be done remotely.

Remotely isan important point because of the opportunities to remotely intercept email, which I thought was what was the comparison, and why many law firms will accept fax but not emails…

 

[rr6013]

why many law firms will accept fax

Legally acceptable document in court of law

 

[SwampNut]

Other than social engineering (which I understands happens and is a commonly used attack method, but applies to all forms of communication, not just fax nor email), how would one intercept a fax?

There are lots of ways. You have to realize that in all stages of transmittal, a fax is just an analog noise. Everyone has heard a fax or modem tone right? It's the same as sending music or voice down a wire. You record it. Literally just record it onto a tape. It's exactly the same as voice.

If you open a room with these in it, and run a wire from any station cord to the mic input on a $20 recorder, it will record the fax.

I just came home from walking this property. It's big, and EVERY one of these rooms was accessible to me without staff intervention. Ridiculous.

I got my start in telecom by reading a Radio Shack book as a child, and then attacking the phone network whenever I could sneak into places like this. And it was, and is, easy. Nobody protects them.

Now, most faxes eventually get converted into unencrypted digital signals. So it travels alongside the emails. But the emails ON THE SAME WIRE are encrypted. Fax is not. On my network (I run a small phone company) any of the admins can tell the digital signal to copy itself onto a hard drive. And now we have a recording of the fax with no manual access. I can be anywhere in the world and instruct a server or switch to record all calls including faxes. I can then download that and play it, or in the case of fax, just dump it into software and view it. We do this with permission only of course, to troubleshoot. But I could just as well do it nefariously.

 

[SwampNut]

and why many law firms will accept fax but not emails…

I don't know of any. I serve a few law firms, and I am currently engaged with three of them as a client for a variety of reasons. All of them are fine with email.

Legally acceptable document in court of law

So just like email. I know, because I'm doing it RIGHT NOW.

 

[Ogre]

Other than social engineering (which I understands happens and is a commonly used attack method, but applies to all forms of communication, not just fax nor email), how would one intercept a fax?

I could see ways to get copies after the fact, I could see ways potentially intercept and play man in the middle with physical access to the phone ‘closet’ (rack, etc) at either end, but I am not aware of how it would be done remotely.

Remotely isan important point because of the opportunities to remotely intercept email, which I thought was what was the comparison, and why many law firms will accept fax but not emails…

Email is not considered secure communications either so I’m not sure why it’s used as any sort of benchmark.

Fax is more secure in some ways than email, but less secure in others. Neither is considered secure by anyone who protects data for a living. There are ways to secure email. PGP for example. But the basic transport is not considered remotely “secure” and being less prone to a MiTM attack than email doesn’t make it any more or less secure.

 

[SwampNut]

Let’s suppose that I send an email from my Gmail account to my lawyer’s office 365 account. At what point in the chain do you believe that the email is unencrypted?

 

[Ogre]

Let’s suppose that I send an email from my Gmail account to my lawyer’s office 365 account. At what point in the chain do you believe that the email is unencrypted?

It’s a fair enough point. Email has gotten a lot more secure than it was 10 years ago. I just don’t like using it as a benchmark for what is secure. Because there is no way to ensure the target of your email will use a secure way of accessing that email.

 

[Crissa]

Let’s suppose that I send an email from my Gmail account to my lawyer’s office 365 account. At what point in the chain do you believe that the email is unencrypted?

It's not encrypted. I don't know why you think it is. Your connection to the server is vaguely encrypted - but only vaguely, anyone on the same networks can access those encrypted packets. It's not encrypted on the end servers, and they run it through their AI unencrypted. Then the server attempts to talk to the other, doing several hand offs and again, anyone sniffing packets has access.

To get your fax they literally need access to your physical line. And once it gets to the telco fiver, it no longer can be sniffed without direct administrative access to their tools.

Yeah, the telco isn't great security, but no, email is not encrypted, above the base value of your ssl session.

-Crissa

 

[SwampNut]

It's not encrypted. I don't know why you think it is.

Because I’m literally standing in a data center staring at encrypted data between mail clients this very second. SSL is encryption. Most everything else you said is wrong. I personally do capture faxes remotely. You are under completely mistaken assumptions about networks.

 

[SwampNut]

It’s a fair enough point. Email has gotten a lot more secure than it was 10 years ago. I just don’t like using it as a benchmark for what is secure. Because there is no way to ensure the target of your email will use a secure way of accessing that email.

I agree with that, of course. Though in the case of some thing like my attorney, we already established that we are both using secure email. Fax has never been secure whatsoever in any way and often travels along the same wires. That’s the silliness of preferring fax for security.

 

[Crissa]

Email is not secure, and your lawyer is an idiot, since email is targetable in discovery.

-Crissa

 

[SwampNut]

Email is not secure, and your lawyer is an idiot, since email is targetable in discovery.

-Crissa

LOL, three lawyers, all idiots. One is my daughter in law with a some kind of constitutional law award. But you’re the expert. Hilarious.
Did you ever tell us what your network job and certifications are? How long have you worked in network routing, switching, and telecom? You have yet to tell us your industry experience and certifications.

Sponsored