EV-specific trailers incoming!

SwampNut

Well-known member
First Name
Carlos
Joined
Jul 26, 2021
Threads
11
Messages
1,124
Reaction score
1,614
Location
Peoria, AZ
Vehicles
Tesla M3LR, Gladiator Rubicon
Occupation
Geek
Country flag
This whole thing devolved with an erroneous claim that fax had some form of security. Fax is never encrypted in transmission. Email is *mostly* encrypted in transmission. There are fewer opportunities to grab an email off the wire. It takes more technical ability to find that email among the other traffic. Fax is either analog audio which you can record on a cassette, or T.38 FoIP signaling that is totally cleartext, and you can simply record to a drive and open in a packet capture tool.

I don't know what level of fear I'd have to reach to make me not email documents. The threat is pretty much nothing.
Sponsored

 

SwampNut

Well-known member
First Name
Carlos
Joined
Jul 26, 2021
Threads
11
Messages
1,124
Reaction score
1,614
Location
Peoria, AZ
Vehicles
Tesla M3LR, Gladiator Rubicon
Occupation
Geek
Country flag
To put a fine point on this, you have to expend effort to try to NOT have your email secure.
 

JBee

Well-known member
First Name
JB
Joined
Nov 22, 2019
Threads
18
Messages
4,752
Reaction score
6,129
Location
Australia
Vehicles
Cybertruck
Occupation
. Professional Hobbyist
Country flag
"Email is prone to the disclosure of information. Most emails are encrypted during transmission, but they are stored in clear text, making them readable by third parties such as email providers.[1] By default, popular email services such as Gmail and Outlook do not enable end-to-end encryption.[2] By means of some available tools, persons other than the designated recipients can read the email contents.[3]"
https://en.wikipedia.org/wiki/Email_encryption


I've spent significant remote time with lawyers over the last few years for several purposes, most notably the handling of an estate and the sale of a home. Never did we use email for anything other than casual conversation. Documents were submitted and/or downloaded via a secure web server, and Docusign used for signatures.

If something is 99% secure, it is 0% secure. Whenever I send email, I just assume Putin is reading it.
Thank you for distracting world leaders with your important national security email correspondence to your mum. :cool:
 


ldjessee

Well-known member
First Name
Lloyd
Joined
Apr 22, 2020
Threads
14
Messages
1,148
Reaction score
1,357
Location
Indiana, USA
Vehicles
Nissan Leaf, MYLR, Kaw 1700 Vaquero
Occupation
Business Intelligence Manager & Analyst
Country flag
LOL. I’ve only been doing it for 30 years, one day I’ll get to your level.
I have been doing email since I was in the army in 1990.
The email protocol does NOT require any encryption, that was added later. And what was added was between email servers. Only something inside of the email (like PGP or GPG) will get you true end to end encryption. Not really part of the 'protocol' per se, but is allowed in the changes made to the email protocol/standards.

And I already talked about the encrypted fax machines and services on the market for lawyers and medical professionals that are HIPAA compliant that uses a public private key pair to establish a one-time AES encryption key.

I have seen nothing that changes my opinion that faxes and email are both insecure nor that once you have physical access, all bets are off.
 

ldjessee

Well-known member
First Name
Lloyd
Joined
Apr 22, 2020
Threads
14
Messages
1,148
Reaction score
1,357
Location
Indiana, USA
Vehicles
Nissan Leaf, MYLR, Kaw 1700 Vaquero
Occupation
Business Intelligence Manager & Analyst
Country flag
This whole thing devolved with an erroneous claim that fax had some form of security. Fax is never encrypted in transmission. Email is *mostly* encrypted in transmission. There are fewer opportunities to grab an email off the wire. It takes more technical ability to find that email among the other traffic. Fax is either analog audio which you can record on a cassette, or T.38 FoIP signaling that is totally cleartext, and you can simply record to a drive and open in a packet capture tool.

I don't know what level of fear I'd have to reach to make me not email documents. The threat is pretty much nothing.
I disagree, as the phone network, outside of the end points, is hard to access and definitely hard to access remotely, I believe emails are easier to access remotely, as someone could compromise an email relay server remotely and thus become 'man-in-the-middle'.

And no, Faxes are not just clear text anymore... or atleast, do not have to be.

The number one attack vector is email attachments and links. Why would you already not be paranoid about emailing documents, especially of any importance?

I try to avoid it at all costs, using other products, like DropBox, GoogleDrive, etc for file sharing.
 

SwampNut

Well-known member
First Name
Carlos
Joined
Jul 26, 2021
Threads
11
Messages
1,124
Reaction score
1,614
Location
Peoria, AZ
Vehicles
Tesla M3LR, Gladiator Rubicon
Occupation
Geek
Country flag
I disagree, as the phone network, outside of the end points, is hard to access and definitely hard to access remotely, I believe emails are easier to access remotely, as someone could compromise an email relay server remotely and thus become 'man-in-the-middle'.
Completely false, as they generally go to the same places and on the same wires. Again, I do this every damn day.

And no, Faxes are not just clear text anymore... or atleast, do not have to be.
They are unless you've purchased specially secured machines and everyone uses them. In the context of a random person faxing their doctor or lawyer, they are necessarily clear text.

Have I mentioned that I do this EVERY.DAMN.DAY?

The number one attack vector is email attachments and links. Why would you already not be paranoid about emailing documents, especially of any importance?
Because it's just not a realistic threat. Just emailed a patient form to a new doctor. No fucks given.
 

SwampNut

Well-known member
First Name
Carlos
Joined
Jul 26, 2021
Threads
11
Messages
1,124
Reaction score
1,614
Location
Peoria, AZ
Vehicles
Tesla M3LR, Gladiator Rubicon
Occupation
Geek
Country flag
Also, I should not have used your "clear text" misnomer above, but was trying to speak the same language. A fax is a bitmap. It's literally one little pixel at a time across the page in lines. In fact my first fax machine had a single sensor that was drawn across the page, which sat on a spinning drum. It would read a line while transmitting, and then the next, etc. Fax hasn't changed much other than now the scanner has sensors all across it and moves down the page, and the paper stays in place. The data is just a bitmap, white, black, white, black... All recordable as audio.

Let me mention, I do this all damn day, and have access to the switches remotely. I can and do record faxes, nearly all email on the network is encrypted.
 


ldjessee

Well-known member
First Name
Lloyd
Joined
Apr 22, 2020
Threads
14
Messages
1,148
Reaction score
1,357
Location
Indiana, USA
Vehicles
Nissan Leaf, MYLR, Kaw 1700 Vaquero
Occupation
Business Intelligence Manager & Analyst
Country flag
Completely false, as they generally go to the same places and on the same wires. Again, I do this every damn day.

They are unless you've purchased specially secured machines and everyone uses them. In the context of a random person faxing their doctor or lawyer, they are necessarily clear text.

Have I mentioned that I do this EVERY.DAMN.DAY?

Because it's just not a realistic threat. Just emailed a patient form to a new doctor. No fucks given.
Hey, do you do this every day? I do not think that was clear! ;)

Well, show me how remote access hacks via faxes that have happened, and I will believe you.

https://blog.checkpoint.com/2022/10/26/third-quarter-of-2022-reveals-increase-in-cyberattacks/

This article is talking about the average being 1,130 email attacks per week per organization, with some industries having a much higher rate (like education, the industry I work in).

Now, why is it email is used as a vector to breach security in so many companies? Why not use the less secure fax machine?

I think it is because the ease and the ability to do it from anywhere in the world.

Is there any sources for attacks or the insecurity of faxes? I have not found any.

I have tried to help doctor and dentist offices improve security... what they think is secure and acceptable, I do not. YMMV
 

ldjessee

Well-known member
First Name
Lloyd
Joined
Apr 22, 2020
Threads
14
Messages
1,148
Reaction score
1,357
Location
Indiana, USA
Vehicles
Nissan Leaf, MYLR, Kaw 1700 Vaquero
Occupation
Business Intelligence Manager & Analyst
Country flag
Also, I should not have used your "clear text" misnomer above, but was trying to speak the same language. A fax is a bitmap. It's literally one little pixel at a time across the page in lines. In fact my first fax machine had a single sensor that was drawn across the page, which sat on a spinning drum. It would read a line while transmitting, and then the next, etc. Fax hasn't changed much other than now the scanner has sensors all across it and moves down the page, and the paper stays in place. The data is just a bitmap, white, black, white, black... All recordable as audio.

Let me mention, I do this all damn day, and have access to the switches remotely. I can and do record faxes, nearly all email on the network is encrypted.
You run a phone company, I would hope you have access to switches.

How many people have access to those switches? Can they get to those switches remotely, like from across an ocean?

And again, since you have the keys to the kingdom, your ability is not the same as the ability of a Russian, Chinese, or other malicious actor that does not have physical access to the switches, servers, etc.

But maybe if someone opens an attachment in an email while connected, maybe those malicious actors can get access...
 

SwampNut

Well-known member
First Name
Carlos
Joined
Jul 26, 2021
Threads
11
Messages
1,124
Reaction score
1,614
Location
Peoria, AZ
Vehicles
Tesla M3LR, Gladiator Rubicon
Occupation
Geek
Country flag
But maybe if someone opens an attachment in an email while connected, maybe those malicious actors can get access...
Many faxes end up as email attachments.

This thread is hilarious and is feeding much amusement on a telecom industry list. “What consumersassume incorrectly.” Carry on.
Sponsored

 
 




Top