l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2005 Feb 11 16:30

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Email vs. FAX Security
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Email vs. FAX Security



on Wed, Feb 02, 2005 at 10:20:14AM -0800, Robert G. Scofield (rscofield@afes.com) wrote:
> I think I know the answer to this, but I want to make sure.  I believe
> that it is more secure to FAX a document than it is to email a
> document or message, right?  This assumes that one does not use email
> encryption.

As stated:  it depends.

Some businesses (businesses, law offices) prefer faxes because the
documents can be shredded.

If you're sending to a print-on-receipt FAX machine, the main hope for
interception is while the message is live on the wire.  That said, US
intelligence services are thought to tap into the global telecoms
networks, particularly long-distance satellite and fiber links, with the
capacity to store (if not meaningfully process) the intercepts.  This is
one reason for other nations to take an interest in developing
independent coms nets.
 
> I realize that someone can tap a phone line, and that would enable a
> person to intercept a FAX.  But at least a FAX does not sit on a
> server waiting to be downloaded, 

Bad assumption.

If you _don't_ know what the remote fax system does, you're rather more
vulnerable.  More systems are now "store, print on demane", which means
your FAX sits on a disk somewhere until recalled.  And may continue to
do so.  Other systems use electronic delivery:  your recipient gets a
TIFF of your document, not the actual document itself.

Once data are in binary format, they can of course be readily
disseminated, though w/o OCR, the resulting files are large and somewhat
unweildy, and OCR is notoriously inexact, particularly on poorer-quality
faxes.

> like an email message does.  It would
> seem easy for an ISP's system administrator to use the root password
> to read the email of the ISP's customers. ( I know I can log in as
> root on my Linux system and use the "more" command to read my
> downloaded email.)  

Or your boss.  Or cow-orkers.  Or an unfriendly war driver.  Or the
person who buys the PC at an electronics recycling event, finding an
unwiped HD.

Note too that your greatest risks are generally _not_ transmit-time
intercepts, but unauthorized access from storage (or binnage).  Hard
drives, remaindered hardware, dumpster diving.

> Does anybody here believe that ISP system administrator's ever do such
> a thing?

Routinely.  Usually as a method of testing systems.  Most administrators
are probably not security threats, and respect customer confidentiality.
Some don't.

Most helpful is knowing who you're dealing with, what their security
precautions are, and establishing your own expectations.

For a low cost, "security" envelopes with a scotch-taped flap are among
the better ways of transmitting documents in a tamper-resistant form,
with reasonable expectations of privacy.

Otherwise, I think if you Google for "gpg rant" you might find something
worth reading.

...and after that, look at Steve Bellovin's "Can Someone Read My
E-Mail?"

    http://www1.cs.columbia.edu/~smb/securemail.html


Peace.

-- 
Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Free Software Primer -- concepts you need to understand
    http://twiki.iwethey.org/Main/FreeSoftwarePrimer

Attachment: signature.asc
Description: Digital signature

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!