[NTLUG:Discuss] OT? security comparsion
MadHat
madhat at unspecific.com
Tue Nov 15 13:40:42 CST 2005
On Nov 15, 2005, at 1:17 PM, m m wrote:
> Hi All:
>
> A lot of security experts say sending important on the internet is
> not a good idea.
> It is true. But a lot of advantages make people willing to send
> importand information over internet.
> Pay by credit card online is one of the example.
>
> Does send credit number via email will be "more" secure that SSL
> web site? I am talk in generic situation. like we all know https://
> will be more secure the http://.
>
> useing fax even more secure?!
No, email is not more secure in it simplest form. If you encrypt the
email with something like PGP/GPG it can be more secure, but remember
that emmail takes hops from one servver to another and it is normally
plain text. Anyone sniffing on any of the mail servers (assuming
they are not using SSL which most don't) would be able to read the
contents of the email. SSL site are only as secure as the back end
where the data is dealt with. Is your CC being stored in plain text
or is it encrypted if stored at all? It is better to deal with the
info and not store it all, unless necessary. I used to work as part
of the security team of a large company that does nothing but online
transactions for themselves and others and I know how it was dealt
with and I am comfortable using them. Some places, no so much. Some
of the thing to keep in mind is what is the data you are sending?
Who are you worried about seeing it? What is the worse thing that
can happen if someone else does see it? How trustworthy is the
entity you are dealing with (the one you are sending the data to)?
--
MadHat (at) Unspecific.com, C²ISSP
E786 7B30 7534 DCC2 94D5 91DE E922 0B21 9DDC 3E98
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
More information about the Discuss
mailing list