[NTLUG:Discuss] OT? security comparsion

Neil Aggarwal neil at JAMMConsulting.com
Mon Nov 28 14:26:23 CST 2005 

Hello:

> 1. submit information with regular http:// form

That is a bad idea.  It is completely insecure.

> 2. submit information with SSL https:// form

That is secure.

> 3. Fax information to them

>From a purely transmission point of view, this is secure
(unless you are being wiretapped) *only if* it is sent over 
regular phone lines and does not use an Internet fax service
for any point in the transmission.

Having said this, most customer will not spend the time
and effort to place orders this way.

> 4. Call them and give the information (leave message) 

Again, from a purely transmission point of view, this is secure
(unless you are being wiretapped) *only if* it is sent over 
regular phone lines and does not use a VOIP service that 
traverses an insecure network.

Having said this, most customer will not spend the time
and effort to place orders this way.

Thanks,
	Neil

--
Neil Aggarwal, JAMM Consulting, (214) 986-3533, www.JAMMConsulting.com
FREE! Valuable info on how your business can reduce operating costs by
17% or more in 6 months or less! http://newsletter.JAMMConsulting.com 

-----Original Message-----
From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org] On Behalf
Of m m
Sent: Monday, November 28, 2005 10:52 AM
To: discuss at ntlug.org
Subject: Re: [NTLUG:Discuss] OT? security comparsion

All:

Thanks for all the valuable inputs

Sorry for not very clearly state my question:
What I am asking is "in sending of packet(s)" (make sense ?)

"from the user input the credit card number (for example)
on the web form (from the user's browser)
to the server (database, email server...)"

An example:
If there is a e-commerce website
you want to buy something from them
they offer 4 type of payment method
(the credit, address... information need to be submitted/sent)

1. submit information with regular http:// form
2. submit information with SSL https:// form
3. Fax information to them
4. Call them and give the information (leave message)


which way(s) you will not (never) do?
why? most of the answer would be security reason.

most people will do #2 but not #1
I think this is because SSL.

But how is the chance your information got
captured in the "middle the net"?
if the chance is the 0.1%
I think I have a ridiculous conclusion:
#1 and #2 have almost no different
but is the chance is 80% and above
definitely, no option for #1

>From Madhat and other mentioned
How does the information been saved, stored
Janitor see the fax information...
I think this is another issue.
because you never know
how they store/handle your information, right?



>From: MadHat <madhat at unspecific.com>
>Reply-To: NTLUG Discussion List <discuss at ntlug.org>
>To: NTLUG Discussion List <discuss at ntlug.org>
>Subject: Re: [NTLUG:Discuss] OT? security comparsion
>Date: Wed, 16 Nov 2005 11:38:44 -0600
>
>On Nov 16, 2005, at 11:04 AM, Neil Aggarwal wrote:
>>Greg:
>>
>>I did not dismiss SSL in any of my comments.
>>
>>He was asking if email or fax was more secure than an SSL connection
>>and I stated that email was not.
>
>Fax is not more secure, unless you know where it is going.  About  like SSL

>it is about how the data is handled on the far end.  If you  are sending a 
>FAX to a general fax machine, anyone in the company may  see it.  Do you 
>know if the janitor, who makes minimum wage, has  access to the faxes?  Do 
>they shred the faxes after the data is  entered somewhere else or do they 
>just through them away?  Transport  is only one issue to worry about.
>
>
>>
>>	Neil
>>
>>--
>>Neil Aggarwal, JAMM Consulting, (214) 986-3533, www.JAMMConsulting.com
>>FREE! Valuable info on how your business can reduce operating costs by
>>17% or more in 6 months or less! http://newsletter.JAMMConsulting.com
>>
>>-----Original Message-----
>>From: discuss-bounces at ntlug.org [mailto:discuss-bounces at ntlug.org]  On 
>>Behalf
>>Of Greg Edwards
>>Sent: Wednesday, November 16, 2005 9:55 AM
>>To: NTLUG Discussion List
>>Subject: Re: [NTLUG:Discuss] OT? security comparsion
>>
>>Neil Aggarwal wrote:
>>>Terry:
>>>
>>>Using your analogy, I think it is like putting the key in an  envelope,
>>>writing the word "Key" on the outside, and leaving it on top of the
>>doormat.
>>>
>>>Anyone that is looking will have full access to whatever you are  
>>>sending.
>>>
>>>If they are looking the in the first place, they have some  mischeivious
>>>or malicious intent.
>>>
>>>	Neil
>>>
>>
>>Don't be so quick to dismiss the value of SSL.  As well stated  earlier,
>>it's not SSL and the information transferred that hackers get.   They get
>>it from the back end of systems they've broken into.  I don't know the
>>percentages of which OS is cracked more often, but I'd think my  luck 
>>guess
>>of M$ being in the 95%+ would be right ;)
>>
>>If you do insist on sending zip files encrypt them first.  Let your
>>receivers know off line what the encryption key is and they'll be  able to
>>decrypt and uncompress with "unzip".  Your unzip does have to have the
>>encryption option compiled in.
>>
>>--
>>Greg Edwards
>>New Age Software, Inc. - Software Engineering Services
>>http://www.nas-inet.com
>>
>>_______________________________________________
>>https://ntlug.org/mailman/listinfo/discuss
>>
>>
>>_______________________________________________
>>https://ntlug.org/mailman/listinfo/discuss
>>
>
>--
>MadHat (at) Unspecific.com, C²ISSP
>E786 7B30 7534 DCC2 94D5  91DE E922 0B21 9DDC 3E98
>gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98
>
>
>_______________________________________________
>https://ntlug.org/mailman/listinfo/discuss

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


_______________________________________________
https://ntlug.org/mailman/listinfo/discuss

More information about the Discuss mailing list