nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 16 May 2018 08:34:16 -0400
On Tue, May 15, 2018 at 10:42:31AM +0100, Brandon Butterworth wrote:

and phishers/exploiters. HTML markup in email is used exclusively
by four kinds of people </python>


I'll accept that as a friendly amendment. ;)

It is -- to Brian Kantor's point elsewhere in the thread -- very
unfortunate that many banks and financial institutions have spent much
of the past couple of decades assiduously training their customers to
be phish victims.  Some of them, including a very well-known, very
large company I'm communicating with at the moment, have compounded
that blunder by handing over lists of the email addresses of all their
customers to third parties, thus making it vastly easier for phishers
to get their hands on them.

(If the latter isn't clear, consider: suppose you were in the professional
phishing business.  "professional" as in doing it competently, not sending
messages full of fractured syntax.  Can you think of some places where you
would like to have one of your employees positioned?  How about some place
that handles customer email data for *many* banks/financial institutions?
One-stop shopping, as it were.  No need to get people into 27 different
operations when all you need to do is get one person into one.  And, most
likely, every one of those 27 has done you the favor of knocking themselves
out to make their customers vulnerable to you.  You're welcome.)

---rsk
Previous By Date Next
Previous By Thread Next

Current thread: