From: Jay Hennigan (jay@west.net)
Date: Wed Mar 03 2004 - 15:27:23 GMT-3
On Wed, 3 Mar 2004, Joseph D. Phillips wrote:
> This isn't strictly CCIE-related, but I'm sure one of you will come across this at your workplace.
>
> My question: if I scribble a password on a sheet of paper, scan that image to a .pdf and mail it, can anyone sniff that password?
Yes. There is no confidentiality in a .pdf or a regular email attachment.
> Otherwise I would have to fax it, or call someone to deliver the password.
Both of those methods are inherently less secure. Anyone with a handful
of Rat Shack parts can tap a telephone or redirect/capture a fax (which
is really a .tiff delivered by modem when you get down to it.) And the
result of the fax is a piece of paper in some distant place with your
password on it, probably along with your company name and phone number at
the top of the page. One of those silly cover sheets with paragraphs
of dire legal threats simply screams "Juicy stuff follows", although they
are so common now (even showing up on emails to this list) that they no
longer represent juicy stuff and are routinely ignored anyway.
You need to be thinking PGP, SSL, IPSEC, etc., but if I had my choice
I'd take email over a fax, and for sure ofer a phone call.
-- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:13 GMT-3