Email security: PGP/GPG & S/MIME vulnerability drop imminent

Barry_Shein · May 15, 2018, 5:46pm

Thirty years ago we thought graphical and even interactive email would
soon be the cat's pajamas (or possibly the bee's knees.)

Now we live in a world of seemingly ever-shrinking and pessimistic
expectations -- ok perhaps that's overstating a little -- largely due
to security considerations.

Don't do that, you'll poke your eye out!

Admittedly I never send HTML email and mostly find it annoying when I
receive it, tho not always.

We need to figure out how to have our cake and eat it too, "the k00l
kidz don't use html email" won't accomplish much except maybe among
the k00l kidz.

Alan_Buxey1 · May 15, 2018, 7:30pm

real ones send such formulae as LaTeX attachments - where their recipients
can have a simple plugin to view/display it inline (then save to
edit/modify etc).
HTML is horrible for formula...but at least I guess a little better than MS
Word.

alan

Hunter_Fuller · May 15, 2018, 7:41pm

Ah, the classic "no true Scotsman." I haven't seen one of these in a while.

I think the vast majority of HTML email use is due to "email formatting and
markup" being somewhere near the end of the priority list. I know that's
where it resides on mine.

Rich_Kulawiec · May 16, 2018, 12:34pm

I'll accept that as a friendly amendment.

It is -- to Brian Kantor's point elsewhere in the thread -- very
unfortunate that many banks and financial institutions have spent much
of the past couple of decades assiduously training their customers to
be phish victims. Some of them, including a very well-known, very
large company I'm communicating with at the moment, have compounded
that blunder by handing over lists of the email addresses of all their
customers to third parties, thus making it vastly easier for phishers
to get their hands on them.

(If the latter isn't clear, consider: suppose you were in the professional
phishing business. "professional" as in doing it competently, not sending
messages full of fractured syntax. Can you think of some places where you
would like to have one of your employees positioned? How about some place
that handles customer email data for *many* banks/financial institutions?
One-stop shopping, as it were. No need to get people into 27 different
operations when all you need to do is get one person into one. And, most
likely, every one of those 27 has done you the favor of knocking themselves
out to make their customers vulnerable to you. You're welcome.)

---rsk

Octavio_Alvarez1 · May 17, 2018, 12:28am

There is a need for rich-text these days. What is your proposal?