Email security: PGP/GPG & S/MIME vulnerability drop imminent

Rich Kulawiec rsk at gsp.org
Wed May 16 12:34:16 UTC 2018


On Tue, May 15, 2018 at 10:42:31AM +0100, Brandon Butterworth wrote:
> and phishers/exploiters. HTML markup in email is used exclusively
> by four kinds of people </python>

I'll accept that as a friendly amendment. ;)

It is -- to Brian Kantor's point elsewhere in the thread -- very
unfortunate that many banks and financial institutions have spent much
of the past couple of decades assiduously training their customers to
be phish victims.  Some of them, including a very well-known, very
large company I'm communicating with at the moment, have compounded
that blunder by handing over lists of the email addresses of all their
customers to third parties, thus making it vastly easier for phishers
to get their hands on them.

(If the latter isn't clear, consider: suppose you were in the professional
phishing business.  "professional" as in doing it competently, not sending
messages full of fractured syntax.  Can you think of some places where you
would like to have one of your employees positioned?  How about some place
that handles customer email data for *many* banks/financial institutions?
One-stop shopping, as it were.  No need to get people into 27 different
operations when all you need to do is get one person into one.  And, most
likely, every one of those 27 has done you the favor of knocking themselves
out to make their customers vulnerable to you.  You're welcome.)

---rsk



More information about the NANOG mailing list