Bugtraq mailing list archives
RE: response to tax software not encrypting tax info
From: "er t" <er587 () hotmail com>
Date: Thu, 13 Mar 2003 19:20:13 +0000
Mom and Pop use this software, your English teacher uses this software, probably even your local baker... This is a case of Vendor vs. User... I Thank PivX for helping the Community and WE must help out our users.
You can almost bet the that the users of the Tax program use IE to surf the internet, and mostly unpatched. The dangerous web site, knowing the default location of the Tax files, or even the unprotected "net use IP C:" doesn't help out our users.
What could help our users is a default simple encryption of the Tax files. You are correct when saying"I am wondering, is it really the responsibility of every piece of software that handles potentially sensitive info to provide (strong)encryption capabilities?"
Because not everyone using today's computers can utilized EFS or a third party encryption tool.
.er.587 -----Original Message----- From: auto40951 () hushmail com [mailto:auto40951 () hushmail com] Sent: Thursday, March 13, 2003 1:27 PM To: bugtraq () securityfocus com Subject: response to tax software not encrypting tax info -----BEGIN PGP SIGNED MESSAGE----- PivX:I am wondering, is it really the responsibility of every piece of software that handles potentially sensitive info to provide (strong)encryption capabilities?
I think the onus of protecting sensitive info should fall on the user in many cases. This obviously includes not sharing your tax info on KaZaA or on network shares and using reliable third-party encryption software to protect anything that you really don't want other people to know about. NTFS permissions and EFS can also be used to this effect. In the end, these measures will also be way way way more effective than relying on some hacked together info encoding algorithm that merely obsfucates your tax info and introduces the additional security "vulnerability" of weakly encoding the information.
-----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wl0EARECAB4FAj5wzmoXHGF1dG80MDk1MUBodXNobWFpbC5jb20ACgkQ7s7ZokLom1is MQCgkLFM8vUJ/boRAC0EUTRlPlucuFcAl26K776nL35aCX8x5xU/IR/Olb8= =SwAH -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _________________________________________________________________Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail
Current thread:
- response to tax software not encrypting tax info auto40951 (Mar 13)
- <Possible follow-ups>
- RE: response to tax software not encrypting tax info er t (Mar 14)
- Obfuscating sensitive data? (was: response to tax software not encrypting tax info) Andreas Beck (Mar 14)
- Re: Obfuscating sensitive data? (was: response to tax software not encrypting tax info) Dan Harkless (Mar 14)
- Re: response to tax software not encrypting tax info Andreas Marx (Mar 15)
- Obfuscating sensitive data? (was: response to tax software not encrypting tax info) Andreas Beck (Mar 14)
- RE: response to tax software not encrypting tax info Ken.Williams (Mar 14)