Re: Insecure or Unsecure

[MadHat <madhat () unspecific com>]

On Sep 6, 2005, at 11:58 AM, Drsolly wrote:
> > Plain text email is not insecure.
>
> This demonstrates the fact that I don't know what "insecure" means.
>
> A plain text email can be read by any of the servers it routes over;
> that's why banks don't like credit card numbers to be sent via plain
> email. So, plain text email is insecure. On the other hand, a plain  
> text
> email can't carry malicious software, so it's secure. So is plain text
> email secure or insecure?  Answer - I don't know. You have to say  
> "secure
> against some particular threat", you can't say "secure".

My interpretation:
Plain text email is not insecure.  If you send data that you do not  
wish for others to see, it is the wrong method to use and that data  
would be insecure when being routed across systems.  The insecurity  
is based on proper usage of the software and protocols in this  
example.  In some examples the software does have it's own  
insecurities, and it could be that the protocols are insecure by poor  
implementation (or design), but in this situation, the protocol does  
what it was intended and works the way it was designed.  The  
insecurity comes from use cases, not specifically the underlying  
transport method.

I think Shrdlu's answer covers it pretty well.

> Is software secure or insecure? Same answer. I don't know.
>
> On the grammatical question originally asked, "unsecure" is a verb,
> "insecure" is an adjective.

--
MadHat (at) Unspecific.com, C²ISSP
E786 7B30 7534 DCC2 94D5  91DE E922 0B21 9DDC 3E98
gpg --keyserver wwwkeys.us.pgp.net --recv-keys 9DDC3E98