Home page logo
/

bugtraq logo Bugtraq mailing list archives

RE: response to tax software not encrypting tax info
From: "er t" <er587 () hotmail com>
Date: Thu, 13 Mar 2003 19:20:13 +0000

Mom and Pop use this software, your English teacher uses this software, probably even your local baker... This is a case of Vendor vs. User... I Thank PivX for helping the Community and WE must help out our users.

You can almost bet the that the users of the Tax program use IE to surf the internet, and mostly unpatched. The dangerous web site, knowing the default location of the Tax files, or even the unprotected "net use IP C:" doesn't help out our users.

What could help our users is a default simple encryption of the Tax files.

You are correct when saying

"I am wondering, is it really the responsibility of every piece of software that handles potentially sensitive info to provide (strong)encryption capabilities?"

Because not everyone using today's computers can utilized EFS or a third party encryption tool.



.er.587

-----Original Message-----
From: auto40951 () hushmail com [mailto:auto40951 () hushmail com]
Sent: Thursday, March 13, 2003 1:27 PM
To: bugtraq () securityfocus com
Subject: response to tax software not encrypting tax info



-----BEGIN PGP SIGNED MESSAGE-----

PivX:

I am wondering, is it really the responsibility of every piece of software that handles potentially sensitive info to provide (strong)encryption capabilities?

I think the onus of protecting sensitive info should fall on the user in many cases. This obviously includes not sharing your tax info on KaZaA or on network shares and using reliable third-party encryption software to protect anything that you really don't want other people to know about. NTFS permissions and EFS can also be used to this effect. In the end, these measures will also be way way way more effective than relying on some hacked together info encoding algorithm that merely obsfucates your tax info and introduces the additional security "vulnerability" of weakly encoding the information.

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wl0EARECAB4FAj5wzmoXHGF1dG80MDk1MUBodXNobWFpbC5jb20ACgkQ7s7ZokLom1is
MQCgkLFM8vUJ/boRAC0EUTRlPlucuFcAl26K776nL35aCX8x5xU/IR/Olb8=
=SwAH
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427










_________________________________________________________________
Tired of spam? Get advanced junk mail protection with MSN 8. http://join.msn.com/?page=features/junkmail


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault