Re: Doing "Secure Documents" in Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 09/15/2014 01:02 AM, Chris Murphy wrote:

On Sep 14, 2014, at 2:02 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote:


On Sep 13, 2014, at 12:27 PM, Mickey <binarynut@xxxxxxxxxxx> wrote:


I
On 09/13/2014 01:39 PM, Steven Stern wrote:

On 09/13/2014 11:56 AM, Mickey wrote:

Fedora 20/KDE

How do you use Secure Documents in Fedora ?

Secure Documents like someone that wants to send you MONEY

is that some sort of brand name or product (because you capitalized it)
or are you talking about transferring securely encrypted files?


I'm not sure, my Sister on her Fedora 20 box said she had gotten a Secure Document of someone sending her Money and she said she couldn't read it.
Until I can see what she is talking about tomorrow, I will get back to you on it, I would imagine it has something to do with encrypted files.

I would sooner imagine it's a phishing attack. People don't just randomly send other people money by email without first agreeing on the method of exchange: Google Wallet, PayPal, Bitcoin, etc. And none of those send encrypted emails as confirmations. (They probably ought to sign those emails, but that's a different problem.)

This is cute:
http://www.bravaviewer.com/secure-document-viewer

"Content Sealed Format (CSF) is our proprietary encrypted neutral format that is ideal for secure, convenient file sharing. Similar to PDF and TIFF, CSF is an accurate, encrypted rendition of the source document file.

"CSF Secure document files can't be modified.

"Unlike PDF or TIFF, CSF is not an open format so no third party translators, editors or conversion tools exist to compromise content security."

I'm glad they have a free reader, but this is an egregious lie.
In crypto, you have to prove it to parties that are trusted at large by others to attest to your security.
I was asked to certify one product and when I asked them what mode of operation they were using with AES, they responded "that is proprietary" (we had to sign an NDA to even get to this step). There is NOTHING proprietary about AES modes of operation, unless you are using the wrong one! I responded that the evaluation ends here and it failed.
Another time, I broke a password scheme with a two urn probablity attack. then proposed a different scheme that the vendor incorporated. We signed off on the product.
I am just one of many that do this work. NEVER use a security product unless you are able to determine who is behind it and who reviewed it. 


--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux