David Shaw on 23 Dec 2008 13:15:36 -0800 |
On Mon, Dec 22, 2008 at 12:20:13PM -0500, brent timothy saner wrote: > Alex Valentine wrote: > > > http://www.gnupg.org/ > > > i'd really have to second GnuPG. it's a bit more work to set up the web > of trust since it reeeeeaaally should be done in person, but you > shouldn't have much problems if your organisation is around 50 members > or less. > > i've not heard of hushmail but being the paranoid person i am, i don't > trust third party developers/services when it comes to security. :) To a point, you must trust other developers. After all, you (probably) didn't write every line of code on your computer, and many of those bits of code can subvert your security just as well as a malware security application. (i.e. Why bother to trojan GnuPG, when I can intercept keystrokes from the keyboard driver?) It is very wise to be cautious about services, though. Even if a service is well intentioned and correctly implemented, you cannot know that it will remain that way forever. At least code that runs on your own box remains basically static and can't change its behavior after a subpoena: http://www.itnews.com.au/News/65213,hushmail-turns-out-to-be-anything-but.aspx http://www.privacydigest.com/2007/11/19/hushmail+warn+users+law+enforcement+backdoor http://blog.wired.com/27bstroke6/2007/11/pgp-creator-def.html Nothing against Hushmail - they run a good system, and it's secure from what it is intended to be secure against. Users should be aware, though, of what it is not intended to be secure against. David ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|