Insecure security practices: Name and shame

[r00igev@@r]

Companies using unencrypted email:
- Huawei
- Telkom
- Deep Sea Controllers
- Sharenet
- Various ERPs
- FNB notifications
- SAIParks

 

[RonSwanson]

Companies using unencrypted email:
- Huawei
- Telkom
- Deep Sea Controllers
- Sharenet
- Various ERPs
- FNB notifications
- SAIParks

You been doing midnight SMTP log reviews again?
How do you know that they aren't using SMIME, or some other app level crypto ?

 

[r00igev@@r]

You been doing midnight SMTP log reviews again?
How do you know that they aren't using SMIME, or some other app level crypto ?

-> Network Miner

Easiest way to see the issue - I left out the printers which cannot be configured securely.

What are you doing awake?

 

[RonSwanson]

-> Network Miner

Easiest way to see the issue - I left out the printers which cannot be configured securely.

Has your client authorised you to read their email?

What are you doing awake?

I work around the clock, have clients in Japan (and US).

 

[r00igev@@r]

Has your client authorised you to read their email?

Have you been authorized to ask me?

 

[RonSwanson]

Have you been authorized to ask me?

No authorisation necessary, you are calling companies out on a public forum.

 

[r00igev@@r]

No authorisation necessary, you are calling companies out on a public forum.

Well you not receiving any answers.

 

[RonSwanson]

Well you not receiving any answers.

Your silence on the matter is sufficient

Rather call out the printer manufacturers whose products don't do opportunistic SMTP over TLS...

 

[r00igev@@r]

Your silence on the matter is sufficient

Rather call out the printer manufacturers whose products don't do opportunistic SMTP over TLS...

Are you a troll for Eskom and Telkom?
Where was there silence? I just wrote you are not authorized to receive any discloses.

 

[r00igev@@r]

Companies using unencrypted email:
- Huawei
- Telkom
- Deep Sea Controllers
- Sharenet
- Various ERPs
- FNB notifications
- SAIParks

The silence by the companies on this matter speaks volumes.

 

[RonSwanson]

Are you a troll for Eskom and Telkom?
Where was there silence? I just wrote you are not authorized to receive any discloses.

I have a permit. I can do whatever I want.

 

[got_shafted]

unencrypted email is a minor thing, we have companies in SA leaking their customers id documents and bank accounts with insecure apis

 

[r00igev@@r]

unencrypted email is a minor thing, we have companies in SA leaking their customers id documents and bank accounts with insecure apis

Like MTI?

 

[r00igev@@r]

I have a permit. I can do whatever I want.

Please go and requisition Squirrel's sofa and deliver it to me. I want a Lambo for XMAS.

 

[RonSwanson]

Please go and requisition Squirrel's sofa and deliver it to me. I want a Lambo for XMAS.

 

[RonSwanson]

unencrypted email is a minor thing, we have companies in SA leaking their customers id documents and bank accounts with insecure apis

True.
If an organisations' email was so secret, they would deploy S-MIME (or a myriad of other solutions), and not cross their fingers and hope that an external sender or recipient MTA was correctly configured.

 

[S0CiT2me24/7/365]

And nobody has taken them to task on this, weird that they are not doing anything about it!

 

[RonSwanson]

And nobody has taken them to task on this, weird that they are not doing anything about it!

Whose clone are you?

 

[CT_Biker]

Companies using unencrypted email:
- Huawei
- Telkom
- Deep Sea Controllers
- Sharenet
- Various ERPs
- FNB notifications
- SAIParks

Responsible and reasonable disclosure is not always a safety net...

 

[r00igev@@r]

Responsible and reasonable disclosure is not always a safety net...

No disclosure or anything that fancy pants. Just email them from any email and its unencrypted.