![]() |
|
News News regarding BSD and related. |
![]() |
|
Thread Tools | Display Modes |
|
|||
![]()
Per the subject line, the FBI has issued a new warning about iPhone/Android text messaging.
I personally never trusted a mobile device funded by companies that data harvest and ended up moving my banking from a bank that would only authenticate via text to one that would also authenticate via email. Being inately cheap, I have been using the email server that is bundled with my ISP. I know it is encrypted (protocol displayed when logging in via mutt) but I'm wondering if it would be prudent to set up a 3rd party email account with a provider that is more focused on security? Last edited by shep; 23rd December 2024 at 03:23 AM. Reason: spelling |
|
||||
![]()
Email uses the Simple Mail Transfer Protocol, SMTP. The SMTP protocol is 43 years old, and predates the Internet or any concept of computer security. While it has had enhancements, and some portions of email transfer can be encrypted, most mail starts and ends as plaintext content. Consider that email is functionally is now dominated by a handful of large providers who provide "free" services in order to mine the contents of our messages for their revenue. The transmission of our messages may be encrypted -- sometimes -- but the transfer agents generally deal with ASCII, MIME, or S/MIME encoded plaintext.
Should you decide to use one of the "security-focused" smaller email providers, you'll need to investigate carefully, as it appears some of these companies' "security" services may be theatrical rather that functional. One of the providers I've seen mentioned in this negative way has a name which rhymes with "snow pond fail". If you're unfamiliar with SMTP and its use in a modern Internet, I recommend Michael Lucas's book, Run Your Own Mailserver. You don't ever have to implement a mailserver of your own to use the book; you'll learn a whole lot about modern email and how it works -- or, doesn't. It's geared for the admin who doesn't have an email background but wants to know what it takes to run it. Heck, I've been using email since the late '70s and running email servers since the early '80s, and found lots of value in it. |
|
|||
![]() Quote:
|
|
|||
![]()
Fair enough.
I wasn't asking for tips or free lunch. But after 6 pages (120+ posts) of reading and debate on "the other forum" I realized that only the Big guys are "allowed" to safely provide and run their own mail servers. Thank you for your input, I'll stick with third-party. Less hassle for me. |
|
||||
![]()
Then there is some sort of misunderstanding. It's a very large playing field, and all of us can participate. It just requires some understanding and provisioning effort to join in. The infrastructure requirement is relatively small: an internet-facing server with static IP address(es), and a domain name.
|
|
|||
![]()
There is no misunderstanding. If I may, I'd point you to a thread (I'm not advertising any forum, just follow the discussion, if you have some time to kill, your choice) https://forums.freebsd.org/threads/r...w-lucas.93777/
|
|
||||
![]()
Thank you for the link. I'm not a FreeBSD user, so I don't participate there.
I have started going through it. I can say my experience differs from the first page full of complainers there -- that's as far as I've gotten today -- perhaps because I use a third-party DNS service where I have control over my own domain records. My current server provider is openbsd.amsterdam, and I've been very pleased. My prior server provider was Vultr.com -- and I was pleased with the operational side, I stopped using them due to T&C changes. Operationally, Vultr requires a service ticket to open port 25 for a customer MTA. For me -- other customers may have different experiences -- the IPv4 addresses I was assigned happened to arrive with a previous history of minor reputation issues, solved quickly with the associated block lists. |
|
||||
![]() Quote:
Quote:
By the way, Quote:
|
|
|||
![]()
I still have a land line but it will not receive a text. The Bank I moved away from, in the OP, would only authenticate via text to a mobile phone.
The US Government agencies where you set up an account, at least the NSF, NIH, and SSA/Medicare, will phone with an audible 2FA key. Last edited by shep; 21st December 2024 at 05:18 PM. |
![]() |
Thread Tools | |
Display Modes | |
|
|
![]() |
||||
Thread | Thread Starter | Forum | Replies | Last Post |
Yubikey as a second factor in OpenBSD | bceverly | OpenBSD Security | 1 | 12th July 2023 10:03 PM |
2 factor authentication | stanl | Off-Topic | 0 | 10th December 2022 05:12 PM |
Two Factor Authentication | Peter_APIIT | OpenBSD Security | 7 | 20th June 2015 02:50 AM |
Other SSL CA recently compromised | backrow | News | 0 | 23rd March 2011 03:46 PM |
ZeuS trojan attacks bank's 2-factor authentication | J65nko | News | 0 | 22nd February 2011 02:38 PM |