At A Glance Main Projects Tutorials Resume

Contact


Email: palen1c at gmail.com




Fax to Email Services are Insecure

Tue, 20 Aug 2013 10:10:05 EST

An old fax machine. Photo by Abhisek Sarda.
Yes; in the dark people using fax to email services; they are insecure and will never be secure. You should not be using them. This is a somewhat random quick article, but one that has been on my mind for quite a while. In the last year I have had the pleasure of dealing with various local and regional companies with financial assets. I recognize that it's difficult for the general public to keep up with computer security; but the companies I have dealt with really need to train their representatives to be aware of how insecure e-mail is.
(Photo from Flickr by Abhisek Sarda)

The documents financial representatives require for larger transactions such as mortgages or loans can be used to completely wipe someone out; so a cavalier attitude about sending them around is flat out incompetent.

No way around it; at some point e-mail messages are highly likely to be in the clear; which means they can be intercepted an read by anyone during that time period. This is especially true when e-mail messages are sent from SMTP server to server. For example: (This is not verified for these providers but a hypothetical scenario that is generally true.) When a Verizon e-mail user sends e-mail to a Yahoo e-mail user, the e-mail message must take a path between those two services. During the company to company e-mail transmission, most e-mail is completely in the clear and can be intercepted or archived.

Computer security isn't my main job, but it plays a large role in all of the projects I work on. I've been lucky to need to know how many network services work at a very low level. I have watched email transit to and from mail servers in the clear. I have done hacking on services and protocols on my own networks to understand them. Even a simpleton like me understands several processes that could be used to intercept sensitive financial information parties are sending through e-mail.

There are two scenarios I can think of that would make a Fax to Email service potentially acceptable from a security standpoint.
  1. If the fax to e-mail provider were encrypting all of these faxes using a technology like PGP.
  2. If the fax to e-mail provider would only allow retrieval of these faxes by an isolated online system where recipients would have to log in..eliminating the "e-mail" portion of a fax to e-mail service.

Charles Palen has been involved in the technology sector for several years. His formal education focused on Enterprise Database Administration. He currently works as the principal software architect and manager at Transcending Digital where he can be hired for your next contract project. Charles is a full stack developer who has been on the front lines of small business and enterprise for over 10 years. Charles current expertise covers the areas of .NET, Java, PHP, Node.js, Javascript, HTML, and CSS. Charles created Technogumbo in 2008 as a way to share lessons learned while making original products.

Comments

No one has posted any comments yet, be the first

Comments are currently disabled.

Post Message

Techno Gumbo RSS Feed

Related Links


PGP On Wikipedia
Abhisek Sarda's Fax Photo on Flickr