LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 10-11-2017, 09:22 AM   #1
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,081

Rep: Reputation: 45
Do self-destruct emails require that the receiving computer gets malware-infected?


Someone said emails can be made to self-destruct when they reach their destination and are read. Does this require that the receiver's computer gets infected with malware?

Last edited by Ulysses_; 10-11-2017 at 09:27 AM.
 
Old 10-11-2017, 01:30 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,053
Blog Entries: 14

Rep: Reputation: 1226Reputation: 1226Reputation: 1226Reputation: 1226Reputation: 1226Reputation: 1226Reputation: 1226Reputation: 1226Reputation: 1226
This site suggests the email itself isn't sent - an encryption key to allow you to open the email on the sending server is sent instead. Once you use that key the email on the sending server is deleted.

The likelihood I would click on such a link from an unknown source is zero. The likelihood I would allow anything to run a script of some sort from within the email so it installed malware is also zero.

There are companies I've dealt with that do send me messages to open a link to see the actual message. (Many Banks do this for B2B now.) However, I haven't dealt with any that delete the message after I first view it. I can click the link as often as I want. Also most such sites actually require me to create my own login account on the sending server then login before I can view any messages.

Cisco offers a service called Cisco Registered Envelope Service (a/k/a Cisco Res) that companies can use for this purpose. There are 2 different companies I've gotten Cisco Res emails from and the login I created for the first one is the same used for the second one. (In fact it wasn't until I did the second one that I realized I'd previously signed for the first one.) Other partners seem to have their own internal service.

Of course "internal" these days is a bit muddled - many are using Google apps including email or MS Office365 so their "internal" email is actually hosted by an external provider.

Last edited by MensaWater; 10-11-2017 at 01:33 PM.
 
Old 10-12-2017, 10:15 AM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,629
Blog Entries: 4

Rep: Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001
There really is no substitute for using an e-mail client program (versus "web-mail") which supports cryptographic security. There are two well-known standards – GPG (PGP®), and S/MIME.

Microsoft Outlook®, for instance, supports S/MIME out-of-the-box, even in their consumer versions. So does OS/X.

With both of these systems, the various parties who are communicating set up cryptographic credentials, placing their public keys on a commonly-available key server. Messages sent by any party are automatically "signed" using their key, which the recipient can (and does, automatically ...) verify. Messages sent to any party can optionally be encrypted using the recipient's public key, which (only) the recipient can then decipher.

The process is completely transparent, unless you receive an un-signed message from a party whom you expected to have signed it, or a message that you are unable to decrypt!

As an illustration of why this is important: once I got an e-mail message, "from my wife," "sent from her iPhone," which said that her car had broken down (nearby!) and would I please come to help her. Which of course is very strange because she was sitting in the next room at the time, using her Android phone! (I immediately called both the local police and the FBI office. I don't know what happened next.) Nevertheless, when the message arrived, it was instantly flagged as "suspicious" because it didn't bear her digital signature. Therefore I knew – even if she had not been home at the time – that the message probably didn't actually come from her. Was someone trying to set me up for an armed robbery? I'll never know.

You also have "automagic" assurances that the message which you received is bit-for-bit the message that was sent. Criminals can intercept an e-mail and substitute a different e-mail in its place. But they can't change signed message-content, not one "bit," without being detected.

It completely baffles me why corporations have not long-ago embraced this, given the sensitivity of the e-mails that they sent out every day. And why GMail, the world's most widely-used webmail service, having once supported it, took it out.

Last edited by sundialsvcs; 10-12-2017 at 10:19 AM.
 
Old 10-12-2017, 05:56 PM   #4
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,081

Original Poster
Rep: Reputation: 45
Quote:
Originally Posted by sundialsvcs View Post
Was someone trying to set me up for an armed robbery? I'll never know.
Spooky indeed. Are you possibly of value for reasons other than money, such as speaking too loudly about conspiracies?
 
Old 10-13-2017, 09:39 AM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,629
Blog Entries: 4

Rep: Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001Reputation: 3001
Quote:
Originally Posted by Ulysses_ View Post
Spooky indeed. Are you possibly of value for reasons other than money, such as speaking too loudly about conspiracies?
An interesting Utter nonsense. idea ... I hadn't You're not being watched. even thought of that.

I think that you should be using a secure app for "text messaging," and secured e-mail for that form of communication, for exactly the same reasons that you have been taught to use "https" web sites. Not necessarily to encrypt the communication, but at least to vouch for it. The technology to do so is readily available, is standardized, and it works unobtrusively. Like any good deployment of crypto security, "you don't have to think about it or, really, pay much attention to it."

When you receive a paper letter in your mailbox, notice who it's from and open the (sealed) envelope, you already have pretty good assurance that "your friend" sent you a letter and that you are now holding an un-scissored copy of it. (Unless you are revealing that on 9/11 what really happened was ##CENSORED##.) You have no such assurances on the Internet, and there really are people out there who will exploit it ... and you.

- - - - -

Today you should also assume that "a copy of your message will never go away." Even if a mail service promises to give your message the ol' Mission: IMPOSSIBLE treatment, just assume that they won't. Somewhere out there, there's a government agency who could issue a (secret?) subpoena or search-warrant, and they have to be able to honor it.

(Furthermore, the Honorable Court can serve such a warrant upon you, and in that case you have to honor it ... They can certainly oblige you to reveal encryption keys (to the Court), and if there are any laws concerning your communication – e.g. financial securities – you are obliged to keep your own archives, encrypted though they be, and to be able to decrypt them if ordered.)

I frankly find the benefits of such services to be very doubtful. I want to encrypt or sign the message myself, and likewise verify the signature. If the message is secret, I want it to pass through all public transports in an encrypted-by-me/signed-by-me state, from the moment it leaves "my" computer until it arrives at "yours."

Last edited by sundialsvcs; 10-13-2017 at 09:51 AM.
 
Old 10-13-2017, 10:16 AM   #6
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,081

Original Poster
Rep: Reputation: 45
It's funny how the same technically savvy person who can endlessly dive in the deep waters of linux, the same person can be utterly clueless in politics. I bet you think Stephen Hawking is alive.
 
Old 10-13-2017, 11:03 AM   #7
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Void
Posts: 130

Rep: Reputation: 38
Quote:
Originally Posted by sundialsvcs View Post
Microsoft Outlook®, for instance, supports S/MIME out-of-the-box, even in their consumer versions.
Mostly, that is.
http://www.zdnet.com/article/outlook...t-unencrypted/

However, "self-destruct" emails can't exist: The process of sending an e-mail involves the creation of multiple copies of that e-mail. It's not a paper letter.
 
Old 10-16-2017, 11:12 AM   #8
dave@burn-it.co.uk
Member
 
Registered: Sep 2011
Distribution: Puppy
Posts: 356

Rep: Reputation: 134Reputation: 134
Quote:
I bet you think Stephen Hawking is alive.
HE IS as at 16th Oct 2017.

http://en.mediamass.net/people/steph...deathhoax.html

I rather suspect that his death will be reported quite promonently on Worldwide news.

In any case, like his party, he won't announce it until well after the event, just to see if time travel exists!!

Last edited by dave@burn-it.co.uk; 10-16-2017 at 11:16 AM.
 
Old 10-16-2017, 04:42 PM   #9
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,081

Original Poster
Rep: Reputation: 45
https://www.youtube.com/watch?v=LDvgZKfUuoc
 
Old 10-16-2017, 11:49 PM   #10
rokytnji
LQ 5k Club
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: AntiX 17 , ChromeOS
Posts: 5,204
Blog Entries: 20

Rep: Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478Reputation: 2478
Come here using Seamonkey and watch the unencrypted page warnings.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
If you infected by any of these recent ELF malware cases please contact us? malwaremustdie Linux - Security 13 12-05-2016 01:37 AM
Malware Attack Infected 25,000 Linux/UNIX Servers touch21st Linux - Security 1 03-21-2014 02:13 AM
LXer: Nearly 33 million Android devices infected by malware in 2012 LXer Syndicated Linux News 0 04-16-2013 05:20 PM
LXer: BT Claims Almost Every Android Device Is Malware Infected LXer Syndicated Linux News 0 07-29-2012 05:41 PM
iframe worm or malware infected my php pages ddaas Linux - Security 4 05-22-2009 01:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 10:01 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration