[Fed-Talk] Re: Fed use of SSL Man-in-the-middle?
[Fed-Talk] Re: Fed use of SSL Man-in-the-middle?
- Subject: [Fed-Talk] Re: Fed use of SSL Man-in-the-middle?
- From: Niels Olson <email@hidden>
- Date: Thu, 05 May 2011 13:21:18 -0700
Are there any fed security (apple or other) mailing lists? Don't want
to clobber this forum with unrelated content. Thanks for the insight
though.
On Thursday, May 5, 2011, David Mueller <email@hidden> wrote:
> On 5/5/11 11:02 AM, "Niels Olson" <email@hidden> wrote:
>
>> What's the motivation to monitor personal email?
>
> I can think of three reasons off the top of my head. All basically have to
> do with bypassing the corporate email infrastructure and the services and
> protections it provides.
>
> 1. Personal email bypasses company spam/antimalware services, so something
> hostile that comes in via your personal email can infect your company system
> and spread into your network.
>
> 2. Personal email bypasses the outgoing mail services which could
> potentially be used to monitor outgoing mail for exfiltration of proprietary
> data that shouldn't be released outside the organization.
>
> 3. Personal email bypasses incoming and outgoing mail servers which could be
> archiving data due to legal or regulatory requirements to do so.
>
> A great example of the third one is some talk this week about issues the
> iPad is presenting with respect to the Presidential Records Act mandating
> that official communications be archived. It seems to me that the iPad angle
> is a red herring trying to get attention by pegging the issue to a popular
> product; I see the issue as more general in that any use of personal email
> accounts, regardless of the device, bypasses the automatic archiving
> provided by the White House's email system.
>
> http://thehill.com/blogs/hillicon-valley/technology/158965-ipad-presents-pro
> blems-for-presidential-records-act
>
> - David
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Fed-talk mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
>
--
Niels Olson
email@hidden
h/c: (410) 212-1281
http://nielsolson.us
This message may contain private information for persons named above. Please
don't share that information with anyone without a need to know. If you
received confidential information without a PGP wrapper, assume it was
compromised, delete it, tell the sender, and try to tell the victim. Please
don't send someone else's private information if you're not reasonably
certain the recipient has a need to know and that the message will be kept
private. Plain email is not private. In some cases, such as health
information protected under the US HIPAA law or information protected under
the US Privacy Act, plain email may be illegal. If you must relate a
person's identity to their private information in email, use Hushmail or
insist your recipients provide you their PGP public key. My public key is
here: http://nielsolson.us/contact.html.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden