this post was submitted on 24 Dec 2023
22 points (80.6% liked)

cybersecurity

3262 readers
8 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
22
submitted 10 months ago* (last edited 10 months ago) by [email protected] to c/[email protected]
 

The Internet and email is old at this point.

It can be reasonably argued that email links are a significant threat vector right now.

So far, we just keep trying to sandbox links or scan attachments, but it's still not stopping the threat.

My questions for comment:

  • Would removing anonymity from email reduce or remove this threat? If business blocked all uncertified email senders, would this threat be gone?
  • Why can't we do PKI well after a few decades?
  • Does anyone believe PKI could apply to individuals? In the context of identity for email, accounts, etc?

I see services like id.me and others and wonder why we can't get digital identity right and if we could, would it eliminate some of the major threats?

Image credit: https://www.office1.com/blog/topic/email

Edit, post not related to the site or any service, just image credit.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 4 points 10 months ago* (last edited 10 months ago) (1 children)

Would removing anonymity from email reduce or remove this threat? If business blocked all uncertified email senders, would this threat be gone?

So as a goober that keeps getting jobs where my employer mandates that I am assigned an email address from their private email system, is told to "practice cyber security awareness" blah blah blah, and then is immediately spammed by internal emails with a shit ton of links (from people who are strangers to me but actually work for the same employer) from inside the org, I don't think removing anonymity would eliminate the threat. I'm being habituated into opening, reading, and encouraged to click links from "strangers" by my employer.

It might make it easier to for an attacker to ID a target though.

[โ€“] [email protected] 1 points 10 months ago

So serious corporate culture issue