[7549] in cryptography@c2.net mail archive
insecure MessageMedia's "secure window"
daemon@ATHENA.MIT.EDU (Ed Gerck)
Mon Jul 24 13:31:22 2000
Date: Mon, 24 Jul 2000 09:48:00 -0700
From: Ed Gerck <egerck@nma.com>
To: cryptography@c2.net
Message-id: <397C7340.7E5B72AD@nma.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
Yahoo - MessageMedia Adds Secure Messaging Capabilities to Service Offerings
http://biz.yahoo.com/bw/000724/co_message.html
The article contains a common misconception
and a product flaw if it the description is correct:
In a MessageMedia secure messaging application, the recipient receives a ``package notification.''
To view the secure message, he then launches a web page and uses a dynamically
assigned personal identification number (PIN) to access the information. Data cannot be copied from
the secure window, although the message can be archived for later viewing or can be
automatically deleted after a set amount of time has elapsed.
Of course, any data that can be seen can be copied -- by hand, by
screen grab, by video memory scan, by a virus, by a trojan horse
that mirrors your screen, etc. To say otherwise is misleading and
a security risk. Not much future there.
Cheers,
Ed Gerck
