Emailing attachments - a car crash waiting to happen

Posted by cverrier on Tue, 04/08/2009 - 13:49 in Blogs 1125 4 comments | report

It's long been said that emails should be treated like postcards - only use them when you don't mind them being read by the postman.

Email, by its nature is horribly insecure. The underlying technology (SMTP) was designed and built by a bunch of Californian geek types (at UCLA, mainly) who gave almost NO thought to security because it was assumed that it would be used within a single organisation only.

When you send an email - it travels to its destination via other people's hardware - that's the way the Internet works. The exact route taken can vary from minute to minute.

If you send a draft tax-return to a client as an unencrypted PDF file - that file can be intercepted and read with an ease that makes postcards look like paragons of discretion.

Now, let's not overstate things. The reality, of course, is that the chances of this actually happening are tiny - not many people are THAT interested in your client's tax returns, and they'd have to wade through the VAST quantities of other data that is streaming across that corner of the Internet.

Nevertheless - it can be argued that sending something like a tax return over unencrypted email could be a breach of your responsibilities under the Data Protection Act. All it would take is the right combination of high-profile client and tabloid feeding-frenzy, and your PII providers will be earning their money for the next few months.

The solution doesn't have to be complex. Every PDF-creation system I've seen (including the ones built into tax products) has an option to set a password. This feature encrypts the data in the PDF to a degree that will deter all but the most determined (and well resourced).

Make arrangements with each of your clients to use a standard password for all email communications, and make sure that this password is used whenever sending email attachments. It's an extra hassle for your staff, but one day, it's going to save your bacon.

Comments

PDF passwords are easily broken...

Anonymous | Tue, 04/08/2009 - 14:12 | Permalink

I have software on my computer that will allow me to open locked PDFs. I don't have to even try to guess the password to be able to open the files. The only benefit of using passwords is to be able to see when the file has been changed from the original.

For really secure e-mails you need to use a security system such as PGP. Unfortunately not many organisations appear to use it.

Hmmmm

cverrier | Thu, 06/08/2009 - 15:16 | Permalink

There are two kinds of PDF password..

'Owner' passwords protect the document against certain actions once you've opened it (stopping you from printing it, for example).

'User' passwords are MUCH stronger and fully encrypt the PDF file.

The are any number of utilities offering to break the first of these two, because it's pretty feeble.

User passwords, however, are very tough - the document is fully encrypted (just like PGP) and the only utilities I've seen all rely on 'brute force' approaches like automated processes to try every single word in the English language until one works. (e.g. it can take days).

There are also TWO levels of encryption, decided by the PDF compatibility level selected in the General Job options panel.

The 40-bit RC4 (Acrobat 3.x, 4.x Compatible) encryption level has a lower level of security, but is compatible with Acrobat 3 and 4. The 128-bit RC4 (Acrobat 5 Only) encryption level has a higher level of security, but is compatible only with Acrobat 5 and above.

It's possible that the older approach might be breakable, but I'm not aware that the 128-bit is vulnerable.

If it is - I'd be interested in a steer towards that software you have.

They are easier to break than you think

jonbryce | Wed, 23/09/2009 - 12:42 | Permalink

A Tesla S1070 supercomputer which costs about £6000 can go through about 2bn passwords per second. 40 bit encryption has a little over 1tn possible combinations, so it could go through them all in less than 10 minutes. A standard desktop computer with a Core 2 Quad processor can do about 70m passwords per second, or add in the right sort of Nvidia graphics card for about £150, and it can do about 1bn passwords per second.

For a dictionary attack of passwords, there are about a million words to go through, so even a very modest computer can do that quicker than you can read the answer off the screen.

What's the alternative? Royal Mail?......

Anonymous | Fri, 30/10/2009 - 11:29 | Permalink

-- KH

I would have thought that whatever system we accountants use for sending sensitive data to our clients is rather fraught with pitfalls. Or, to put that another way, how much faith do you have in your letters arriving at the right destination every time, and no one ever opening them en route? Especially when there is a huge backlog of post already hanging around in sorting offices?

Sure, we have to take care, but what level of care is considered to be judicious?

Add comment

This blog

Putting Computers into Practice

Charles Verrier has worked with IT systems for the accounting profession since back when the Internet was all fields.

For many years, Charles was Product Manager for 'Singleview' - the Document Management system marketed by Solution 6/MYOB.

He now works freelance after many years working for assorted suppliers to the profession. Charles is not an accountant, but he does hang around with them a lot.

This blog focuses on all aspects of IT and its application to accountants in practice, with occasional forays into pure technology and geekery.

(old hands may recognise the blog name as a tag line used by MICL many years ago. It's not used any more, and I'm pretty sure I came up with it in the first place!)

Visit this blog's homepage