Permalink

#5144 – pgq

This was posted over 17 years ago; my opinions, thoughts, attitude, and writing style may have evolved since then, and this post might have been different if it were to be posted today.

i found out the other day that UMUC has a job search system for students/graduates, so i tried checking on there for positions in the united states that need an information systems management degree. so WHY did i get this result for the university of wisconsin?

makes about twice as what i make now. sigh. maybe i should take up quilting. 😛

so in the news today i saw that sarah palin’s yahoo! email account was hacked, and folks are up in arms about her using a non-agency account for government business. i definitely agree about that — you should see how many emails we get at work from people in government agencies that try submitting requests for their federal accounts from free or semi-public email addresses like gmail.com, yahoo.com, comcast.net, aol.com, etc…. and then there are the agencies that have said “well yes, but we don’t have our own domain for our city / department / whatever”, but i don’t really think that’s much of an excuse: i mean, i pay for my domain names, what? $9.95 / month? get out of those free email services, people! sheesh!

in fact, i’m kind of surprised that because we’re doing all these account changes for federal agencies that we’re just using basic, unencrypted email. there’s definitely options out there (sheesh, even i have an x.509 certificate — if your email client supports it, you could import this certificate and then send me your certificate as well, or have me send you a signed email and you do the same, and then email communications between the two of us could then be encrypted. this method can also be used to just sign emails, so as long as you kept other people from using your computer, then the signed email would show that you were the one who sent the message to me, and i could be sure that it wasn’t forged and sent by someone from elsewhere. or you could import my pgp public key and provide your own public key as well…)

while i doubt that a lot of small-town organizations would have the impetus or the skillz to set up such a secure email system (or even the real desire to), i had been wondering even before yahoogate why something like this isn’t set up for us at work, if only to provide an extra level of protection for some of the sensitive agencies we support. (we have a list of users who are authorized for each agency, and we check any messages we receive against that list to see if the person who submitted the request is allowed to process changes on the specified account, hence why having a method to ensure that the person who submitted the request is really the person you think submitted the request.)

from my information security class we learned that your business tools and data are of no use if they’re locked down so tight that nobody can get to them, not even you, so i can understand why there are reasons things aren’t done the way i’d like them to be.

my biggest complaint about my nifty codes and such? nobody else seems to have any, so all i can do is tell folks the email i sent really did come from me. what fun is a secret decoder ring if nobody else has one to play with too?

this makes me pretty curious — how many folks on my friends list actually use encryption for communications, and if so, what system(s) do you use?