this post was submitted on 24 Dec 2023
21 points (80.0% liked)

cybersecurity

3249 readers
9 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Enjoy!

founded 1 year ago
MODERATORS
 

The Internet and email is old at this point.

It can be reasonably argued that email links are a significant threat vector right now.

So far, we just keep trying to sandbox links or scan attachments, but it's still not stopping the threat.

My questions for comment:

  • Would removing anonymity from email reduce or remove this threat? If business blocked all uncertified email senders, would this threat be gone?
  • Why can't we do PKI well after a few decades?
  • Does anyone believe PKI could apply to individuals? In the context of identity for email, accounts, etc?

I see services like id.me and others and wonder why we can't get digital identity right and if we could, would it eliminate some of the major threats?

Image credit: https://www.office1.com/blog/topic/email

Edit, post not related to the site or any service, just image credit.

you are viewing a single comment's thread
view the rest of the comments
[–] CaptObvious@literature.cafe 4 points 10 months ago (1 children)

How do these demonstrate that email is the main attack vector?

[–] MSgtRedFox@infosec.pub 1 points 10 months ago (1 children)

Did you need it to say: I felt like the number one? I was basing my assessment on all the recent breach notices I've heard.

Maybe you can qualify the threats statistically, or from Gartner surveys.

Right now, we're all left with people having to deal with being one click away from workstation compromise, PrivEsc, exfil. Boo.

[–] CaptObvious@literature.cafe -1 points 10 months ago

These seem to focus on phishing. There are other threats. Phishing happens via channels other than email.

You may be right in your assessment, but this evidence doesn’t support your claim.