Not wood, money-saving VoIP project

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • LinuxRandal
    Veteran Member
    • Feb 2005
    • 4889
    • Independence, MO, USA.
    • bt3100

    #16
    My understanding, at least with fax and a legal perspective, is one reason the fax is considered a legal document is the time stamp on them. (sent/received same time) Email may be delayed (I can hit send but not have my computer online, and it only sends the next time online, and the receive time is different), and that makes a difference in legal filings.
    She couldn't tell the difference between the escape pod, and the bathroom. We had to go back for her.........................Twice.

    Comment

    • Carlos
      Veteran Member
      • Jan 2004
      • 1893
      • Phoenix, AZ, USA.

      #17
      Nearly all e-mail is instant. It also not only carries the timestamp of the receiver and the sender, but has the timestamps from intermediary servers that are almost impossible to interfere with. I can change the time on my fax machine. You can change the time on yours. Nothing can stop that. Meanwhile you're not going to fiddle with the clock on the servers at Gmail, Cox, Comcast, Verizon, etc etc. There's a much more trackable and verifiable e-mail path.

      Ohhhh, and... The e-mail has a CRC check to make sure it hasn't been changed. So someone could actually show that even one character was changed. Faxes have zero validation and anyone can photoshop them (and I have, legally, when dealing with fools who had unreasonable demands). If I sent you a modded PDF, that would leave a trace. So when I've had to change a document and hide that, I just fax it to "clean" off the changes.

      Comment

      • Carlos
        Veteran Member
        • Jan 2004
        • 1893
        • Phoenix, AZ, USA.

        #18
        Reminds me... A couple months ago we had to deal with some legal forms, and as always, we filled them out and "signed" them electronically. Sent them by e-mail. The e-mail part was fine, but the recipient insisted that it had to be a wet, on paper signature. I could scan and e-mail it or fax it. So I faxed the very same electronically-signed document, and they accepted it, since you can't tell how it was created or signed.

        Oh, and months before that, another company wanted us to fill out a form allowing them to accept future electronic signatures. No really, that sounds beyond stupid, but it was true. Sign a form to allow electronic signatures. I electronically signed that one and sent it.

        I swear half my career is spent dispelling assumptions and myths.

        Comment

        • woodturner
          Veteran Member
          • Jun 2008
          • 2047
          • Western Pennsylvania
          • General, Sears 21829, BT3100

          #19
          Originally posted by Carlos

          I swear half my career is spent dispelling assumptions and myths.
          I can understand that. Sometimes people think they have a good understanding of an issue, and they may well have good knowledge from their experience and perspective, but maybe don't have the knowledge or experience from a different part of the network or service. That may be what leads people to think that email is instant, that email can be secured, that email time stamps cannot be changed in undetectable ways, or that a recipient could change the time stamp on a fax sender's machine.

          Mean while, the bad guys are harvesting and exploiting information from "secure" emails every day. Sadly, some of those harvesting are the providers and carriers themselves. A certain dominant player in the market has been repeatedly called to task for harvesting and misusing user information. Wish you could review some of the CERT data and investigations, but much of it is not public. They do have a public mail list where they report some of their investigations, if you are interested.

          The best advice is something my grandmother told me years ago, but applies amazingly well to newer technology:
          1. Don't write down (email, post) anything you would not want your grandmother or your pastor to read.
          2. Don't say (on telephone, text, etc.) anything you would not want your grandmother or pastor to hear.
          3. Be wary of those asking too many questions or for personal information.
          --------------------------------------------------
          Electrical Engineer by day, Woodworker by night

          Comment

          • Carlos
            Veteran Member
            • Jan 2004
            • 1893
            • Phoenix, AZ, USA.

            #20
            I never suggested that timestamps can't be changed in undetectable ways, nor that someone could change the time on the other end's fax machine. That would be silly. The facts that most e-mail is actually instant and can be secured can easily be researched.

            EDIT: I do review public CERT data regularly and have two private sources of similar data that I review regularly. And one is particularly fun since it comes from a friend inside one of the top players in encrypted file inspection.

            Comment

            • woodturner
              Veteran Member
              • Jun 2008
              • 2047
              • Western Pennsylvania
              • General, Sears 21829, BT3100

              #21
              Originally posted by Carlos
              The facts that most e-mail is actually instant and can be secured can easily be researched.
              I agree that even a quick internet search will show multiple explanations why email is most often not instant and cannot be made secure.

              Seems best to "agree to disagree" at this point, it's difficult to have a good technical discussion on a woodworking forum. If you are really interested in discussing and learning more about this, let's move the discussion to a computer security forum.

              --------------------------------------------------
              Electrical Engineer by day, Woodworker by night

              Comment

              • Carlos
                Veteran Member
                • Jan 2004
                • 1893
                • Phoenix, AZ, USA.

                #22
                LOL.

                Want to explain how you make fax secure, or prevent the other end changing the timestamps? This should be good.

                Comment

                • Carlos
                  Veteran Member
                  • Jan 2004
                  • 1893
                  • Phoenix, AZ, USA.

                  #23
                  Seems apropos... Customer just called to complain that some e-mails are taking as long as five minutes to arrive, and should that be a concern since they are usually instant. Investigating the timestamps on various relays, it looks like one of their clients, a government agency, has actually built in a purposeful delay. It is exactly the same on every e-mail. Maybe to allow things like "recall this e-mail" if you second-guess yourself right after sending? The rest of their mail is still flowing within seconds.

                  Comment

                  • Carlos
                    Veteran Member
                    • Jan 2004
                    • 1893
                    • Phoenix, AZ, USA.

                    #24
                    I know you think you know all of this. But here are some super-simple factual errors:

                    1. It is easily possible to secure e-mail, and lots of companies provide a variety of products and services to do that. Good encryption is essentially unbreakable. Yesterday I set up DKIM/DMARC on a medical e-mail server so that the e-mails can be authenticated and have the metadata treated as secure (the transport was already secure, but now also the timestamps and message progress are too).

                    2. Faxes today are transmitted right along e-mail on the same network. I know this because it's actually what I do. Except the faxes are in totally unencrypted, easy to capture/decode ULAW format and the e-mails are encrypted. If you'd like to send me a fax I can tell you exactly what places it touched and where it could be captured.

                    3. My HIPAA-covered clients use and prefer e-mail, but provide fax for the senders who are still working in the 90s.


                    Comment

                    • woodturner
                      Veteran Member
                      • Jun 2008
                      • 2047
                      • Western Pennsylvania
                      • General, Sears 21829, BT3100

                      #25
                      Originally posted by Carlos
                      you know all of this.

                      If you want to learn why it's not possible to secure email, why faxes are not transmitted by email, and why HIPAA prohibits email, let's take this to a computer security forum. This really is not the place for this discussion.

                      BTW the board rules prohibit personal attacks:

                      No personal attacks.
                      None, Period. It does not matter if the person attacked is a member or not or living or dead. If you mention another person or party your post must be positive.
                      --------------------------------------------------
                      Electrical Engineer by day, Woodworker by night

                      Comment

                      • Carlos
                        Veteran Member
                        • Jan 2004
                        • 1893
                        • Phoenix, AZ, USA.

                        #26
                        I'll tell the HIPAA compliance auditors that they are wrong in allowing us and our customers to use e-mail. This should be a good, fun talk. We just passed one with one customer last month, got another coming up. But they're wrong, you're right. It also appears that you're not aware that most calls and faxes are now going over IP, so whether you think you sent the fax by phone call or by e-mail, they still ride over the internet? How do you think dbhosts's Obihai ATAs send the faxes for him? Hint: The very same IP connections as e-mail, except the faxes are not encrypted at all. Also I use a lot of the exact same ATAs for my customers.

                        This is a fascinating look into human psyche, I have enjoyed it.

                        Comment

                        • woodturner
                          Veteran Member
                          • Jun 2008
                          • 2047
                          • Western Pennsylvania
                          • General, Sears 21829, BT3100

                          #27
                          Originally posted by Carlos
                          The very same IP connections as e-mail, except the faxes are not encrypted at all.
                          Sorry, no, here is a link to help you learn how fax over IP (FoIP) works.


                          I won't respond further, you will have to learn this on your own.
                          --------------------------------------------------
                          Electrical Engineer by day, Woodworker by night

                          Comment

                          • Carlos
                            Veteran Member
                            • Jan 2004
                            • 1893
                            • Phoenix, AZ, USA.

                            #28
                            Right, that 3CX link says exactly what I said, and we're a trained 3CX reseller.

                            "...this is a protocol that describes how to send a fax over a computer data network..."

                            "Using FoIP is easy because it taps into your existing network and removes the need for a separate analog network."

                            Again, it's been a fascinating thread.

                            Comment

                            • dbhost
                              Slow and steady
                              • Apr 2008
                              • 9209
                              • League City, Texas
                              • Ryobi BT3100

                              #29
                              Originally posted by woodturner

                              Unfortunately it's not possible to secure email, the lack of security is inherent in the technology and protocols. Too much to explain here, but there are historical reasons for this, and we are largely stuck with the infrastructure that was defined in the 1970's. Technically email can be encrypted, but encryption is not secure either, so it still results in unsecure transmission.

                              Faxes are arguably easier to decode, if you can get access to the signal, but they are transmitted over the physical phone system or possibly the cell network, both of which have much higher security as well as legal consequences for interception. That's one reason FSA processors won't accept a fax from an email to fax provider, for example.

                              Even though email is essentially unsecure, in spite of the myth of "security", it's really the legal precedent that drives this. Unless and until enough proceedings establish case law to get emails accepted as legal documents and "fact", and unless and until HIPAA laws changes to allow emails, faxes will continue to be required.

                              Uh. What you said. I am just now getting caught up with this thread and just about spit out my iced tea on my screen when I read what Carlos said about email being secure. Uh... no. Even encrypted it's not really secure...

                              Technically, fax over VoIP isn't truly secure, but there is so much going on there, If the Russian, or Chinese mafia wants to intercept my faxes to my insurance company let them.... Since virtually every fax I send is discussed with my wife within earshot of my cell phone, Google has been analzing it already, and chances are that voice data has been itnercepted by a third party.

                              I'm not going to go so far as to say true IT security is a myth, but for 99% of users, and organizations, they won't expend the resources necessary to truly secure themselves...
                              Please like and subscribe to my YouTube channel. Please check out and subscribe to my Workshop Blog.

                              Comment

                              • Carlos
                                Veteran Member
                                • Jan 2004
                                • 1893
                                • Phoenix, AZ, USA.

                                #30
                                It's morning, so my spit was coffee. You owe me a new keyboard. So let me see if I really do understand this correctly, because this is pretty amazing to me.

                                "Even encrypted it's not really secure... "
                                So the very same encryption that is used to secure your banking online, and other online interaction, which is considered essentially unbreakable by the experts, is suddenly "not really secure" when it is used for e-mail?

                                And: " fax over VoIP isn't truly secure"
                                So the faxes, which go over the very same piece of wire/fiber as the e-mails, but have ZERO encryption or any kind of protection, are somehow BETTER than the encrypted e-mail?

                                This is what you're saying? I have a security conference at one of our datacenters this Thursday, some of these posts are going to make for fun discussion with them. Especially the guys doing e-mail security products that are PCI/HIPAA/etc compliant.

                                Comment

                                Working...