I sent a vendor a pgp encrypted message in Abraxas on my order asking if it has shipped yet and he messaged me back the tracking number unencrypted. Isn't this as bad as messaging an unencrypted address?
Should the vendor be outed?
Vendor messages me unencrypted tracking # in Abraxas
I sent a vendor a pgp encrypted message in Abraxas on my order asking if it has shipped yet and he messaged me back the tracking number unencrypted. Isn't this as bad as messaging an unencrypted address?
Should the vendor be outed?
[3 Points] throwaway658498498:
[3 Points] None:
[deleted]
[2 Points] danathewhite:
No, it's not as bad as messaging an unencrypted address but it's still a bad practice. Unless you're already under investigation or if there was a "man-in-the-middle" type attack happening, I'd say you're fine. Plus it's more of an issue for him than it would be for you.
Before outing the vendor (and if you wish to continue using them) maybe let him know next time that you'd appreciate it if he could encrypt any future tracking info and suggest he do so for others as well. Maybe it was an oversight or perhaps he wasn't aware it was common-practice to do so and you'd be helping him out. Now if he replies like a dickhead, then by all means let us all know who to avoid.
[1 Points] druggieslut:
Tell the vendor he's an idiot. Maybe he will change his ways
[1 Points] throwawayyhoesfoes:
WTF not okay! Stay away from vendors who do not take security seriously! Encrypt all sensitive info period. That fucker probably keeps records and shit too.
[0 Points] None:
[deleted]
If Abraxas gets owned they'll have that data but 99% likely they are not going to do anything..
Unless you ordered 10kg of MDMA.