POPULARITY
Send us a textEver wondered how your sensitive messages stay secure in an increasingly dangerous digital landscape? The answer lies in message integrity controls, digital signatures, and certificate validation – the core components of modern cybersecurity we tackle in this episode.We begin with a timely breakdown of Microsoft's recent security breach by Russian hackers who stole source code by exploiting a test environment. This real-world example perfectly illustrates why proper security controls must extend beyond production environments – a lesson many organizations learn too late.Diving into the technical foundation of message security, we explore how basic checksums evolved into sophisticated hashing algorithms like MD5, SHA-2, and SHA-3. You'll understand what makes these algorithms effective at detecting tampering and why longer digests provide better protection against collision attacks.Digital signatures emerge as the cornerstone of secure communication, providing the crucial trifecta of integrity verification, sender authentication, and non-repudiation. Through practical examples with our fictional users Alice and Bob, we demonstrate exactly how public and private keys work together to safeguard information exchange.The episode culminates with an exploration of digital certificates and S/MIME protocols – the technologies that make secure email possible. You'll learn how certificate authorities establish chains of trust, what happens when certificates are compromised, and how the revocation process protects the entire ecosystem.Whether you're preparing for the CISSP exam or simply want to understand how your sensitive communications remain protected, this episode provides clear, actionable knowledge about the cryptographic building blocks that secure our digital world.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
Nouvelle avancée sur le front de la confidentialité des données : Google annonce l'arrivée d'un système de chiffrement de bout en bout pour Gmail, destiné dans un premier temps aux utilisateurs professionnels. Une évolution notable, qui ambitionne de simplifier l'accès à une messagerie sécurisée, jusque-là réservée aux initiés du protocole S/MIME et à ses fameux certificats X.509. Mais attention, on parle ici d'un chiffrement “E2EE” à la sauce Google. Car si le message est bien chiffré et déchiffré en local, sur les appareils des utilisateurs, la gestion des clés de chiffrement reste entre les mains de la firme de Mountain View.Alors, comment ça marche ? Tout commence lorsque l'utilisateur clique sur l'option de chiffrement dans son interface Gmail. Son navigateur chiffre alors le message avant l'envoi, grâce à une clé symétrique temporaire générée par un serveur baptisé KACL – pour Key Access Control List. Ce serveur, hébergé chez Google, fournit la clé à la volée, juste pour cet envoi. Une fois parti, le message reste chiffré tout au long de son trajet, illisible par quiconque, sauf le destinataire. Ce dernier, pour en prendre connaissance, devra lui aussi se connecter à KACL et obtenir la même clé éphémère. Une fois le message déchiffré dans le navigateur, la clé est aussitôt effacée, limitant ainsi les risques de fuite.Côté sécurité, c'est un net progrès par rapport aux solutions antérieures, souvent complexes à mettre en œuvre. Mais peut-on vraiment parler de chiffrement de bout en bout ? Pas si sûr. Comme le souligne Ars Technica, tant que Google contrôle le serveur qui délivre les clés, le géant californien pourrait, théoriquement, accéder aux messages si une faille était exploitée. Julien Duplant, responsable produit chez Google Workspace, se veut rassurant. Selon lui, “Gmail n'a jamais accès à la clé. Jamais. Et les contenus restent toujours inaccessibles aux serveurs de Google.” Une promesse qui devra être tenue, car dans un monde où la confidentialité numérique devient un critère central, les utilisateurs attendent désormais plus que des engagements techniques : ils veulent des garanties concrètes. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
Apple has added itself to the Entrust distrust and has extended this distrust to S/MIME and VMC. We explain.
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
Could your passwords withstand a cyber siege by expert Russian hackers? My latest podcast episode serves as a wakeup call to the cyber threats looming over us, showcasing the recent breach of Microsoft's test environment. As Sean Gerber, I dissect the pivotal missteps in password management and underscore the lifesaving grace of multi-factor authentication. We then shift gears to the bedrock of cyber training, examining message authenticity and integrity controls. By unpacking the intricacies of message digests and hashing algorithms, I highlight how they are the unsung heroes in maintaining data sanctity from sender to receiver.The digital realm's trust hinges on the integrity of digital signatures and certificates—crucial allies in the war against data manipulation. Tune in as I break down how hash functions like MD5 and SHA are your first line of defense on file-sharing platforms. But there's more: I pull back the curtain on the encrypted world of digital signatures, revealing their role in sender verification and message security. Diving into the complex trust web spun by Certificate Authorities and the X.509 standard, we explore how digital certificates serve as digital passports in the online world. Brace yourself for an enlightening journey through the landscape of email protection with S/MIME, ensuring that your virtual conversations are sealed, secure, and verifiably authentic.Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free.
Jüngst titelte c't in einer großen Bestandsaufnahme etwas provokant: "So kaputt ist E-Mail!" Wir zählten all die Schwächen auf, die das Kommunikationsmedium auch nach 40 Jahren nicht los geworden ist. Dazu gehört, dass sich immer noch keine Methode durchgesetzt hat, um vertrauliche Inhalte via Mail Ende-zu-Ende-verschlüsselt von A nach B zu schicken. Klar, es gibt OpenPGP und S/MIME. Doch welcher Adressat nutzt das schon? Dabei ist das Bedürfnis groß: Berufgeheimnisträger wie Ärzte, Anwälte oder Journalisten sind darauf angewiesen, dass ihre Kommunikation von niemandem abgehört werden kann. Außerdem verlangt die Datenschutz-Grundverordnung (DSGVO) in Art. 32 geeignete technische und organisatorische Maßnahmen nach Stand der Technik, die die Verarbeitung von personenbezogenen Daten absichern. Dazu gehört eben explizit auch die Verschlüsselung. In Episode 103 des c't-Datenschutz-Podcasts beschäftigen sich Holger und Joerg mit dieser Problematik auf technischer und rechtlicher Ebene. Zur Vertiefung haben sie mit c't-Redakteur Sylvester Tremmel einen Experten eingeladen, der sich seit Jahren mit Verschlüsselungsmethoden in Mailclients und Messengern auseinandersetzt. Neben den technischen Grundlagen geht es um die rechtliche Einordnung. Joerg weist auf eine Forderung der Bremer Landesdatenschutzbehörde hin, die von Rechtsnwälten verlangt, Mails an Mandanten, Prozessgegner und Kollegen Ende-zu-Ende zu verschlüsseln. Die Runde fragt sich leicht verzweifelt, wie eine solche Forderung zustandekommt und wie sie realisiert werden könnte, obwohl die Adressaten oftmals vor verschlüsselten Mails wie der berühmte Ochs vorm Berg stehen. Die Ratlosigkeit steigt, als ein aktueller Gesetzentwurf aus dem Bundesdigitalministerium zur Sprache kommt: Die geplante Novelle des Gesetzes zum Datenschutz in der Telekommunikation und bei Telemedien (TTDSG) sieht vor, dass jeder E-Mail- und Messenger-Nutzer Ende-zu-Ende-Verschlüsselung beherrschen, aber nicht verpflichtend anwenden muss. Die Runde ist sich einig, dass noch viel Fortschritt bei der E-Mail nötig ist, um dieses Ziel zu realisieren. Sylvester und Holger sind sich einig: Wer bequem und dennoch abhörsicher kommunizieren will, greift derzeit am besten zu verschlüsselnden Messengern wie Signal.
Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english.In the second part of the podcast, we'll delve further into the different types of email security protocols and explore how they can be implemented to enhance the security of your email communications. We'll discuss the benefits of end-to-end encryption, which ensures that only the intended recipient can access the content of your emails, as well as the importance of authentication mechanisms. We'll also explore the role of digital signatures in verifying the authenticity and integrity of email messages. By the end of this episode, you'll have a better understanding of how to protect your sensitive information from cyber threats and ensure the confidentiality of your email communications.If you have not listen to episode 1, I suggest you listen to the first before you listen to this episode.In addition, we will recap other trending security news including:Google rolls out passkey login for all accountsMirai-iot-botnet is exploiting-tp-link-router you need to patch it now- https://users.ece.cmu.edu: PGP intro- https://www.cisco.com: S/MIME- https://www.cisco.com: Registered envelope service- https://security.googleblog.com: So long passwords thanks for all phish- https://duo.com: Mirai botnet attackers exploit TP-Link bugBe sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.
Thanks for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english.In the era of messaging apps such as WhatsApp, Telegram and Twitter, emails are still the primary mode of communication for businesses and goverments alike. However, the convenience and ease of email communication also come with significant risks such as phishing, malware attacks, and unauthorized access. This show aims to provide insights into various email security protocols such as encryption, authentication, and digital signatures, and how they work together to protect your email data from cyber threats.Join me as I explain the intricacies of email security and uncover the best practices for safeguarding your online communications.In addition, we will recap other trending security news including:It was RSA Conference week. We will look into the the hot topics this year.Cisco unveiled a compelling net new product XDR- https://www.bankinfosecurity.com: Final Review RSA Conference 2023- https://newsroom.cisco.com: Cisco unveils new solution to rapidly detect advanced cyber threats and automate response- https://users.ece.cmu.edu: PGP intro - https://www.cisco.com: S/MIME- https://www.cisco.com: Registered envelope serviceBe sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.
Was ist eigentlich eine E-Mail Verschlüsselung? Was ist S/MIME? Warum sollte ich meine E-Mails verschlüsseln? Welche Möglichkeiten gibt es daür? All diese Fragen beantworten wir in dieser Folge. ---------- Alle 14 Tage neues IT-Wissen erlangen und das in nur 5 Minuten - Das ist das Prinzip von "5 Minuten IT". Immer im Wechsel mit unseren regulären hITCast Folgen gibt es 5 Minuten IT Wissen für Entscheider. Für zusätzliche Informationen einfach jetzt einen Termin buchen und mit einem Experten sprechen: www.hagel-it.de/termin
The CA/Browser Forum has passed new Baseline Requirements for S/MIME certificates, in effect late 2023. In this episode we explain the broad stipulations of the new S/MIME BRs, including the multiple available levels of authentication and use case profiles that will be allowed.
On the season finale of AutomationTown, we're talking about secrets! How can you keep your messages away from prying eyes, emails away from those who mean you harm, and workplace memes out of reach of the all-seeing eye of your employer?Paul uncovers important info about the subway collapse, a mysterious letter surfaces and the most impactful event in 40 years happens to AutomationTown. SHOW NOTES:—------------------------------------------Threema: https://jo.my/threemaSignal:https://jo.my/signal S/Mime: https://jo.my/smime Google Confidential Mode: https://jo.my/googleconfidentialmode Can My Employer Read My Slack messages: https://jo.my/slackadminmessagereadingMicrosoft eDiscovery: https://jo.my/microsoftediscovery Noteshred: https://jo.my/noteshred AUTOMATIONTOWN SOCIALS:—------------------------------------------Twitter: https://t.jo.my/twitterWeb: https://t.jo.my/automationtownRSS Feed: https://t.jo.my/rssABOUT HOSTS:—------------------------------------------Jason StaatsTwitter: https://t.jo.my/jstaats-twitterYoutube: https://t.jo.my/jason-youtubeChad DavisTwitter: https://t.jo.my/chad-twitterLinkedIn: https://t.jo.my/chad-linkedinAUDIO PRODUCTION:—------------------------------------------Paul O'Mara - https://t.jo.my/paulomaraSPONSORS:—------------------------------------------LiveFlow: https://jo.my/liveflowWant to sponsor a character? Contact us at https://t.jo.my/sponsorcontact
On April 1 new root program requirements from Apple for S/MIME certificates go into effect, including a limitation of the allowable term to three years. This is contrary to Apple's stated intentions last year. In this episode the explain this change in policy and what certificate users can expect for the future.
We are airing our sixth episode in Season 3, this season is dedicated to application security, our guest for the show is Kieran Miller is the Chief Architect at Garantir, before joining Garantir, Kieran spent more than 10 years working in cybersecurity, including 8 years with Leidos, a major defense contractor, and several years with Gemalto. To promote our work and support the podcast, please review us here https://www.podchaser.com/podcasts/security-architecture-podcast-1313281 Season 3 KickOff episode with Tanya Janca Season 3 kickoff Episode - Application Security - Tanya Janca - YouTube Demo: https://garantir.io/contact/ WhitePaper: https://garantir.io/wp-content/uploads/2021/04/Garantir-Deploying-A-Fast-Secure-Code-Signing-System.pdf Kieran: https://www.linkedin.com/in/kieran-miller-0776136/ Kieran Miller is the Chief Architect at Garantir, a cybersecurity company based in San Diego, California. Before joining Garantir, Kieran spent more than 10 years working in cybersecurity, including 8 years with Leidos, a major defense contractor, and several years with Gemalto, which was later acquired by Thales, followed by multiple years as a senior security consultant. With over a decade of cybersecurity experience, Kieran has expertise in multiple dimensions of enterprise security, from data security and identity access management to secure software development. Garantir overview: Garantir is a cybersecurity company that provides advanced cryptographic solutions to the enterprise. The Garantir team has worked on the security needs of businesses of all sizes, from startups to Fortune 500 companies. At the core of Garantir's philosophy is the belief that securing business infrastructure and data should not hinder performance or interrupt day-to-day operations. With GaraSign, Garantir's flagship product, private keys remain secured at all times, while a client-side hashing architecture ensures high performance for all cryptographic operations, including code signing, SSH, S/MIME, document signing, TLS, secure backup, and more.
Apple recently announced that it would be limiting the allowable term for public S/MIME certificates to 825 days. Our hosts explain the implications of this declaration.
Regular followers of this podcast hear a great deal about SSL, the CA/Browser Forum, and the standards governing public SSL. But SSL is not the only regulated type of public digital certificate. There are also things like S/MIME, eIDAS, code signing, document signing, and SSH certificates. In this episode our hosts discuss these "other" certificate types and the rules and regulations governing them.
I was giving a talk at DefCon one year and this guy starts grilling me at the end of the talk about the techniques Apple was using to encrypt home directories at the time with new technology called Filevault. It went on a bit, so I did that thing you sometimes have to do when it's time to get off stage and told him we'd chat after. And of course he came up - and I realized he was really getting at the mechanism used to decrypt and the black box around decryption. He knew way more than I did about encryption so I asked him who he was. When he told me, I was stunned. Turns out that like me, he enjoyed listening to A Prairie Home Companion. And on that show, Garrison Keillor would occasionally talk about Ralph's Pretty Good Grocery in a typical Minnesota hometown he'd made up for himself called Lake Wobegon. Zimmerman liked the name and so called his new encryption tool PGP, short for Pretty Good Privacy. It was originally written to encrypt messages being sent to bulletin boards. That original tool didn't require any special license, provided it wasn't being used commercially. And today, much to the chagrin of the US government at the time, it's been used all over the world to encrypt emails, text files, text messages, directories, and even disks. But we'll get to that in a bit. Zimmerman had worked for the Nuclear Weapons Freeze Campaign in the 80s after getting a degree in computer science fro Florida Atlantic University in 1978. And after seeing the government infiltrate organizations organizing Vietnam protests, he wanted to protect the increasingly electronic communications of anti-nuclear protests and activities. The world was just beginning to wake up to a globally connected Internet. And the ARPAnet had originally been established by the military industrial complex, so it was understandable that he'd want to keep messages private that just happened to be flowing over a communications medium that many in the defense industry knew well. So he started developing his own encryption algorithm called BassOmatic in 1988. That cipher used symmetric keys with control bits and pseudorandom number generation as a seed - resulting in 8 permutation tables. He named BassOmatic after a Saturday Night Live skit. I like him more and more. He'd replace BassOmatic with IDEA in version 2 in 1992. And thus began the web of trust, which survives to this day in PGP, OpenPGP, and GnuPG. Here, a message is considered authentic based on it being bound to a public key - one that is issued in a decentralized model where a certificate authority issues a public and private key where messages can only be encrypted or signed with the private key and back then you would show your ID to someone at a key signing event or party in order to get a key. Public keys could then be used to check that the individual you thought was the signer really is. Once verified then a separate key could be used to encrypt messages between the parties. But by then, there was a problem. The US government began a criminal investigation against Zimmerman in 1993. You see, the encryption used in PGP was too good. Anything over a 40 bit encryption key was subject to US export regulations as a munition. Remember, the Cold War. Because PGP used 128 bit keys at a minimum. So Zimmerman did something that the government wasn't expecting. Something that would make him a legend. He went to MIT Press and published the PGP source code in a physical book. Now, you could OCR the software, run it through a compiler. Suddenly, his code was protected as an exportable book by the First Amendment. The government dropped the investigation and found something better to do with their time. And from then on, source code for cryptographic software became an enabler of free speech, which has been held up repeatedly in the appellate courts. So 1996 comes along and PGP 3 is finally available. This is when Zimmerman founds PGP as a company so they could focus on PGP full-time. Due to a merger with Viacrypt they jumped to PGP 5 in 1997. Towards the end of 1997 Network Associates acquired PGP and they expanded to add things like intrusion detection, full disk encryption, and even firewalls. Under Network Associates they stopped publishing their source code and Zimmerman left in 2001. Network Associates couldn't really find the right paradigm and so merged some products together and what was PGP commandline ended up becoming McAfee E-Business Server in 2013. But by 2002 PGP Corporation was born out of a few employees securing funding from Rob Theis to help start the company and buy the rest of the PGP assets from Network Associates. They managed to grow it enough to sell it for $300 million to Symantec and PGP lives on to this day. But I never felt like they were in it just for the money. The money came from a centralized policy server that could do things like escrow keys. But for that core feature of encrypting emails and later disks, I really always felt like they wanted a lot of that free. And you can buy Symantec Encryption Desktop and command it from a server, S/MIME and OpenPGP live on in ways that real humans can encrypt their communications, some of which in areas where their messages might get them thrown in jail. By the mid-90s, mail wasn't just about the text in a message. It was more. RFC934 in 1985 had started the idea of encapsulating messages so you could get metadata. RFC 1521 in 1993 formalized MIME and by 1996, MIME was getting really mature in RFC2045. But by 1999 we wanted more and so S/MIME went out as RFC 2633. Here, we could use CMS to “cryptographically enhance” a MIME body. In other words, we could suddenly encrypt more than the text of an email and it since it was an accepted internet standard, it could be encrypted and decrypted with standard mail clients rather than just with a PGP client that didn't have all the bells and whistles of pretty email clients. That included signing information, which by 2004 would evolve to include attributes for things like singingTime, SMIMECapabilities, algorithms and more. Today, iOS can use S/MIME and keys can be stored in Exchange or Office 365 and that's compatible with any other mail client that has S/MIME support, making it easier than ever to get certificates, sign messages, and encrypt messages. Much of what PGP was meant for is also available in OpenPGP. OpenPGP is defined by the OpenPGP Working Group and you can see the names of some of these guardians of privacy in RFC 4880 from 2007. Names like J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. Despite the corporate acquisitions, the money, the reprioritization of projects, these people saw fit to put powerful encryption into the hands of real humans and once that pandoras box had been opened and the first amendment was protecting that encryption as free speech, to keep it that way. Use Apple Mail, GPGTools puts all of this in your hands. Use Android, get FairEmail. Use Windows, grab EverDesk. This specific entry felt a little timely. Occasionally I hear senators tell companies they need to leave backdoors in products so the government can decrypt messages. And a terrorist forces us to rethink that basic idea of whether software that enables encryption is protected by freedom of speech. Or we choose to attempt to ban a company like WeChat, testing whether foreign entities who publish encryption software are also protected. Especially when you consider whether Tencent is harvesting user data or if the idea they are doing that is propaganda. For now, US courts have halted a ban on WeChat. Whether it lasts is one of the more intriguing things I'm personally watching these days, despite whatever partisan rhetoric gets spewed from either side of the isle, simply for the refinement to the legal interpretation that to me began back in 1993. After over 25 years we still continue to evolve our understanding of what truly open and peer reviewed cryptography being in the hands of all of us actually means to society. The inspiration for this episode was a debate I got into about whether the framers of the US Constitution would have considered encryption, especially in the form of open source public and private key encryption, to be free speech. And it's worth mentioning that Washington, Franklin, Hamilton, Adams, and Madison all used ciphers to keep their communications private. And for good reason as they knew what could happen should their communications be leaked, given that Franklin had actually leaked private communications when he was the postmaster general. Jefferson even developed his own wheel cipher, which was similar to the one the US army used in 1922. It comes down to privacy. The Constitution does not specifically call out privacy; however, the first Amendment guarantees the privacy of belief, the third, the privacy of home, the fourth, privacy against unreasonable search and the fifth, privacy of of personal information in the form of the privilege against self-incrimination. And giving away a private key is potentially self-incrimination. Further, the ninth Amendment has broadly been defined as the protection of privacy. So yes, it is safe to assume they would have supported the transmission of encrypted information and therefore the cipher used to encrypt to be a freedom. Arguably the contents of our phones are synonymous with the contents of our homes though - and if you can have a warrant for one, you could have a warrant for both. Difference is you have to physically come to my home to search it - whereas a foreign government with the same keys might be able to decrypt other data. Potentially without someone knowing what happened. The Electronic Communications Privacy Act of 1986 helped with protections but with more and more data residing in the cloud - or as with our mobile devices synchronized with the cloud, and with the intermingling of potentially harmful data about people around the globe potentially residing (or potentially being analyzed) by people in countries that might not share the same ethics, it's becoming increasingly difficult to know what is the difference between keeping our information private, which the framers would likely have supported and keeping people safe. Jurisprudence has never kept up with the speed of technological progress, but I'm pretty sure that Jefferson would have liked to have shared a glass of his favorite drink, wine, with Zimmerman. Just as I'm pretty sure I'd like to share a glass of wine with either of them. At Defcon or elsewhere!
A recently identified and widespread configuration error has created a situation where, with the wrong attack on certain public roots, certificates could become essentially unrevokable. As a consequence, 14 public CAs will have to revoke their OCSP certificates, many of which are also intermediates, and permanently discontinue use of their keys. That leaves millions of active TLS, S/MIME, code signing, and document signing certificates in need of immediate replacement or they will be distrusted. Join our hosts as they explain what the problem is and what messy cleanup will be required to address these problems.
Wofür sind eigentlich Zertifikate gut? Und was ist überhaupt eine Signatur? Lucas und Christoph schauen in dieser Folge mal genauer drauf. Außerdem geht's um mögliche Anwendungsfälle wie TLS und S/MIME.
A new kind of identity certificate is coming that will enable businesses to include their logos in official email they send in order to improve customer confidence and protect against phishing. It is called a Verified Mark Certificate (VMC) and is built upon the DMARC standard, which controls which senders are allowed to send email using any given From address. In this episode our hosts explain VMCs and DMARC and how they will be used and then discuss where they fit in with S/MIME email certificates.
Hairless in the Cloud - Microsoft 365 - Security und Collaboration
# Hairless in the Cloud - 022 - S/MIME for Outlook und Private Teams Discovery - Visibility WTF? # News * OneDrive Personal Vault - 2FA um an die Files zu kommen - nach einer Zeit wird das wieder gelockt (ebenso Files die daraus geöffnet wurden) - auf Win10pro wird das Personal Vault auf eine Bitlocker-encrypted location gesyneced * Micosoft macht Werbung für Windows 1.0: https://arstechnica.com/gadgets/2019/07/microsoft-is-teasing-windows-1-0-and-other-1980s-software/ * Microsoft Defender ATP - TVM ist Released - Categories sind angepasst an MITRE: https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Microsoft-Defender-ATP-alert-categories-are-now-aligned-with/ba-p/732748 * Microsoft macht 100% Teams (OnPrem PBX offline): https://www.onmsft.com/news/microsoft-turns-off-internal-pbx-platform-says-goodbye-to-telephones-in-favor-of-teams?_lrsc=1f816674-ebc1-4e3d-872d-e0f457c4af74 * Das Ende von Kaizala: https://techcommunity.microsoft.com/t5/Microsoft-Kaizala-Blog/Update-on-Microsoft-Kaizala-becoming-part-of-Microsoft-Teams/ba-p/693806 # S/MIME for Outlook * Wenn Certificates auf klasischem Wege über das AD deployed wurden, kann man das Certificate aus Outlook in ein PFX exportieren und sich dann zB selbst schicken * In der App muss S/MIME dann im Profil freigeschalten werden * Wenn das eingeschaltet ist, wird automatisch die Möglichkeit nach Threads zu gruppieren AUSGESCHALTET * S/MIME wird sehr komplex wenn der Thread immer länger wird * das betrifft dann auch alle anderen Accounts die in diesem Outlook konfiguriert sind * Das S/MIME Setting kann man auch über Intune steuern (bald) * Dann kanns losgehen und man kann konsumieren und erstellen. * außerdem kann man public keys von anderen usern installieren * Um eine Mail zu verschlüsseln, muss der Public des Gegenübers entweder lokal oder in der GAL vorhanden sein # Private Teams Discovery - Visibility WTF? * Microsoft kennt als Visibility/Privacy folgende Optionen * Public - Jeder kann beitreten + SharePoint ist für alle Benutzer im Unternehmen zugänglich (Lesen+Schreiben) * Private - Nur Owner können Mitglieder aufnehmen + SharePoint kann nur von Mitgliedern genutzt werden * OrgWide - Kann nur von einem Company Admin erstellt werden! Benutzer werden automatisch hinzugefügt, aber der Owner kann wieder Benutzer entfernen * Wenn ein Team als Private erstellt wurde, dann war es in keinem "Verzeichnis" gelistet. Niemand konnte das Team finden. Früher war das anders. Da hat man auch Private Groups gefunden. * Jetzt gibt es eine Tenant weite Option um das zu ändern. In dem Fall sind dann alle Teams in der Suche sichtbar und einBbenutzer kann den Zutritt zu eiem privaten Team anfragen. * Es gibt ein PowerShell (Teams) für die Konfiguration. * https://techcommunity.microsoft.com/t5/Microsoft-Kaizala-Blog/Update-on-Microsoft-Kaizala-becoming-part-of-Microsoft-Teams/ba-p/693806 # Feedback, Kritik, Lob, Fragen? * Email: podcast@hairlessinthecloud.com * Twitter: @hairlesscloud * Web: www.hairlessinthecloud.com (Links zu allen Podcast Plattformen) * Coverarts & new Audio Intro by CARO (mit Hilfe von pixabay.com)
S/MIME certificates indicate the authentic identity of the sender and enable encryption for message content and attachments - providing strong defenses against a variety of email-based attacks. Nonetheless, adoption today is extremely small. Find out what the challenges to past adoption have been for this underutilized security technology and what the industry is doing to help enterprises secure their email today.
Nude selfies? Artificial Intelligence? Also, lots of blockchain technology talk, fake cell towers, nerdy stuff, S/MIME, and much, much more… Special Guest: None Stories of the Week:--Rapidfire Stories: Keenevention 2014, Coins in the Kingdom and Inside Bitcoins Vegas, Dreadnoughtus, iPhone 6 will have a wallet, Star Wars: A New Dawn, Star Trek on Showtime, Terminator Genisys trilogy, Bitcoin and Paypal, and Microsoft defies a federal court order.--”The Selfie Meltdown” Link: goo.gl/PwKxdI Tech Roulette:--”HitchBOT” Link: goo.gl/PMWQMB--”Google Building an AI” Link: goo.gl/jL34Q0 Game of Choice:--”Ouya” Link: goo.gl/rjHDhc Important Email:--”Should I use S/MIME? Bitcoin 2.0 elaboration? Counterwallet?” Website of the Week:--”Greenaddress Bitcoin Wallet” Link: greenaddress.it/--”Worldmeters.info” Link: www.worldometers.info/ Hacksec:--”Rogue Cell Towers” Link: goo.gl/5Zyooh--”CryptoPhone 500” Link: goo.gl/iLduy2 Software of the Week:--”Tox” Link: www.wired.com/2014/09/tox/ The Climax:--”ThinkPad Edge E545” APPENDIX:--”Coins in the Kingdom” Link: launch.coinsinthekingdom.com/--”Keenevention 2014” Link: keenevention.info/ -------------------------------------------------------------------------------------------------------------NXT: NXT-4V3J-VA4W-4EY3-GUWV2BLACKCOIN: BP88JtwY9xLev5RKbxpZVuwyhtVdChrADNAMECOIN: NHfN1kpj8G9aUCCHuummBKa8mPvppN1UFaLITECOIN: LLUXwfWrKDpuK38ZnPD14K6zc6rUaRgo9WBITCOIN: 1AEiTkWiF8x6yjQbbhoU89vHHMrkzQ7o8d-------------------------------------------------------------------------------------------------------------Don’t forget you can e-mail the show at: sovryntech@riseup.netYou can also visit our IRC channel on Freenode: #SovrynBalnea-------------------------------------------------------------------------------------------------------------Brian Sovryn prefers RetroShare! Below is the certificate to find and connect with the show on RetroShare (Username: SovrynTech) Af8AAAJbxsBNBFOcuC4BCACpKFnd9cS2LBoLSsRfbVdt9rPVxyDbi0YsV06WGGlkfuXtbJNDFVw8ckhaQeVQk+6Mk7m2WsbG/CpRSA9jfezXYqPv4433gTVQVSQA+od9K4dpXKOWhsk2OPDDlrqFvisGlW1gcM7SWwoX0LQhbnkzhYMh2wQIZjpKU0iSYVmVDEe0ukSnV/NdPzsZmqd+dSFTkjiPtGVRsYKoOBz86mub9vxUKsItGioB8ag/qqEpOHaBRmGhRePSfSUe9IbLX1wz8PBvLnZsyH154cCnVkSTMoHk0hgSJWzXrW0XyjQQAfruLDNlKMYlNnNWCUU9eZ3jVDqtBoaLM2LRlT/Sxm+DABEBAAHNJ1NvdnJ5blRlY2ggKEdlbmVyYXRlZCBieSBSZXRyb1NoYXJlKSA8PsLAXwQTAQIAEwUCU5y4LgkQ0wM5pbKbGccCGQEAAEYAB/0YKCpXZCU6A1/yEjSmvIePbBh5tFgv4966+QbOTtQArGwBiqMxkXwNfG8o6OZBD/5tuoPZbSdaPLU5pEY1b8HA0dYGYmGaATSnEN96KfKVrJPE2AYfNwSIrWj/9EWxfTJLozbO74/IIGOrOxy5iNAG6f3sk1Y4mBxESbNpWxdtAlk9n1Asp9f7Zs3/K8dyrLam3xThq4n3xA9ZqUTOLQEzBubTcvsTA0+1hzvf/tkOd+hJvTp9PeCWr5kJzV5+uEA2IdYSvBh8iqHwFQAFBKqgA1NXmhE6VuAn1UQ2myARpDt8M0EIpwbcgJeRHD5HMmaKE450uv8l5eu2ZQqNta7dAgZCV3ye46YDBsCoKj/jpgQABghMYXB0b3AgMQUQBLtrCoMIoacOKhFsx7KIvw==-------------------------------------------------------------------------------------------------------------You can also contact the show through BitMessage at the address: BM-NBMFb4W42CqTaonxApmUji1KNbkSESki-------------------------------------------------------------------------------------------------------------And we are on Twister! The P2P microblogging platform: @sovryntech -------------------------------------------------------------------------------------------------------------If you wish to send me a PGP-encrypted e-mail, the public key is below, and please send your e-mail to: brian@freetalklive.com (note: this also works for KryptoKit) -----BEGIN PGP PUBLIC KEY BLOCK-----Version: SKS 1.1.4Comment: Hostname: pgp.mit.edu mQENBFKYHJoBCADYLMoFR5/6Je/vViGjbdRobuDXQjGlUP7dGcp8Sh+V4pCkTcpLc0eSrGCzBSverUDtHYe/sAWAINwW3NxB5P/0LgXpt+fZSTe0kdPtrxfmi6tjOCLQHSXoaI4baXVUdZma2ww0QtPY9lS+v5oLEZV74m183JQvtsjTuCnrT9LGN/JIlLZ+FHnox1iMgfcJHhIn0WJgHsYEQrP7Y4GW4lIVWO7FHdREGM9Uf2/syT79fObNthqEv5OdeIaTItpBQpd7yhEY6OyB5ed8Oxh7/iAN+BlNMf2/CfRYN0EPioZGosv/4h42NV+vuDEvEo8KjxgK+3ESO7X4Z0PjIBr8SN6nABEBAAG0JUJyaWFuIFNvdnJ5biA8YnJpYW5AZnJlZXRhbGtsaXZlLmNvbT6JARwEEAEIABAFAlKYHJ0JEBT+3jU4bu7EAAAwewf/dDzv2oTi7WLBm4QJjmuc+7BAFJFkk585SC4pcq/Lp5T/DhMChIWnLbvqki+JdezbCrYJH5rOLUMlAWxiyPvxNps2RC0U4TTbv2zSsqjSw7riQo0gBtoJv9TwqvMAjQzHOOgQKpX25Quk+3ViCd52XtE1MKzzq8n5grcGTlsXjacLTCB41vMQjRRBGxlTIbFdba+GTHkkPZzgtXiIcIRf8s1wxZWYvWy8mlNPgRfq5OmSRwlhLCpj6qtkYZBztmuyuSbrVIcC+5L0kdld0If6ryW2P8m4DRYvlC/dQ7hvn4XrBBZwWf5UvTkJaUeWUwkw7tGmTk4gpqV1aPZRJuWsag===aZrF-----END PGP PUBLIC KEY BLOCK------------------------------------------------------------------------------------------------------------------www.sovryntech.comwww.twitter.com/sovryntechplus.google.com/+BrianSovryn1i/liberty.me/members/briansovryn/
Nude selfies? Artificial Intelligence? Also, lots of blockchain technology talk, fake cell towers, nerdy stuff, S/MIME, and much, much more… Special Guest: None Stories of the Week:--Rapidfire Stories: Keenevention 2014, Coins in the Kingdom and Inside Bitcoins Vegas, Dreadnoughtus, iPhone 6 will have a wallet, Star Wars: A New Dawn, Star Trek on Showtime, Terminator Genisys trilogy, Bitcoin and Paypal, and Microsoft defies a federal court order.--”The Selfie Meltdown” Link: goo.gl/PwKxdI Tech Roulette:--”HitchBOT” Link: goo.gl/PMWQMB--”Google Building an AI” Link: goo.gl/jL34Q0 Game of Choice:--”Ouya” Link: goo.gl/rjHDhc Important Email:--”Should I use S/MIME? Bitcoin 2.0 elaboration? Counterwallet?” Website of the Week:--”Greenaddress Bitcoin Wallet” Link: greenaddress.it/--”Worldmeters.info” Link: www.worldometers.info/ Hacksec:--”Rogue Cell Towers” Link: goo.gl/5Zyooh--”CryptoPhone 500” Link: goo.gl/iLduy2 Software of the Week:--”Tox” Link: www.wired.com/2014/09/tox/ The Climax:--”ThinkPad Edge E545” APPENDIX:--”Coins in the Kingdom” Link: launch.coinsinthekingdom.com/--”Keenevention 2014” Link: keenevention.info/ -------------------------------------------------------------------------------------------------------------NXT: NXT-4V3J-VA4W-4EY3-GUWV2BLACKCOIN: BP88JtwY9xLev5RKbxpZVuwyhtVdChrADNAMECOIN: NHfN1kpj8G9aUCCHuummBKa8mPvppN1UFaLITECOIN: LLUXwfWrKDpuK38ZnPD14K6zc6rUaRgo9WBITCOIN: 1AEiTkWiF8x6yjQbbhoU89vHHMrkzQ7o8d-------------------------------------------------------------------------------------------------------------Don’t forget you can e-mail the show at: sovryntech@riseup.netYou can also visit our IRC channel on Freenode: #SovrynBalnea-------------------------------------------------------------------------------------------------------------Brian Sovryn prefers RetroShare! Below is the certificate to find and connect with the show on RetroShare (Username: SovrynTech) Af8AAAJbxsBNBFOcuC4BCACpKFnd9cS2LBoLSsRfbVdt9rPVxyDbi0YsV06WGGlkfuXtbJNDFVw8ckhaQeVQk+6Mk7m2WsbG/CpRSA9jfezXYqPv4433gTVQVSQA+od9K4dpXKOWhsk2OPDDlrqFvisGlW1gcM7SWwoX0LQhbnkzhYMh2wQIZjpKU0iSYVmVDEe0ukSnV/NdPzsZmqd+dSFTkjiPtGVRsYKoOBz86mub9vxUKsItGioB8ag/qqEpOHaBRmGhRePSfSUe9IbLX1wz8PBvLnZsyH154cCnVkSTMoHk0hgSJWzXrW0XyjQQAfruLDNlKMYlNnNWCUU9eZ3jVDqtBoaLM2LRlT/Sxm+DABEBAAHNJ1NvdnJ5blRlY2ggKEdlbmVyYXRlZCBieSBSZXRyb1NoYXJlKSA8PsLAXwQTAQIAEwUCU5y4LgkQ0wM5pbKbGccCGQEAAEYAB/0YKCpXZCU6A1/yEjSmvIePbBh5tFgv4966+QbOTtQArGwBiqMxkXwNfG8o6OZBD/5tuoPZbSdaPLU5pEY1b8HA0dYGYmGaATSnEN96KfKVrJPE2AYfNwSIrWj/9EWxfTJLozbO74/IIGOrOxy5iNAG6f3sk1Y4mBxESbNpWxdtAlk9n1Asp9f7Zs3/K8dyrLam3xThq4n3xA9ZqUTOLQEzBubTcvsTA0+1hzvf/tkOd+hJvTp9PeCWr5kJzV5+uEA2IdYSvBh8iqHwFQAFBKqgA1NXmhE6VuAn1UQ2myARpDt8M0EIpwbcgJeRHD5HMmaKE450uv8l5eu2ZQqNta7dAgZCV3ye46YDBsCoKj/jpgQABghMYXB0b3AgMQUQBLtrCoMIoacOKhFsx7KIvw==-------------------------------------------------------------------------------------------------------------You can also contact the show through BitMessage at the address: BM-NBMFb4W42CqTaonxApmUji1KNbkSESki-------------------------------------------------------------------------------------------------------------And we are on Twister! The P2P microblogging platform: @sovryntech -------------------------------------------------------------------------------------------------------------If you wish to send me a PGP-encrypted e-mail, the public key is below, and please send your e-mail to: brian@freetalklive.com (note: this also works for KryptoKit) -----BEGIN PGP PUBLIC KEY BLOCK-----Version: SKS 1.1.4Comment: Hostname: pgp.mit.edu mQENBFKYHJoBCADYLMoFR5/6Je/vViGjbdRobuDXQjGlUP7dGcp8Sh+V4pCkTcpLc0eSrGCzBSverUDtHYe/sAWAINwW3NxB5P/0LgXpt+fZSTe0kdPtrxfmi6tjOCLQHSXoaI4baXVUdZma2ww0QtPY9lS+v5oLEZV74m183JQvtsjTuCnrT9LGN/JIlLZ+FHnox1iMgfcJHhIn0WJgHsYEQrP7Y4GW4lIVWO7FHdREGM9Uf2/syT79fObNthqEv5OdeIaTItpBQpd7yhEY6OyB5ed8Oxh7/iAN+BlNMf2/CfRYN0EPioZGosv/4h42NV+vuDEvEo8KjxgK+3ESO7X4Z0PjIBr8SN6nABEBAAG0JUJyaWFuIFNvdnJ5biA8YnJpYW5AZnJlZXRhbGtsaXZlLmNvbT6JARwEEAEIABAFAlKYHJ0JEBT+3jU4bu7EAAAwewf/dDzv2oTi7WLBm4QJjmuc+7BAFJFkk585SC4pcq/Lp5T/DhMChIWnLbvqki+JdezbCrYJH5rOLUMlAWxiyPvxNps2RC0U4TTbv2zSsqjSw7riQo0gBtoJv9TwqvMAjQzHOOgQKpX25Quk+3ViCd52XtE1MKzzq8n5grcGTlsXjacLTCB41vMQjRRBGxlTIbFdba+GTHkkPZzgtXiIcIRf8s1wxZWYvWy8mlNPgRfq5OmSRwlhLCpj6qtkYZBztmuyuSbrVIcC+5L0kdld0If6ryW2P8m4DRYvlC/dQ7hvn4XrBBZwWf5UvTkJaUeWUwkw7tGmTk4gpqV1aPZRJuWsag===aZrF-----END PGP PUBLIC KEY BLOCK------------------------------------------------------------------------------------------------------------------www.sovryntech.comwww.twitter.com/sovryntechplus.google.com/+BrianSovryn1i/liberty.me/members/briansovryn/
This week on The 443 – Security Simplified, we dive in to WatchGuard's latest Internet Security Report for Q2 2018. We'll cover the malware and network attack trends from the last quarter including what you need to watch out for and how to keep your systems secure. We also cover the latest research from the WatchGuard Threat Lab and explain how the EFail PHP and S/MIME vulnerabilities work and how to stay safe.
16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/ 07.06.2018 OWASP Odesa https://www.facebook.com/events/2104923576405410/ 07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/ Kostiantyn Korsun про NoNameCon https://www.facebook.com/kostiantyn.korsun/posts/840821456102957 EFAIL https://efail.de/ Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1) https://efail.de/efail-attack-paper.pdf ProtonMail is safe against the efail PGP vulnerability. https://twitter.com/ProtonMail/status/995996112526954496 Efail or OpenPGP is safer than S/MIME https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html Digital Photocopiers Loaded With Secrets https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/ Throwhammer: Rowhammer Attacks over the Network and Defenses https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more http://www.theregister.co.uk/2018/05/12/security_roundup/ Memcached https://memcached.org/ 7-Zip: From Uninitialized Memory to Remote Code Execution https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ IBM bans all removable storage, for all staff, everywhere http://www.theregister.co.uk/2018/05/10/ibm_bans_all_removable_storage_for_all_staff_everywhere/ Second wave of Spectre-like CPU security flaws won't be fixed for a while http://www.theregister.co.uk/2018/05/09/spectr_ng_fix_delayed/ Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed http://www.theregister.co.uk/2018/05/09/intel_amd_kernel_privilege_escalation_flaws/ Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak http://www.theregister.co.uk/2018/05/15/vault_7_leak/ DHCP Client Script Code Execution Vulnerability - CVE-2018-1111 https://access.redhat.com/security/vulnerabilities/3442151 Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
The Efail vulnerability has been in the news lately and has many people rushing to remove encryption from their email clients. The vulnerability does impact S/MIME and PGP users, but only a subset of them. That means a lot of people are removing encryption from their email unnecessarily and putting themselves at risk. Atomicorp CEO and long-time Red Team professional Mike Shinn discusses what Efail is, how the exploit works and why the notification process was handled poorly. If you ever need to use encrypted email, you should definitely listen to this episode.
In this week’s episode of Shadow Talk, Digital Shadows’ Head of Security Engineering, Dr Richard Gold, joins the pod to explain the EFAIL vulnerability affecting Open PGP and S-MIME, as well as other flaws identified in encrypted messaging platforms. Dr Gold also outlines the the factors you should be considering to prioritize your patching. In part two, we look at the $15 million theft in Mexico and outline the risks facing interbank payment systems.
With recent stories covering data security issues from cellphone location data tracking to PGP and S/MIME vulnerabilities we have Shannon Morse here to break it all down and give us an infosec perspective.Starring Sarah Lane, Shannon Morse, Roger Chang and Len Peralta.MP3Using a Screen Reader? Click hereMultiple versions (ogg, video etc.) from Archive.org.Please SUBSCRIBE HERE.Subscribe through Apple Podcasts.Follow us on Soundcloud.A special thanks to all our supporters–without you, none of this would be possible.If you are willing to support the show or give as little as 5 cents a day on Patreon. Thank you!Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!Big thanks to Mustafa A. from thepolarcat.com for the logo!Thanks to Anthony Lemos of Ritual Misery for the expanded show notes!Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subredditShow NotesTo read the show notes in a separate page click here! See acast.com/privacy for privacy and opt-out information. Become a member at https://plus.acast.com/s/dtns.
C’est Sébastien B. et Xavier qui parcourent pour nous l’actualité de la semaine,… C’est leur revue de presse technologique qu’ils partagent avec nous durant un peu plus d’une heure. Bonne écoute ! https://youtu.be/dQE1tAVuYBQ A comme Apple L’Apple Watch révèle un problème cardiaque (source) B comme Brouzoufs Facebook claque plus de 1M$ pour son nouveau campus (source) E comme Espace: un micro-hélicoptère bientôt envoyé sur Mars (source) et (source) G comme Google YouTube va incorporer un mode incognito (source) Google va forcer les constructeurs à mettre à jour leurs smartphones (source) J comme Justice Apple et Samsung retournent devant les tribunaux (source) M comme Musique Google veut concurrencer Spotify et Apple Music (source) S comme Sécurité Adobe publie une mise à jour critique d’Acrobat (source) Faille dans les protocoles PGP et S/MIME (source) et (source) Kaspersky déménage en terrain neutre (source) S comme Serveurs Qualcomm abandonnerait ses serveurs ARM? (source) Google Compute Engine lance des offres à 3.8TB (source) W comme Wéménon Des internautes imaginent des conversations avec Google Duplex (source) Avec: Sébastien Buysse (Chroniqueur)https://www.informaticien.beDéveloppeur élevé à coup de strings depuis ma plus tendre enfance, j'ai baigné durant de longues années dans des projets libres, tout en étant indépendant depuis la première heure. J'ai commencé ma carrière comme consultant, tout en lançant des projets au fil des ans comme informaticien.be, et plus récemment Freedelity, qui occupe mes jours ces dernières années à 150%. Bidouilleur, et flasheur de l'extrême, mon bureau est le rêve des amateurs de bitonios en tous genres! (Bon, presque).Xavier Hang (Chroniqueur)http://www.snugr.be - http://xavier.smart-it.beICT manager et consultant pendant plus de 10 ans. CEO & co-fondateur de 4INCH, une société belge qui a développé Snugr pour aider les les propriétaires et gestionnaires de bâtiments à augmenter leur confort et à réduire leur consommation de chauffage.J'adore tout ce qui a une adresse IP ou un firmware à mettre à jour, la magie, la photographie, la musique, le poker, être avec des amis et, par dessus tout, ma femme et nos deux fils.Marc Lescroart (Animateur / Réalisateur)http://www.commealaradio.netPassionné par les nouveaux médias, les nouvelles technologies, ...J'ai fréquenté avec assiduité les studios de radios belges durant plus de 30 ans en tant que réalisateur, producteur, chroniqueur, animateur ou encore webmaster.
C'est Sébastien B. et Xavier qui parcourent pour nous l'actualité de la semaine,… C'est leur revue de presse technologique qu'ils partagent avec nous durant un peu plus d'une heure. Bonne écoute !https://youtu.be/dQE1tAVuYBQA comme AppleL'Apple Watch révèle un problème cardiaque (source)B comme BrouzoufsFacebook claque plus de 1M$ pour son nouveau campus (source)E comme Espace:un micro-hélicoptère bientôt envoyé sur Mars (source) et (source)G comme GoogleYouTube va incorporer un mode incognito (source)Google va forcer les constructeurs à mettre à jour leurs smartphones (source)J comme JusticeApple et Samsung retournent devant les tribunaux (source)M comme MusiqueGoogle veut concurrencer Spotify et Apple Music (source)S comme SécuritéAdobe publie une mise à jour critique d'Acrobat (source)Faille dans les protocoles PGP et S/MIME (source) et (source)Kaspersky déménage en terrain neutre (source)S comme ServeursQualcomm abandonnerait ses serveurs ARM? (source)Google Compute Engine lance des offres à 3.8TB (source)W comme WéménonDes internautes imaginent des conversations avec Google Duplex (source)Avec:Sébastien Buysse (Chroniqueur)https://www.informaticien.beDéveloppeur élevé à coup de strings depuis ma plus tendre enfance, j'ai baigné durant de longues années dans des projets libres, tout en étant indépendant depuis la première heure. J'ai commencé ma carrière comme consultant, tout en lançant des projets au fil des ans comme informaticien.be, et plus récemment Freedelity, qui occupe mes jours ces dernières années à 150%. Bidouilleur, et flasheur de l'extrême, mon bureau est le rêve des amateurs de bitonios en tous genres! (Bon, presque).Xavier Hang (Chroniqueur)http://www.snugr.be - http://xavier.smart-it.beICT manager et consultant pendant plus de 10 ans. CEO & co-fondateur de 4INCH, une société belge qui a développé Snugr pour aider les les propriétaires et gestionnaires de bâtiments à augmenter leur confort et à réduire leur consommation de chauffage. J'adore tout ce qui a une adresse IP ou un firmware à mettre à jour, la magie, la photographie, la musique, le poker, être avec des amis et, par dessus tout, ma femme et nos deux fils.Marc Lescroart (Animateur / Réalisateur)http://www.commealaradio.netPassionné par les nouveaux médias, les nouvelles technologies, ...J'ai fréquenté avec assiduité les studios de radios belges durant plus de 30 ans en tant que réalisateur, producteur, chroniqueur, animateur ou encore webmaster. Voir Acast.com/privacy pour les informations sur la vie privée et l'opt-out.
The ubiquitous email encryption schemes PGP and S/MIME are vulnerable to attack, according to a group of German and Belgian researchers who posted their findings on Monday. The weakness could allow a hacker to expose plaintext versions of encrypted messages—a nightmare scenario for users who rely on encrypted email to protect their privacy, security, and safety.
Researchers have uncovered vulnerabilities in PGP and S/MIME, Tesla engineers reveal they considered adding driver attentiveness when developing the autopilot feature, Uber riders can now rate their ride mid-trip and Apple faces a class action lawsuit over defective keyboards.Starring Sarah Lane, Justin Robert Young and Roger Chang.MP3Using a Screen Reader? Click hereMultiple versions (ogg, video etc.) from Archive.org.Please SUBSCRIBE HERE.Subscribe through Apple Podcasts.Follow us on Soundcloud.A special thanks to all our supporters–without you, none of this would be possible.If you are willing to support the show or give as little as 5 cents a day on Patreon. Thank you!Big thanks to Dan Lueders for the headlines music and Martin Bell for the opening theme!Big thanks to Mustafa A. from thepolarcat.com for the logo!Thanks to Anthony Lemos of Ritual Misery for the expanded show notes!Thanks to our mods, Kylde, Jack_Shid, KAPT_Kipper, and scottierowland on the subredditShow NotesTo read the show notes in a separate page click here! See acast.com/privacy for privacy and opt-out information. Become a member at https://plus.acast.com/s/dtns.
A critical PGP and S/MIME bug is in the wild, EasyMesh promises standards Wifi Mesh networks, Zuck's in the sites, and Bittorrent Inc gets a rename. Plus the return of a classic!
Neste edição tratamos dos assuntos: aniversário de 1 ano dos incidentes com o WannaCry; SYNACK: Primeiro Ransomware a utilizar a técnica Process Doppelgänging; EFAIL: Vulnerabilidades ligadas ao uso de PGP/GPG e S/MIME na proteção de e-mais; Vulnerabilidade do Signal e TOP 10 Proactive Controls do OWASP. Leia o nosso blog post com mais detalhes sobre os assuntos em: https://morphuslabs.com/morphuscast-7-do-anivers%C3%A1rio-do-wannacry-ao-primeiro-ransomware-a-utilizar-process-doppelg%C3%A4nging-6672c7eea573
Arbeitgeber beklagen Fachkräftemangel Im deutschen Arbeitsmarkt klafft eine Lücke der Fachkräfte in naturwissenschaftlich-technischen Berufen so groß wie noch nie. Laut einer Analyse des arbeitgebernahen Instituts der deutschen Wirtschaft Köln fehlten den Unternehmen im April mehr als 300-tausend Fachleute oder 32,5 Prozent mehr als ein Jahr zuvor. Die Engpässe von Elektrikern bis zu Ingenieuren wären allerdings ohne das dynamische Beschäftigungswachstum Dank der ins Land gekommenen Flüchtlinge noch dramatischer, heißt es. Efail: Was man jetzt beachten muss Mit PGP und S/MIME verschlüsselte E-Mails können unter bestimmten Umständen von Angreifern aus dem Netz mitgelesen werden. Die als Efail bekannt gewordene Schwachstelle betrifft die meisten gängigen Mail-Programme, die HTML-E-Mails empfangen und darstellen können. Um sich und seine Geheimnisse zu schützen, gibt es mehrere Möglichkeiten: Zunächst sollte man das Anzeigen externer Bilder in Mails unterbinden. Wer auch das Anzeigen von HTML deaktiviert und sich auf Plaintext beschränkt, ist nach aktuellem Kenntnisstand erst mal sicher. Dashcam-Aufnahmen können als Beweismittel gelten Dashcam-Aufnahmen dürfen bei Unfall-Prozessen genutzt werden, auch wenn sie gegen Datenschutzbestimmungen verstoßen. Das hat der Bundesgerichtshof nun entschieden. Das heißt, dass das permanente Aufzeichnen zwar nach wie vor unzulässig bleibt. Über die Frage der Verwertbarkeit solle jedoch vielmehr aufgrund einer Interessen- und Güterabwägung nach den im Einzelfall gegebenen Umständen entschieden werden, so die Richter. Neue Hinweise auf Wasserfontänen auf dem Jupitermond Europa Die längst verglühte Jupitersonde Galileo hat Daten gesammelt, die Wasserfontänen auf dem Eismond Europa nahelegen. Dort könnte es also die Zutaten für die Entstehung von erdähnlichem Leben geben. In wenigen Jahren sollen zwei Sonden zu Europa starten und nun wird es wahrscheinlicher, dass sogar ein Lander mitgeschickt wird. Diese und alle weiteren aktuellen Nachrichten finden Sie auf heise.de
A critical PGP and S/MIME bug is in the wild, EasyMesh promises standards Wifi Mesh networks, Zuck's in the sites, and Bittorrent Inc gets a rename.
SMC Resets, Migration Assistant tricks, Auto-Upgrade solutions and Renting vs. Owning your Cable Modem are just the beginning for your two favorite geeks today. S/MIME is taken to a whole other level with guest Jeff Butts who helps us all understand how to make this work on both macOS and […]
Josh and Kurt discuss an IoT bear, Alexa and Siri, Google's E2Email and S/MIME.
HIMSS is an acronym for a reason. Better health and more painful feet can be as cheap as $25. Relive Jurassic Park on the internetz. Nick and Nikhil develop a coffee tasting experiment. S/MIME is awesome, cryptography is moot, and Google Keep is what Evernote wishes it could be when it grows up (and it works with GTD)!