How to send encrypted (at a cost) and ‘confidential’ emails on Gmail
Gmail may be very easy to use, and probably also one of the most used e-mail services out there, but Google has still not made any real effort to help e-mails going proper E2EE for all, despite the technology being available for a very long time.
📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #38/2023 is out! It includes the following and much more:
➝ 🔓 ❌ TransUnion Denies #Breach After Hacker Publishes Allegedly Stolen Data
➝ 🔓 ⚖️ Hackers breached International Criminal Court’s systems last week
➝ 🔓 🤖 #Microsoft#AI researchers accidentally exposed terabytes of internal sensitive data
➝ 🦠 💸 #BlackCat#ransomware hits #Azure Storage with #Sphynx encryptor
➝ 🇮🇷 🇮🇱 Iranian Nation-State Actor OilRig Targets Israeli Organizations
➝ 🇮🇳 #India's biggest tech centers named as #cybercrime hotspots
➝ 🇫🇮 💊 Finnish Authorities Dismantle Notorious #PIILOPUOTI Dark Web Drug Marketplace
➝ 🇨🇦 🇷🇺 Canadian Government Targeted With #DDoS Attacks by Pro-#Russia Group
➝ 🇨🇳 🇺🇸 #China Accuses U.S. of Decade-Long #Cyberespionage Campaign Against #Huawei Servers
➝ 🇺🇸 🇨🇳 China's Malicious Cyber Activity Informing War Preparations, #Pentagon Says
➝ 🇨🇳 🦠 New #SprySOCKS Linux #malware used in cyber espionage attacks
➝ 🇬🇧 🔐 UK Minister Warns #Meta Over End-to-End Encryption
➝ 🇺🇸 🇷🇺 One of the #FBI’s most wanted hackers is trolling the U.S. government
➝ 🦠 🥸 Fake #WinRAR proof-of-concept exploit drops #VenomRAT malware
➝ 🦠 📈 #P2PInfect botnet activity surges 600x with stealthier malware variants
➝ 🦠 📡 Hackers backdoor #telecom providers with new HTTPSnoop malware
➝ 🦠 🐝 #Bumblebee malware returns in new attacks abusing #WebDAV folders
➝ 🔐 #GitHub launches #passkey support into general availability
➝ ☑️ 🐧 Free Download Manager releases script to check for #Linux malware
➝ 💬 🔐 #Signal adds quantum-resistant encryption to its #E2EE messaging protocol
➝ 🍏 🔐 #iOS 17 includes these new security and #privacy features
➝ 🩹 High-Severity Flaws Uncovered in #Atlassian Products and ISC BIND Server
➝ 🩹 😡 Incomplete disclosures by #Apple and #Google create “huge blindspot” for 0-day hunters
➝ 🍏 🩹 Apple emergency updates fix 3 new zero-days exploited in attacks
➝ 🩹 #TrendMicro fixes #endpoint protection zero-day used in attacks
➝ 🩹 #Fortinet Patches High-Severity #Vulnerabilities in FortiOS, FortiProxy, FortiWeb Products
➝ 🔓 Nearly 12,000 #Juniper#Firewalls Found Vulnerable to Recently Disclosed RCE Vulnerability
📚 This week's recommended reading is: "Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It" by Marc Goodman
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️
Good for Signal! If a willfully misguided government regulation fundamentally breaks your product in a way that compromises user safety, it doesn’t make much sense to continue offering it in the affected market. #E2EE#ForeverCryptoWars#CryptoMeansCryptography
“While the UK government has admitted it’s not possible to safely scan all of our private messages, it has granted Ofcom the powers to force tech companies to do so in the future.”
Każda osoba na #PolSocial ma konto na matrix. Wystarczy pobrać apkę Element, wskazać serwer pol.social i „Logowanie z Pol.social” czyli nawet konta nie trzeba zakładać i wpisywać user / password.
USA: „Czaty na Facebooku dostarczone przez firmę Meta doprowadziły kobietę do przyznania się do zarzutów związanych z aborcją / Oficer śledczy doręczył nakaz firmie Meta, która dostarczyła niezaszyfrowane sesje czatu pokazujące kobietę i jej córkę omawiające pigułki aborcyjne.”
Słuchajcie, pisanie na FB, TT czy G. to jak pisanie w komputerze min. Ziobry. Występują do BigTech o dane i dostają. Używajcie tylko komunikatorów z szyfrowaniem end to end #E2EE
Reminder that #Telegram is not secure communication. Most chats aren't end-to-end-encrypted to begin with, and even those that are use a strange custom-built algorithm rather than actual cryptographically sound algorithm such as the double-ratchet.
If you want actual secure communication, use #Signal, #Matrix, or even #WhatsApp (which is shit and will turn you in to the police but is still better than what Telegram).
🇬🇧 LEAK: The Spanish EU Presidency plans to line up a majority of EU governments for warrantless #ChatControl by the end of the month by paying lip service to #E2EE encryption.
David Davis & Caroline Lucas MPs are supporting an amendment to the Online Safety Bill that would seek to protect the end-to-end encrypted services. If you have time today, please contact your MP and ask them to support this amendment #onlinesafetybill#encryption#privacy#E2EE
"Searching through email content in an end-to-end encrypted email provider is no easy feat. Because Skiff does not have access to any user emails, all search queries have to be performed client-side. To make this possible, we’ve developed innovative search indexing algorithms that work in the browser, in Skiff’s Windows and macOS apps, and in our iOS and Android native apps."
The government knows and has admitted it cannot scan messages without undermining or breaking encryption, but wants to pretend otherwise. It is playing us for fools. #onlinesafetybill#encryption#e2ee
@JamesBaker of @openrightsgroup writes "At the eleventh hour of the Online Safety Bill’s passage through Parliament, the Government has found itself claiming to have both conceded that it won’t do anything stupid and that it may well press ahead if it wants to. It is in a total mess over its proposals to break end-to-end encryption and scan our private messages.." https://www.openrightsgroup.org/blog/omnishambles-over-encrypted-messages-continues/
🚨 BREAKING: The UK government has confirmed it is rowing back on its plans to scan private messages.
They've finally back down with an announcement that Ofcom won't use powers in the spy clause contained in the Online Safety Bill until it's 'technically feasible' to do so.
They've conceded that no current technology exists that would protect privacy or avoid breaking encryption.
Sorry but i am afraid there is nothing to party about regarding UK's #OnlineSafeyBill#e2ee
The UK "not applying" the powers they ask to get is maybe worse compared to pushing through directly. Why?
Pushing through now would likely mean WA/Signal/iMessage pulling out of UK with a big public backlash. And then the equivalent EU "ChatControl" bill would have a hard time to pass. But now the UK can wait and sync with the EU, possibly the US, and then the threat of pulling out of UK is muted.
After iOS, Element X beta is now available on Android. Go rush it, break the app, report bugs, let's all get fun together! Oh, and it's extremely fast, don't be surprised.
The UK government has (at least for now) decided to back off a piece of the #OnlineSafetyBill legislation that would have outright banned end-to-end encryption and would have been a major disaster in all means. https://archive.ph/HDnUa