#encryption
What #encryption do you use for your everyday #communication?
I'm not talking about your nerd friends, who can be counted on one hand and who know a thing or two about the subject. I'm talking about your normal friends, business partners and colleagues with whom you communicate both professionally and privately.
I was recently called by my support via Microsoft Teams because I had to enter some passwords. The support team proudly said that they were contacting me via Teams because it was more secure than the normal phone. He was then very surprised when I told him that Teams is unencrypted and can be intercepted much more easily.
#messenger #email #question #security #cybersecurity #internet #spy #surveillance #privacy #nsa #snowden #5eyes
Assuming you were a #whistleblower and wanted to remain #anonymous, how would you #contact the #press?
Everything that is not encrypted is wiretapped and even if it is encrypted, the metadata is analyzed. Are there any secure, anonymous communication channels left in the digital age?
#question #journalism #leak #communication #security #surveillance #privacy #internet #encryption #messenger
#GoFetch: Breaking Constant-Time #Cryptographic Implementations Using Data Memory-Dependent Prefetchers
Source: https://gofetch.fail
#Apple #cpu #hardware #problem #security #encryption #OpenSSL #ssl #Memory #timing #exploit
Version 4.58 of EasyGPG is Published
EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.
The following changes were made.
- EasyGPG now, once again, works with Tails, if
nemoor another graphical file manager that follows the FreeDesktop.org guidelines is installed. From now on, usingnemoor one of the others, you can use EasyGPG with Tails pretty much the same way as with other distros.
The sha256sum of this new version of easygpg.sh is 4788bf28aeacb164af7cb0818977bd0ca59671c0307e2827c9993d418887f0ae.
Tails Users
This one time, because of the changes to Tails, you will have to update in a special way.
- Install
nemoor another graphical file manager that follows the FreeDesktop.org guidelines. Make sure it is marked to be installed every time you start Tails. - Download https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/easygpg.asc
- Move
easygpg.ascto thePersistentfolder. - Open a terminal window and
cdto thePersistentfolder. Then typegpg -d easygpg.asc | tar -x. This should create a file in yourPersistentfolder namedeasygpg.sh. - Open a window to
Persistentwithnemoor whatever else you installed. Moveeasygpg.shinto your EasyGPG folder, replacing the copy already there. - Double-click
Rebuild EasyGPGto rebuild your EasyGPG folder.
Other Users
To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).
If you update from a very old version, check to make sure you have the latest version. If not, update again.
To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.
To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.
If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.
https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz
[The installer is also available at
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P).]
EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://easygpg2.i2p/ I2P eepsite
EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/
EasyGPG Minus Library
[minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/](minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/)
For news about EasyGPG, click on the #easygpg tag.
This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.
When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read a file from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.
#easygpg #gpg #encryption #privacy #surveillance #security #cryptography
New Version of EasyGPG Is Coming Soon
This is only important to users of Tails.
The most recent version of Tails removes all support for FreeDesktop.org Desktop files. This is a problem for EasyGPG because, beginning with version 4.0, EasyGPG has used Desktop files for almost everything.
** Until the new version is published**, here is what you should do. Install nemo. Nemo is the default graphical file manager for the Cinnamon DE. It supports FreeDesktop.org Desktop files. To install nemo type this into a terminal window.
sudo apt update
This reads all of the Tails repos. Then type this.
sudo apt install nemo
This installs Nemo. Be sure to mark nemo to be installed every time you start Tails.
Nemo will be the second item in the Accessories sub-menu of the Applications menu labeled "Files." Using Nemo, no other workarounds for Tails will be necessary. I will publish a new version of EasyGPG in the near future that will work with Tails much more like the way it works with other distros.
#easygpg #gpg #encryption #privacy #surveillance #security #cryptography
Breaking Bitlocker - Bypassing the Windows Disk Encryption in 43 Seconds
In this #video we will use a #hardware attack with a #RaspberryPi Pico to bypass TPM-based #Bitlocker #encryption as used on most #Microsoft #Windows devices.
Watch on YouTube: https://www.youtube.com/watch?v=wTl4vEednkQ
Alternative with more privacy watch here (select an instance and press "Go"): https://redirect.invidious.io/watch?v=wTl4vEednkQ
One of the key leaders of #EncroChat extradited to #France with the support of #Eurojust
source: https://www.eurojust.europa.eu/news/one-key-leaders-encrochat-extradited-france-support-eurojust
... supplying or transferring a cryptologic device without integrity control or prior declaration to the authorities.
Did you know that a cryptographic device could be illegal? Doesn't that apply to almost every good messenger that you can easily download?
#cybercrime #crime #justice #question #problem #cryptowars #encryption #EU #news #law
There is a real need for encrypted e-mails but instead we have lots of encrypted PDF attachments
More and more of my accounts are all arriving now with password encrypted PDFs. It’s good that an open standard is being used, but the passwords are really getting complicated as some use my ID number, one uses my bond account number, and some others again use their own unique account numbers. Apart from my ID number, the others I have no easy way of remembering, so it means constantly having to look up what the password is for that particular PDF. This gets worse if you are travelling. Also, it means that when saving the PDF to my computer I want it decrypted for ease of access and searching, so it is another step to print to PDF, for that to happen.
Given that the whole point of this is the protection of private information (in South Africa, the POPI Act) this could have been seamlessly achieved with proper encrypted e-mail being used. That would have been a once-off trust to set up, and after that it just works seamlessly and securely.
But clearly, encrypted e-mail is just way beyond the ordinary business or user… They have been so geared up for using PDF attachments, so now encrypting the PDF was the only easy way to go. I get that encrypted e-mail is a bit of an initial learning curve (unless you use Proton Mail or similar easy to use encrypted e-mail). But think about where all this encrypted PDF stuff is going in the future, and the fact that the rest of the e-mail content is wide open and unencrypted.
Have you ever tried responding to one of the businesses by sending your encrypted PDF form back to them (as it should be)? They don’t then always know how to open it on their side, so you need to e-mail the password to them, which defeats the whole exercise.
The other folly I’ve picked up just today, is I log into a secure portal to download the PDFs that are online in my account, but those are also encrypted with a password! Even my bank has the PDFs unencrypted on the portal, as you’ve just logged in with a password and 2FA to access the PDF statement.
It’s getting messier, and I really do think we should be making the effort in 2024 to move to proper encrypted e-mail. But the reality of it is, that needs every business and every end user to actually be able to use encrypted e-mail. But that would mean also that Microsoft, Google, Apple, the NSA, and other middle-people would not be able to search or read any of those e-mails anymore. That is not in Big Tech or Government’s own interests.
The realist in me says this is just really not going to happen any time soon. We have the technology, but we’ll have to move at the snail’s pace of the lowest common denominator in the chain, in order to get there.
#Blog, #email, #encryption, #PDF, #privacy, #technology
IPNS-Link
#IPNS-Link leverages #IPFS, a #decentralized #HTTP replacement, to it's full potential...
#NAT traversal and decentralised relays allow your services to be reached from nearly anywhere, even if they're behind NATs with dynamic ip-addresses.
IPNS-Link Gateways act like a #CDN and will resolve IPFS and #IPNS URLs, offloading work from you to the IPFS network.
Your ip-addresses are #hidden from third-parties behind #encryption, only IPNS-Link Gateways you decide to trust can access your service.
IPNS-Link is simple to deploy and easy to relocate to new devices.
There's a new app considered more secure than Signal... in France. Jean-Noël Barrot, Minister for Digital Transition and Telecommunications, says it's made in France, certified by ANSSI, encrypted, does not collect any personal data, and he has been using it with his team since July 2022. In December the entire French Government will use Olvid, the most secure instant messaging in the world, he says.
Hmm, it's December now. When did he write this? Nov 29, 2023.
ANSSI is France's National Agency for Information System Security (stands for Agence Nationale de la Sécurité des Systèmes d'Information).
Elle est française, certifiée par l' @ANSSI_FR , chiffrée, ne collecte aucune donnée personnelle
When you want to hide the #encryption keys or Wikipedia itself, use common electronic packages from the 1960's. How many terabytes does that 47uF capacitor hold? Is that really a #FPGA chip embedded between the layers of this #PCB? Is that a complete #LoRa digital radio underneath the traces? Is that #SMD diode really a HDR color camera? That 2200uF capacitor seems to hold a charge like a lithium ion battery...
#BLUFFS: #Bluetooth Forward and Future Secrecy Attacks and Defenses
Source: https://francozappa.github.io/post/2023/bluffs-ccs23/
TL;DR: If you are within range of a Bluetooth connection, you can force both devices into an insecure #encryption which can be cracked using brute force. The #workaround is to reject weak encryption via #software. Since there are never #updates for devices that have already been sold, any Bluetooth #connection with an old device must be considered insecure. Bluetooth can be monitored up to 100 meters with special antennas.
#bug #fail #security #hack #warning #danger #problem #update #news #CVE-2023-24023 #smartphone #vulnerability
Version 4.57.6 of EasyGPG is Published
EasyGPG is an easy-to-use GUI for GPG that uses Zenity and XClip.
The following changes were made.
- One of the windows that appears when EasyGPG is first installed was too wide with recent versions of
zenity. This bug is now fixed.
The sha256sum of this new version of easygpg.sh is f5116f0ed08d6f43875de800a19a3e29e1274232536e90fa80c26583cf03b380.
To update to this new version, just double-click Check for a new version of EasyGPG in the EasyGPG-Actions folder (or, if your version is earlier than 4.0, select Check for a new version of EasyGPG in the main menu).
If you update from a very old version, check to make sure you have the latest version. If not, update again.
To update a copy of EasyGPG older than 3.0, use the installer (below), but select your already-existing EasyGPG folder. If you do this correctly, you will be asked whether or not you want to replace the existing EasyGPG. Click “Replace” to replace your old version of EasyGPG with the latest version.
To install EasyGPG for the first time, click on one of the following links. This is a tar.gz file. Extract the contents of the file, which will be a folder called EasyGPG-Installer. Open the folder, and double-click Install EasyGPG. This will create your new EasyGPG folder, and build all the files and folders inside it. Refresh the GUI file manager window to ensure the icons are correctly displayed.
If the Desktop files (all the Actions and the main Desktop file) do not work, you will need to install a graphical file manager that complies with the XDG standards: nemo, caja, pcmanfm, thunar, or dolphin. None of these has to be made the default graphical file manager. You only need to install one or more of them.
https://codeberg.org/giXzkGsc/EasyGPG/raw/branch/main/EasyGPG-Installer.tar.gz
https://archive.org/download/easygpg/EasyGPG-Installer.tar.gz
[The installer is also available at
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/EasyGPG-Installer.tar.gz (Onionland) and
http://easygpg2.i2p/EasyGPG-Installer.tar.gz (I2P).]
EasyGPG Web Sites
https://codeberg.org/giXzkGsc/EasyGPG Codeberg (clearnet)
https://archive.org/details/easygpg Internet Archive (clearnet)
http://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/ Tor Onion Service web site
http://easygpg2.i2p/ I2P eepsite
EasyGPG Tor Onion Gopher Hole
gopher://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/
EasyGPG Minus Library
[minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/](minus://7hinc6ucgvwbcjjoe44lhzzxyjptb3da6tzl33oe7ezl2qgwlrkfe6yd.onion/)
For news about EasyGPG, click on the #easygpg tag.
This project has never been on GitHub, though another project with the same name has. This project is not related in any way to the German government, though another project with the same name is.
When using software, the greatest threat to privacy and security is the Internet. EasyGPG will not attempt to communicate with the Internet unless you tell it to read a file from the Internet or check for a new version. I will make no attempt to discover who is using my software, where, when, how, or for what purpose.
#easygpg #gpg #encryption #privacy #surveillance #security #cryptography
