Win / GreatAwakening
GreatAwakening
Communities Topics
Sign In
Hot
All Posts
Settings
DEFAULT COMMUNITIES All General AskWin Funny Technology Animals Sports Gaming DIY Health Positive Privacy
GreatAwakening Where We Go Qne, We Go All!
hot new rising top

Sign In or Create an Account

Reason: None provided.

What ? You mean those vulnerability ? https://efail.de/

Migrations:

Short term: No decryption in email client.The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.

God,it isn't obvious ?

Second, the direct exfiltration attack abuses vulnerabilities in Apple Mail, iOS Mail and Mozilla Thunderbird to directly exfiltrate the plaintext of encrypted emails.

XD - it is big and dangerous vulnerability of PGP indeed :P

Let's go back to wired:

The science of cryptography has advanced dramatically since then, but PGP hasn’t, and any new implementations have to remain compatible with the features of previous tools, which can leave them vulnerable to similar exploits.

There are other faults, including the difficulty of accessing encrypted emails across multiple devices, and the issue of forward secrecy, which means that a breach potentially opens up all your past communication (unless you change your keys regularly). It’s rumoured that the NSA stockpiles encrypted messages in the hope of gaining access to the keys at a later date.

So simply: it is bad because "too hard" and because you can use the same password... i mean in this case the same key ? XD Oh that is so obvious opsec i never knew it that you have to change your password to your mailbox,and none company really demands it. Let's set some password like "123456" XD

And look more at those wired article what they propose INSTEAD:

The rise of encrypted messengers

The rise of what ? XD They are indeed well encrypted but for who,and for who are not ?

By contrast, in 2016, there were almost 50 million global downloads of the encrypted messaging app Telegram. On Twitter, links to PGP keys in the bios of journalists are being replaced by the phone numbers they use for Signal, the encrypted messaging service endorsed by leading security experts around the world. Then there’s Apple’s iMessage, and of course WhatsApp - which, in turning on end-to-end encryption for more than a billion by default has arguably done the most to take encryption to the masses. “Not only are there improvements to the encryption itself, you don’t have to do anything technical to get set-up, and you don’t really have to be worried in most cases about your data being exfiltrated,” says Boehm. Green says these apps, with their modern cryptography techniques and seamless user experience**, are “the solution” to problems of PGP. “You have all the key management problems hidden from you. They’re managed by the system.”

LOL ! ROTFL !!! XD By the system - exactly,BY THE SYSTEM XD

In PGP you can send your private key to keyserv,but you don't really have to

“It’s not going to get better tomorrow, but you can make encryption the default if you make the services good enough,” says Green. Until then, better head to the App Store.

Wired proves being for sheeple,and that not suprises me.But thank you,really thank you, it is beautiful LOLcontent,I will archive it on CD when I will be doing backup XD :D

3 years ago
1 score
Reason: None provided.

What ? You mean those vulnerability ? https://efail.de/

Migrations:

Short term: No decryption in email client.The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.

God,it isn't obvious ?

Second, the direct exfiltration attack abuses vulnerabilities in Apple Mail, iOS Mail and Mozilla Thunderbird to directly exfiltrate the plaintext of encrypted emails.

XD - it is big and dangerous vulnerability of PGP indeed :P

Let's go back to wired:

The science of cryptography has advanced dramatically since then, but PGP hasn’t, and any new implementations have to remain compatible with the features of previous tools, which can leave them vulnerable to similar exploits.

There are other faults, including the difficulty of accessing encrypted emails across multiple devices, and the issue of forward secrecy, which means that a breach potentially opens up all your past communication (unless you change your keys regularly). It’s rumoured that the NSA stockpiles encrypted messages in the hope of gaining access to the keys at a later date.

So simply: it is bad because "too hard" and because you can use the same password... i mean in this case the same key ? XD Oh that is so obvious opsec i never knew it that you have to change your password to your mailbox,and none company really demands it. Let's set some password like "123456" XD

And look more at those wired article what they propose INSTEAD:

The rise of encrypted messengers

The rise of what ? XD They are indeed well encrypted but for who,and for who are not ?

By contrast, in 2016, there were almost 50 million global downloads of the encrypted messaging app Telegram. On Twitter, links to PGP keys in the bios of journalists are being replaced by the phone numbers they use for Signal, the encrypted messaging service endorsed by leading security experts around the world. Then there’s Apple’s iMessage, and of course WhatsApp - which, in turning on end-to-end encryption for more than a billion by default has arguably done the most to take encryption to the masses. “Not only are there improvements to the encryption itself, you don’t have to do anything technical to get set-up, and you don’t really have to be worried in most cases about your data being exfiltrated,” says Boehm. Green says these apps, with their modern cryptography techniques and seamless user experience**, are “the solution” to problems of PGP. “You have all the key management problems hidden from you. They’re managed by the system.”

LOL ! ROTFL !!! XD By the system - exactly,BY THE SYSTEM XD

In PGP you can send your private key to keyserv,but you don't really have too

“It’s not going to get better tomorrow, but you can make encryption the default if you make the services good enough,” says Green. Until then, better head to the App Store.

Wired proves being for sheeple,and that not suprises me.But thank you,really thank you, it is beautiful LOLcontent,I will archive it on CD when I will be doing backup XD :D

3 years ago
1 score
Reason: None provided.

What ? You mean those vulnerability ? https://efail.de/

Migrations:

Short term: No decryption in email client.The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.

God,it isn't obvious ?

Second, the direct exfiltration attack abuses vulnerabilities in Apple Mail, iOS Mail and Mozilla Thunderbird to directly exfiltrate the plaintext of encrypted emails.

XD - it is big and dangerous vulnerability of PGP indeed :P

Let's go back to wired:

The science of cryptography has advanced dramatically since then, but PGP hasn’t, and any new implementations have to remain compatible with the features of previous tools, which can leave them vulnerable to similar exploits.

There are other faults, including the difficulty of accessing encrypted emails across multiple devices, and the issue of forward secrecy, which means that a breach potentially opens up all your past communication (unless you change your keys regularly). It’s rumoured that the NSA stockpiles encrypted messages in the hope of gaining access to the keys at a later date.

So simply: it is bad because "too hard" and because you can use the same password... i mean in this case the same key ? XD Oh that is so obvious opsec i never knew it that you have to change your password to your mailbox,and none company really demands it. Let's set some password like "123456" XD

And look more at those wired article what they propose INSTEAD:

The rise of encrypted messengers

The rise of what ? XD They are indeed well encrypted but for who,and for who are not ?

By contrast, in 2016, there were almost 50 million global downloads of the encrypted messaging app Telegram. On Twitter, links to PGP keys in the bios of journalists are being replaced by the phone numbers they use for Signal, the encrypted messaging service endorsed by leading security experts around the world. Then there’s Apple’s iMessage, and of course WhatsApp - which, in turning on end-to-end encryption for more than a billion by default has arguably done the most to take encryption to the masses. “Not only are there improvements to the encryption itself, you don’t have to do anything technical to get set-up, and you don’t really have to be worried in most cases about your data being exfiltrated,” says Boehm. Green says these apps, with their modern cryptography techniques and seamless user experience**, are “the solution” to problems of PGP. “You have all the key management problems hidden from you. They’re managed by the system.”**

LOL ! ROTFL !!! XD By the system - exactly,BY THE SYSTEM XD

In PGP you can send your private key to keyserv,but you don't really have too

“It’s not going to get better tomorrow, but you can make encryption the default if you make the services good enough,” says Green. Until then, better head to the App Store.

Wired proves being for sheeple,and that not suprises me.But thank you,really thank you, it is beautiful LOLcontent,I will archive it on CD when I will be doing backup XD :D

3 years ago
1 score
Reason: Original

What ? You mean those vulnerability ? https://efail.de/

Migrations:

Short term: No decryption in email client.The best way to prevent EFAIL attacks is to only decrypt S/MIME or PGP emails in a separate application outside of your email client. Start by removing your S/MIME and PGP private keys from your email client, then decrypt incoming encrypted emails by copy&pasting the ciphertext into a separate application that does the decryption for you. That way, the email clients cannot open exfiltration channels. This is currently the safest option with the downside that the process gets more involved.

God,it isn't obvious ?

Second, the direct exfiltration attack abuses vulnerabilities in Apple Mail, iOS Mail and Mozilla Thunderbird to directly exfiltrate the plaintext of encrypted emails.

XD - it is big and dangerous vulnerability of PGP :P

Let's go back to wired:

The science of cryptography has advanced dramatically since then, but PGP hasn’t, and any new implementations have to remain compatible with the features of previous tools, which can leave them vulnerable to similar exploits.

There are **other faults, including the difficulty of accessing encrypted emails across multiple devices, and the issue of forward secrecy, which means that a breach potentially opens up all your past communication (unless you change your keys regularly). **It’s rumoured that the NSA stockpiles encrypted messages in the hope of gaining access to the keys at a later date.

So simply: it is bad because "too hard" and because you can use the same password... i mean in this case the same key ? XD

And look more at those wired article what they propose INSTEAD:

The rise of encrypted messengers

The rise of what ? XD

By contrast, in 2016, there were almost 50 million global downloads of the encrypted messaging app Telegram. On Twitter, links to PGP keys in the bios of journalists are being replaced by the phone numbers they use for Signal, the encrypted messaging service endorsed by leading security experts around the world. Then there’s Apple’s iMessage, and of course WhatsApp - which, in turning on end-to-end encryption for more than a billion by default has arguably done the most to take encryption to the masses. “Not only are there improvements to the encryption itself, you don’t have to do anything technical to get set-up, and you don’t really have to be worried in most cases about your data being exfiltrated,” says Boehm. Green says these apps, with their modern cryptography techniques and seamless user experience**, are “the solution” to problems of PGP. “You have all the key management problems hidden from you. They’re managed by the system.”**

ROTFL !!! XD By the system - exactly,BY THE SYSTEM c XD

In PGP you can send your private key to keyserv,but you don't really have too

“It’s not going to get better tomorrow, but you can make encryption the default if you make the services good enough,” says Green. Until then, better head to the App Store.

Wired proves being for sheeple,and that not suprises me.But thank you,really thank you, it is beautiful LOLcontent XD :D

3 years ago
1 score