I did some testing on a Windows machine and tried out #Bitlocker#encryption for the first time… I'm shocked. This thing is black magic.
How did they manage to do full disk encryption that can be toggled on/off instantly? I was expecting it to rewrite the whole drive, like what would happen with LUKS on Linux OSes/utils, but no: even a whole existing C:\ drive with Win installed, you just enable encryption, it reboots in seconds instead of minutes/hours, and it's done.
@protonprivacy Bit of a long shot, but emails from Proton to my Fastmail email address with my personal domain show up as "green checkmark" in Proton webUI, but appears inside of Fastmail as a blank encrypted email. Is there something I can do on my DNS record to tell you not to send me encrypted emails?
India, Pakistan attempted to interfere in Canada's elections: CSIS
In the case of the 2019 election, CSIS said the Canadian government conducted what it called a "threat reduction measure" ahead of the vote, meant to "reduce the foreign interference threat posed by the Government of Pakistan."
"The situation was monitored and assessed to have effectively reduced the threat of interference," CSIS wrote.
...am, as yet, undecided regarding the potential threat of a surveillance state, as in #China, #NorthKorea, or #Russia, but things cannot continue as they are. The really stolen (from #HillaryClinton) #Election2016 in the #US should be a definite call for action.
However, ending end-to-end #encryption (#E2E) is certainly taking it way too far. There must be a society left worth fighting for.
"We need end-to-end #encryption for our financial lives, and Congress investigating the escalating abuses of intimate financial data in Atlanta is an important step toward accountability and change.” - ❤️Fight's @liaholland
The compression utility, known as xz Utils, introduced the malicious code in versions 5.6.0 and 5.6.1, according to Andres Freund, the developer who discovered it. There are no known reports of those versions being incorporated into any production releases for major Linux distributions, but both Red Hat and Debian reported that recently published beta releases used at least one of the backdoored versions—specifically, in Fedora Rawhide and Debian testing, unstable and experimental distributions. A stable release of Arch Linux is also affected. That distribution, however, isn't used in production systems.
Because the backdoor was discovered before the malicious versions of xz Utils were added to production versions of Linux, “it's not really affecting anyone in the real world,” Will Dormann, a senior vulnerability analyst at security firm Analygence, said in an online interview. “BUT that's only because it was discovered early due to bad actor sloppiness. Had it not been discovered, it would have been catastrophic to the world.”
Sharing some technical details about how I'm setting up the hosted email service. It will not be a service of BSD Cafe but tied to my own business. It will run entirely on BSD systems and on bare metal, NOT on "cloud" VPS. It will use FreeBSD jails or OpenBSD or NetBSD VMs (but on bhyve, on a leased server - I do not want user data to be stored on disks managed by others). The services (opensmtpd and rspamd, dovecot, redis, mysql, etc.) will run on separate jails/VMs, so compromising one service will NOT put the others at risk. Emails will be stored on encrypted ZFS datasets - so all emails are encrypted at rest - and only dovecot will have access to the mail datasets. I'm also considering the possibility of encrypting individual emails with the user's login password - but I still have to thoroughly test this. The setup will be fully redundant (double mx for SMTP, a domain for external IMAP access that will be managed through smart DNS - which will distribute the connections on the DNS side and, in case of a server down, will stop resolving its IP, sending all the connections to the other. Obviously, everything will be accessible in both ipv4 and ipv6 and in two different European countries, on two different providers. Synchronization will occur through dovecot's native sync (extremely stable and tested). All technical choices will be clearly explained - the goal of this service is to provide maximum transparency to users on how things will be handled.
#EU#Germany#CyberSecurity#Privacy#Encryption: "While governments around the world are planning to undermine strong encryption with client-side scanning, the German government now steps up for protecting citizen's right to privacy. This comes at no surprise as Germany is known for its strong data protection laws, which are also one of the reasons why Tuta is based in Germany.
Beginning 2024, German net activists from Netzpolitik.org have published the draft law that aims at making end-to-end encryption mandatory for messenger, email and cloud service providers.
You can read the full text of the law here (in German).
The newly published draft law follows the 2021 coalition agreement of the German government of SPD, FDP and the Greens. Back then the plan to introduce a right to encryption was met with great approval, especially among security experts and net activists."
Für Leute, die eigene Server betreiben und mal Klarheit bei der vorliegenden #TLS#SSL#encryption benötigen, können es hiermit testen.
testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL #ciphers, protocols as well as recent cryptographic flaws and more.
#SocialMedia#Facebook#Snapchat#Privacy#Encryption#Cybersecurity#Monopolies#Antitrust#BigTech: "In 2016, Facebook launched a secret project designed to intercept and decrypt the network traffic between people using Snapchat’s app and its servers. The goal was to understand users’ behavior and help Facebook compete with Snapchat, according to newly unsealed court documents. Facebook called this “Project Ghostbusters,” in a clear reference to Snapchat’s ghost-like logo.
On Tuesday, a federal court in California released new documents discovered as part of the class action lawsuit between consumers and Meta, Facebook’s parent company.
The newly released documents reveal how Meta tried to gain a competitive advantage over its competitors, including Snapchat and later Amazon and YouTube, by analyzing the network traffic of how its users were interacting with Meta’s competitors. Given these apps’ use of encryption, Facebook needed to develop special technology to get around it." https://techcrunch.com/2024/03/26/facebook-secret-project-snooped-snapchat-user-traffic/
#EU#Germany#Privacy#Encryption#CyberSecurity: "The recent breach in German military communications serves as a compelling argument for the adoption of universally accessible, secure communication platforms. And this is why truly private messengers like Signal offer simple, unified messaging apps, capable of connecting with any other person using it.
These mass platforms and standards are not merely tools. They must be understood as critical infrastructure for the digital age, ensuring that privacy and security are not privileges but rights accessible to all. By making end-to-end encryption the default, and ensuring that this default is available to everyone not siloed within a given company or institution, we safeguard not just the communication between high-ranking officials but the human right to privacy of every individual. A right that to be honored for anyone, anywhere, must transcend organizational boundaries and national borders.
To ensure privacy for anyone, we must champion systems that provide privacy to everyone. „Privacy for me but not for thee“ is an idea that, even in the 1990s, was understood to be fatally flawed. Those of us who believe in the human right to privacy must champion options that provide this right to the masses. Because if we don’t, everything from journalism, to dissent, to the sensitive communications of high ranking German military officials will be put at risk." https://netzpolitik.org/2024/taurus-leak-when-it-comes-to-privacy-its-all-or-nothing/
“While most countries want to introduce new surveillance laws, Germany is taking the opposite approach: The Federal Ministry for Digital and Transport Affairs (BMDV) has published a draft bill that will require email, messenger and other cloud providers to use strong end-to-end encryption.”
Unpatchable security flaw in Apple Silicon Macs breaks encryption
'University researchers have found an unpatchable security flaw in Apple Silicon Macs, which would allow an attacker to break encryption and get access to cryptographic keys.
The flaw is present in M1, M2, and M3 chips, and because the failing is part of the architecture of the chips, there’s no way for Apple to fix it in current devices …'