The Truth about PGP’s So-Called Email Bug: It Isn’t Much of a Problem

Word has been circulating in recent days that PGP has a major bug called Efail can can lead to encrypted emails being decrypted. Details about the problem have now been released and it seems the problem is not with PGP itself. It is with the way that some programmers implement PGP in their various email systems. PGP itself is not the problem.

In fact, decrypting PGP-encrypted email messages with Efail is a difficult task, at best. It probably is not practical for most hackers although NSA or agencies of other governments with access to high-powered computers and sophisticated software tools might be able to decrypt your email messages.

Continue reading

Gmail’s ‘Self Destruct’ Feature Will Probably be Used to Illegally Destroy Government Records

This sounds like a great tool for politicians and bureaucrats to illegally hide things from the public. However, on the bright side, it also will allow private citizens to hide things from politicians, bureaucrats, law enforcement officials, and hackers around the world.

In short, a new update rolling out for Gmail offers a “self destruct” feature that allows users to send messages that expire after a set amount of time.

Continue reading

How to Switch to Encrypted Email: The Ultimate Guide to Everyday Email Encryption

Are you using Gmail or Yahoo Mail or HotMail or Outlook.com or some other free email service hosted on the site of some multi-billion dollar corporation? If so, your email messages are being monitored and your personal information is available to corporations, governments, and other spies. In fact, Google admits that they do read (by means of automated software) all the emails that you send or receive via Gmail—mostly to improve their advertising platform. It is believed that most of the other major free email providers do the same.

Luckily, there is a simple solution: use an email service that offers encryption of your messages, even when stored on the email company’s mail servers. Not even the company that owns the mail servers can read your email messages (nor can the NSA). Several encrypted email providers offer free services for a limited number of email messages per month. However, most of them charge a modest monthly fee for unlimited or nearly unlimited messages and may add in some other security services as well. How much is your privacy worth?
Continue reading

Encrypted Email Service ProtonMail is Being Blocked in Turkey

I have written before about encrypted email provider Proton Mail. In fact, I used Proton Mail last week when I was in China as it was the only email service I could find that was not blocked by the Great Firewall of China. (I bet that changes soon!) Now the government of Turkey isn’t allowing its citizens access to the privacy-enabled email service.

See https://protonmail.com/blog/turkey-online-censorship-bypass/ for the details, unless you are in Turkey in which case the article is blocked.

Use Encipher.it to Quickly and Easily Encrypt Your E-mail Messages

Encipher.it is an amazing service. It secures your email messages and other data so that none of the bad guys can read it, it protects your work or personal files from identity thieves, it allows you to share confidential information easily with friends or co-workers, and it is available free of charge. What is there to dislike about Encipher.it?

Encipher.it offers several methods of use. In its easiest-to-use form, simply type your text into the Encipher.it web site (or copy-and-paste the text), click on ENCIPHER IT, enter an encryption password of your choosing, and your text is instantly converted into what looks like mumbo-jumbo. Here is a snippet from a message I just created:

EnCt2cde69551cb16fd53452aae147c8767b5688154e8cde69551cb16fd53452aae14jewcos7llgK
JmyiffFqxB1iaacDCXwhhO9bOo59TEVAoZ1ZCIuO2hzBwjQaCEqKnHlhPQ5+olv45+WHRa5lpnOZTl0/
sWq8sLn7bSL8KQs0JS7O+6u2qGTNN6Sf4WGRCs4zGl9pUtRRzt9cdyJXo9YcCrUD2IS97/r9D0LJ5DGk
6maetzrdFe2zc6ozcjbsJ892gr2kLi/LZhKIz613DV/fu772ZYafZadUhUdMPuAlQJhyO0gHWDP1L3BL
5uByzmfydNkZ7ujerQYiZBey2GPMoa9aBkpAHzU+gdJZgEJ816uPfc5EIDIYjw1K1yKRsLgYCwHu6bq5

Decrypt it at https://encipher.it

Then you can copy-and-paste that mumbo-jumbo into an email message and send it to anyone of your choosing. You also need to tell the person the encryption password you used. (Don’t send the encryption password in unsecured email!)

Continue reading

You Absolutely Must Secure Your Home Router and You Probably Can’t

Your in-home router/modem may be the most insecure piece of hardware you own. Luckily, there is an easy fix although it isn’t cheap for many people: replace your present router’s internal software with a security-focused product, such as the free and open code, DD-WRT. The expense arises from the fact that most routers cannot easily replace the internal software. If you are one of the majority who owns a non-modifiable router, you will have to purchase a new router (which is a good idea anyway) and then install DD-WRT or a similar product yourself. If you are one of the fortunate few who do own a router that allows for modifying the internal software, you can upgrade to DD-WRT at no charge. Another alternative is that a few companies will sell new routers with DD-WRT or similar software already installed.

You can read much more about this topic in You Absolutely Must Secure Your Home Router and You Probably Can’t in the BoingBoing.net web site at: http://bit.ly/2Cpdspj. That article provides an overview in plain English of a somewhat more technical article, How to Protect Your Home Router from Attacks, by Lucian Constantin, available at: http://bit.ly/2CBh36N.

For the past 3 or 4 months, I have been using DD-WRT installed in a Linksys WRT3200ACM DD-WRT FlashRouter. It includes all the security enhancements of DD-WRT plus it also has a VPN installed. Not only are all connections from my desktop computer, laptop computer, tablet, and even my cell phone protected by the VPN, but even my Roku box, Apple TV, VoIP telephone, security video cameras, and even the Nest thermostat in my home are now connected to the Internet via a safe and secure VPN connection.

Continue reading

Buggy Microsoft Outlook Sending Encrypted S/MIME Emails With Plaintext Copy For Months

Do you use Microsoft Outlook to send supposedly-encrypted S/MIME email messages? If so, for at least last 6 months, your messages have been sent in both encrypted and unencrypted forms, exposing all your secret and sensitive communications to potential eavesdroppers.

If you are using Microsoft Outlook, you need to read an article in The Hacker News at http://bit.ly/2gbfpvW before you send your next message!

Comment: There are several better, more secure email programs than Microsoft Outlook. If you have a need for email security, you should investigate other solutions! You might start by looking at past articles about encrypted email services that have published in this blog. Start at: http://bit.ly/2gafXCb.