“After a secret breaks in the news, Reply All re-examines how Alex Blumberg’s Uber account was hacked.”
Mail-Dienste sehen alles
“Die elektronische Post kam mit kostenlosen Diensten in Mode. Für sie zahlen Kunden nicht in harter Währung, sondern akzeptieren Werbung und meist auch die Verwertung der aus ihren Daten gespeisten Kundenprofile.” Mittlerweile bekannt gewordene Abhörpraktiken der NSA rücken immer mehr auch Fragen nach der Sicherheit von E-Mails in den Vordergrund. Die Stiftung Warentest hat 14 Provider unter die Lupe genommen: Als Testsieger gehen Mailbox.org und Posteo hervor.
Edward Snowden: the untold story
“The question for us is not what new story will come out next. The question is, what are we going to do about it?” James Bamford interviews Edward Snowden, who regards the use of strong encryption in your everyday communication as a viable means to end mass surveillance.
Also watch United States of Secrets, a two-part series detailing how the US government came to monitor and collect the communications of millions around the world.
“OpenKeychain helps you communicate more privately and securely. It uses high-quality modern encryption to ensure that your messages can be read only by the people you send them to, others can send you messages that only you can read, and these messages can be digitally signed so the people getting them are sure who sent them.”
NSA surveillance: a guide to staying secure
“The NSA has turned the fabric of the internet into a vast surveillance platform, but they are not magical. They’re limited by the same economic realities as the rest of us, and our best defense is to make surveillance of us as expensive as possible.” Bruce Schneier works on the assumption that the NSA is able to decrypt most of the Internet.
On the same subject, David Meyer felt moved to pen an open letter titled ‘Dear stupid, stupid NSA’.
Good luck with that
“Practicing effective counterintelligence on the internet is an extremely difficult process and requires planning, evaluating options, capital investment in hardware, and a clear goal in mind.” The advice of the grugq is to choose your adversaries carefully, should you wish to maintain anonymity.
Anonymous speaks: the inside story of the HBGary hack
“I’ve talked to some of those who participated in the HBGary hack to learn in detail how they penetrated HBGary’s defenses and gave the company such a stunning black eye — and what the HBGary example means for the rest of us mere mortals who use the Internet.” Peter Bright’s story may be a couple of years old, but it still makes for an interesting read and tells you what not to do.
Redirecting mail for the local root user
postfix is Ubuntu’s default mail transfer agent (MTA) and can be configured to deliver mail using a relay host that requires SMTP authentication. Get the necessary packages with the following command:
user@ubuntu:~$ sudo apt-get install postfix bsd-mailx
Begin to configure your postfix installation by choosing satellite system as the general type of configuration. Enter the local machine name as the mail name (eg mycomputer.edafe.de) and the SMTP server address of your email service provider as the SMTP relay host (eg smtp.relayhost.com). Edit the file /etc/postfix/main.cf and add the following:
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
Create the file /etc/postfix/sasl_passwd and make the following entries:
Substitute smtp.relayhost.com with the address of the SMTP relay host and user:password with your login details. Continue by executing the following three commands:
user@ubuntu:~$ sudo chown root.root /etc/postfix/sasl_passwd
user@ubuntu:~$ sudo chmod 600 /etc/postfix/sasl_passwd
user@ubuntu:~$ sudo postmap hash:/etc/postfix/sasl_passwd
Instruct postfix to reload its settings with the following command:
user@ubuntu:~$ sudo /etc/init.d/postfix reload
Making changes to the alias table
The aliases table provides a system-wide mechanism to redirect mail for local recipients. Edit the file /etc/aliases to contain the following entries:
The localuser is the system administrator. Substitute email@example.com with the email address that you would like mail for the root user to be redirected to. Finally, update /etc/aliases.db using the following command:
user@ubuntu:~$ sudo newaliases
Mail for the local root user from now on will automatically be forwarded to firstname.lastname@example.org , using smtp.relayhost.com as the relay host.
Still sending naked email?
“In a world of repressive governments and a growing reliance on insecure networks, there’s no way anyone can be sure their most sensitive messages aren’t intercepted by the forces of darkness. But you can make it mathematically improbable that all but the most well-funded snoops could ever make heads or tales of your communications.” Use Dan Goodin’s step-by-step guide to email encryption and keep your communications private.
Why you shouldn’t use HTML email
“Spammers use HTML emails to confirm your address.” There are other drawbacks to using HTML-formatting when sending and receiving emails. Consider this list of potential pitfalls that Martin Favreau has compiled for you.
Why use email encryption?
Email encryption should be used by everyone. Here’s why.
Redirecting mail for the local root user
This post has been updated.
How to encrypt your email
“You too can get PGP set up in a few simple steps.” Jason Thomas shows just how easy it is to start encrypting your messages.
Thinking about email security
“The bottom line is, if your email passes through or is stored on servers controlled by others, it’s probably a good idea to consider encryption.” Joe Brockmeier considers the confidentiality of your messages.
A practical introduction to GNU Privacy Guard in Windows
“In this guide, I will show you how to use the most important GPG commands.” Brendan Kidwell introduces GnuPG for Windows users.
Introduction to cryptography
Not entirely sure how cryptography works? This document’s two chapters, The Basics of Cryptography and Phil Zimmermann on PGP, will tell you what you need to know.
www.ncsa.illinois.edu (PDF file)
Why do you need PGP?
For a conclusive answer read this article by Phil Zimmermann, author of the Pretty Good Privacy application.