Infosecurity.US

Information Security & Occasional Forays Into Adjacent Realms

  • Web Log

To combat phishing, do not permit loading of remote images in your email client’s preferences settiings.

The Remote Phish: No Strings Attached

January 15, 2021 by Marc Handelman in Messaging Security, Anti-Phishing Protections, Information Security, Cyber Security

via Zeljka Zorz, Managing Editor, Help Net Security comes a well-crafted, on-target post, detailing the real danger with loading remote images in email messages (rather than directly embedded). Be careful out there!

'At the moment, this new approach to delivering images in phishing emails is quite popular and obviously rather successful, but as email security vendors find ways to counter these tricks, cyber criminals will have to change tack once more – and so the arms race continues.' - via Zeljka Zorz, Managing Editor, Help Net Security

January 15, 2021 /Marc Handelman
Messaging Security, Anti-Phishing Protections, Information Security, Cyber Security

Bad eMail Rising: US Federal Government Fails To Implement DMARC

October 18, 2018 by Marc Handelman in Messaging Security

via Ionut Ilascu, writing at the highly prolific Bleeping Computer, illuminates the collectiive failed expectations of the federal governement in the already highly compromised email space. This time, by failing to fully implement and deploy [Domain-based Message Authentication, Reporting & Conformance DMARC email authentication security on a national basis. Read it and weep my friends - for the chain mail that (apparently) may never end... Simply Shameful.

"BleepingComputer has checked the domains for the Air Force, the Army, Defense Logistics Agency, the Marines, the National Security Agency and the Navy almost none of them have adopted DMARC". - via Ionut Ilascu, at Bleeping Computer

October 18, 2018 /Marc Handelman
Messaging Security

Shmoocon 2017, Sebastian Verschoor's (In-)secure messaging with SCIMP and OMEMO →

February 23, 2017 by Marc Handelman in All is Information, Conferences, Education, Information Security, Messaging Security
February 23, 2017 /Marc Handelman
All is Information, Conferences, Education, Information Security, Messaging Security

Shmoocon 2017, Nikita Borisov and Sze Chuen - The State of Secure Messaging →

February 13, 2017 by Marc Handelman in All is Information, Conferences, Education, Messaging Security
February 13, 2017 /Marc Handelman
All is Information, Conferences, Education, Messaging Security

Deleters →

February 24, 2015 by Marc Handelman in All is Information, Information Security, Messaging Security, Messaging Persistance

In this case, Tweet Deleters... Apparently, foolish belief in the effectiveness of messaging deletions is widespread within the so-called twitter-sphere. Once published, the content will live on, in one form or another... Astonishing stupidity.

February 24, 2015 /Marc Handelman
All is Information, Information Security, Messaging Security, Messaging Persistance

EFF's Secure Messaging Scorecard

December 16, 2014 by Marc Handelman in All is Information, Cryptography, Information Security, Messaging Security

The Electronic Frontier Foundations' Secure Messaging Scorecard is our Must Read. In a nutshell, the EFF has graded the anti-surveillance efficacy of an impressive number of providers and software packages. Enjoy!

December 16, 2014 /Marc Handelman /Source
All is Information, Cryptography, Information Security, Messaging Security

NSA's CSfC Recognizes Knox →

October 22, 2014 by Marc Handelman in All is Information, Data Security, Government, Information Security, Intelligence, Messaging Security, Network Security, Security Tooling

News, via John Ribeiro, writing for PCWorld, of the acceptance of Samsung Electronics Co. Ltd.'s  (SSNLF) KNOX device product line within the National Security Agency's  Commercial Solutions for Classified program.

 

October 22, 2014 /Marc Handelman
All is Information, Data Security, Government, Information Security, Intelligence, Messaging Security, Network Security, Security Tooling

Android Cryptography Woes

July 01, 2014 by Marc Handelman in Cryptography, Information Security, Messaging Security, Research, Cruft, Web Security

Once more unto the breach, dear friends, once more.*  Apparently all the makings [crypto flaws] of an extraordinary breach of sensitive data, this time contained within an enormous number of Android devices, has been discovered. Astonishingly, upwards of eighty-six percentile of all Android devices may be vulnerable.

*[Cry God for Harry, England, and Saint George!' speech of Shakespeare's Henry V, Act III, 1598., evidently all the more relevant today...]

July 01, 2014 /Marc Handelman
Cryptography, Information Security, Messaging Security, Research, Cruft, Web Security

Distribution, Quantum Key, that is...

May 27, 2014 by Marc Handelman in Quantum Mathematics, Web Security, National Security, Cryptography, Science, Research, Information Security, Messaging Security, Identity Theft

via Nature [Toshihiko Sasaki, Yoshihisa Yamamoto and Masato Koashi) and reported by Wired's Chris Lee comes this fascinating tale of the tribulations enveloping quantum key distribution [QKD]. The proof, as they say in the vernacular, resides within the experiment...

May 27, 2014 /Marc Handelman
Quantum Mathematics, Web Security, National Security, Cryptography, Science, Research, Information Security, Messaging Security, Identity Theft

Mandiant, The Mail Saga

May 09, 2014 by Marc Handelman in Security, Messaging Security

Evidently, like the mere mortals of the Kingdom of Security, Mandiant principals check their email on iOS devices, regardless of the dangers therein.

May 09, 2014 /Marc Handelman
Security, Messaging Security