tag:blogger.com,1999:blog-8400370148915075091.post7100996483537475466..comments2023-12-12T18:59:45.550+01:00Comments on Security Nirvana: Step 1: Securing My E-mailsecuritynirvanahttp://www.blogger.com/profile/11264687350187854173noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8400370148915075091.post-43714102461018723122013-02-26T09:27:50.365+01:002013-02-26T09:27:50.365+01:00Possibly relevant:
https://blog.duosecurity.com/20...Possibly relevant:<br />https://blog.duosecurity.com/2013/02/bypassing-googles-two-factor-authentication/Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8400370148915075091.post-34754498126083927732013-02-22T17:19:57.028+01:002013-02-22T17:19:57.028+01:00Hi Per, good to see some focus on email security. ...Hi Per, good to see some focus on email security. My two cents is however that although one can control the transfer between the server and client, unless specific transport policies are published (and tested) between the various SMTP servers, it is very difficult to gauge the security of public email providers. <br /><br />That said, I'm not proposing having novices running their own servers, and in full disclosure I'm using Google Apps for my own email hosting. What I do propose, is however a stronger focus on end-to-end encryption, in particular using RFC4880 (OpenPGP). For Thunderbird the Enigmail plugin to add GnuPG support is working rather nicely. <br /><br />Maybe a post focusing on this can be a natural follow-up on email security? Anonymoushttps://www.blogger.com/profile/01994346107685243465noreply@blogger.comtag:blogger.com,1999:blog-8400370148915075091.post-3898654269136917872013-02-20T07:52:31.917+01:002013-02-20T07:52:31.917+01:00Thank you for that information, I'll update my...Thank you for that information, I'll update my post!securitynirvanahttps://www.blogger.com/profile/11264687350187854173noreply@blogger.comtag:blogger.com,1999:blog-8400370148915075091.post-60090333669163542032013-02-20T00:59:58.760+01:002013-02-20T00:59:58.760+01:00A small note on the BEAST attack reported earlier ...A small note on the BEAST attack reported earlier on Hotmail.com<br /><br />It doesn't work. After it was published, all the major browser vendors decided to fix it and break support for a few outdated SSL sites.<br /><br />It's only a problem with outdated clients(Thunderbird I believe has the fix).<br /><br />http://youtu.be/LBbCec4Bp10?t=15m34sMangixhttps://www.blogger.com/profile/06816602571637076369noreply@blogger.com