Techdirt lawyers ask judge to throw out suit over “Inventor of E-mail”

n the end, this isn’t a debate about facts, say Masnick’s lawyers. Both Ayyadurai and Masnick acknowledge that the MAILBOX program was created at MIT in the 1960s and that Ray Tomlinson created the “@” symbol protocol in 1971. The two draw different conclusions, however. Ayyadurai calls the ARPANET creations “command-line protocols for transferring text messages” or “primitive electronic communication systems.” In Masnick’s view, Ayyadurai doesn’t dispute the historical facts, but instead “attacks Techdirt’

Source: Techdirt lawyers ask judge to throw out suit over “Inventor of E-mail” | Ars Technica

Me Too! – You Had Me At EHLO…

First off, the original mail went to 13,000 users.  Assuming that 1,000 of those 13,000 users replied, that means that there are 1,000 replies being sent to those 13,000 users.  And it turns out that a number of these people had their email client set to request read receipts and delivery receipts.  Each read and delivery receipt causes ANOTHER email to be sent from the recipient back to the sender (all 13,000 recipients).  Assuming that 20% of the 1,000 users replying had read receipts or delivery receipts set, that meant that every one of the message that they sent caused another message to be sent for every one of the 13,000 recipients. So how many messages were sent?

Source: Me Too! – You Had Me At EHLO…

Yes, we can validate the Wikileaks emails

DKIM is a system designed to stop spam. It works by verifying the sender of the email. Moreover, as a side effect, it verifies that the email has not been altered.

Hillary’s team uses “hillaryclinton.com”, which as DKIM enabled. Thus, we can verify whether some of these emails are true.

Source: Errata Security: Yes, we can validate the Wikileaks emails

I was just listening to ABC News about this story. It repeated Democrat talking points that the WikiLeaks emails weren’t validated. That’s a lie. This email in particular has been validated. I just did it, and shown you how you can validate it, too.

The Tiny Box That Lets You Take Your Data Back From Google

For open source developer Johannes Ernst, what the world really needs is a simple device that anyone can use to take their data back from the wilds of the internet. So he designed the Indie Box, a personal web server preloaded with open source software that lets you run your own web services from your home network–and run them with relative ease. Any system administrator will tell you that setting up a server is just the first step. Maintaining it is the other big problem. Indie Box seeks to simplify both, with an option to fully automate all updates and maintenance tasks, from operating system patches to routine database migrations.

via Out in the Open: The Tiny Box That Lets You Take Your Data Back From Google | Enterprise | WIRED.

A completely assembled device costs $500.

This is just a linux box with standard server packages installed and probably a customized management system.  Running your own web server does not take your data back from Google unless you run your own search engine.   The main type of data Google retains for its customers is email.  Running your own email server does keep your personal information from Google.  However, from the article:

For now, it won’t include an e-mail server since spam filters make it so hard to run one from home.

Google now proxies images sent to Gmail users

It’s simple for senders to do this. Embed in each message a viewable image—or if you’re feeling sneaky, a nearly invisible image—that contains a long, random-looking string in the URL that’s unique to each receiver or e-mail. When Google proxy servers request the image, the sender knows the user or message corresponding to the unique URL is active or has been viewed. In Moore’s tests, the proxy servers requested the image each subsequent time the Gmail message was opened, at least when he cleared the temporary Internet cache of his browser. That behavior could allow marketers—or possibly lawyers, stalkers, or other senders with questionable motives—to glean details many receivers would prefer to keep to themselves. For instance, a sender could track how often or at what times a Gmail user opened a particular message.

via Dear Gmailer: I know what you read last summer (and last night and today) | Ars Technica.

The key to this issue is that Gmail now defaults to images on in email which should always be off.  In order to fix this Google must cache all images upon receipt of every email.  Doing it when a user requests an email defeats the entire purpose.  It’s always good practice to view with images off on all email no matter what the provider claims.

14 MEPs emails intercepted by a hacker thanks to Microsoft flaws

My best guess is that what they did was to impersonate the EP-EXT wifi network and steal our credentials from the login page (https://wifiauth.europarl.europa.eu/, now no longer available, see screenshot below for what it more-or-less used to look like). In this scenario, after I automatically connect to the rogue WiFi (because my phone recognizes the SSID), it presents me with the familiar login page, but this time it’s not HTTPS but plain HTTP. So, no warning about a self-signed certificate is presented to the user.

After I type in my credentials, the rogue WiFi is turned off for a minute or more, so my phone re-connects to the real EP-EXT network and I am asked for my credentials again. I would probably think that I mistyped the password or something and not think twice about it. After a minute the rogue WiFi goes back online, waiting for the next victim.

via epfsug – Re: Ang.: [EPFSUG] 14 MEPs emails intercepted by a hacker thanks to Microsoft flaws – arc.

This is classic MITM where a user inadvertently accepts a different certificate than provided from the mail server which allows the man in the middle access to the encrypted stream.  Always be on the lookout for those pop up notifications.  An attacker can’t get to an encrypted stream without your permission — even on an unsecured open wifi.

From: Temporary Switch-off of the EP Public WI-FI Network. EP Private Wi-Fi Network Still Available.

The Parliament has been subject for a man-in-the-middle attack, where a hacker has captured the communication between private smartphones and the public Wi-Fi of the Parliament (EP-EXT Network).

The consequence is that some individual mail-boxes have been compromised. All concerned users have already been contacted and asked to change their password.

As a precaution, the Parliament has therefore decided to switch-off the public Wi-Fi network until further notice, and we invite you to contact the ITEC Service Desk in order to install an EP software certificate on all the devices that you use to access the EP IT systems (email, etc..).

How a grad student trying to build the first botnet brought the Internet to its knees

On November 3, 1988, 25 years ago this Sunday, people woke up to find the Internet had changed forever. The night before, someone had released a malevolent computer program on the fledgling computer network. By morning, thousands of computers had become clogged with numerous copies of a computer “worm,” a program that spread from computer to computer much like a biological infection.

via How a grad student trying to build the first botnet brought the Internet to its knees.

Robert Morris’ father worked for the NSA at the time.

From: Robert Morris (cryptographer)

There is a description of Morris in Clifford Stoll‘s book The Cuckoo’s Egg. Many readers of Stoll’s book remember Morris for giving Stoll a challenging mathematical puzzle (originally due to John H. Conway) in the course of their discussions on computer security: What is the next number in the sequence 1 11 21 1211 111221? (known as the look-and-say sequence). Stoll chose not to include the answer to this puzzle in The Cuckoo’s Egg, to the frustration of many readers.[8]

To Our Customers | Silent Circle Blog

However, we have reconsidered this position. We’ve been thinking about this for some time, whether it was a good idea at all. Today, another secure email provider, Lavabit, shut down their system lest they “be complicit in crimes against the American people.” We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now.

via To Our Customers | Silent Circle Blog.

The Enron E-mails’ Immortal Life

This research has had widespread applications: computer scientists have used the corpus to train systems that automatically prioritize certain messages in an in-box and alert users that they may have forgotten about an important message. Other researchers use the Enron corpus to develop systems that automatically organize or summarize messages. Much of today’s software for fraud detection, counterterrorism operations, and mining workplace behavioral patterns over e-mail has been somehow touched by the data set.

via The Enron E-mails’ Immortal Life | MIT Technology Review.