Post AUe2GxTiKveMLlIPp2 by kkarhan@mstdn.social
(DIR) More posts by kkarhan@mstdn.social
(DIR) Post #AUODFty52nVbiX3FR2 by kkarhan@mstdn.social
2023-04-06T16:38:15Z
0 likes, 2 repeats
Serious #tech question #thread for everyone re: #Email. Please boost for a bigger sample size! :boost_ok: What describes your eMail situation:
(DIR) Post #AUOOGecmfvoTupeSky by kkarhan@mstdn.social
2023-04-06T16:48:04Z
0 likes, 0 repeats
Do you use eMail encryption?
(DIR) Post #AUOOGfFmKx0NrltbXM by atarifrosch@todon.eu
2023-04-06T16:50:41Z
0 likes, 0 repeats
@kkarhan I sign all emails, but can encrypt only to those who also use it, of course. So it's indeed rarely, although I would like to see more of it.
(DIR) Post #AUOOGfs42bd7mVoBDE by kkarhan@mstdn.social
2023-04-06T17:38:04Z
0 likes, 0 repeats
@atarifrosch that would be the idea of such a mail service that blocks all unencrypted eMails.FORCING PEOPLE TO USE ENCRYPTION!At least #OpenPGP / #GPG or #SMIME...
(DIR) Post #AUOOGiZO0VTK9S5o12 by jeff@federated.fun
2023-04-07T00:50:38.518710Z
0 likes, 0 repeats
@kkarhan @atarifrosch that's worse than forcing people to use facebook because you are expecting consumer grade users to grawk the threat model backing gpg
(DIR) Post #AUOVvZZL4llFmvUysS by Tony@clew.lol
2023-04-07T02:16:37.488447Z
1 likes, 0 repeats
There are a couple of options: 1. You are legally allowed to use a "work name" as long as the services advertised match services delivered. You can use a work "pen name" but instead of J.K Rowling you are "LisPi". 2. Corporations function as individuals and can act as "global citizens" - ie they can have their own credit score, names, bank accounts, ect. So, you file corp paperwork (should be $150-$300) and then you can purchase all of your hosting, sub-contracts, ect in the corporations name, number, email and bank accounts.Poof - not associated with the hardware.
(DIR) Post #AUOWkabUzJt7lZprsW by Tony@clew.lol
2023-04-07T02:25:51.223932Z
0 likes, 0 repeats
Well, depending on the cause, and what you are contributing it will always be a problem. Besides, civil suits are typically pretty easy to win - it is you against the claimant. Consumer / Business claims are extremely easy to get thrown out. It is when you piss off a business you get into trouble.
(DIR) Post #AUOXJQst7JERl0aFrk by Tony@clew.lol
2023-04-07T02:32:08.870474Z
0 likes, 0 repeats
Go to an international staffing agency, look for a personal assistant (if you are busy you need one anyway), find a country that doesn't cooperate with the patent people you are pissing off, and hire an assistant from that country. Have said assistant complete transactions, send emails, manage calendars, receive phone calls, ect. Also, I don't know exactly which patents you work with, but non-profit laws allow non-profits to collect and use otherwise protected data as long as it is related to "research".
(DIR) Post #AUOXbeeQff5nfOVfDE by Tony@clew.lol
2023-04-07T02:35:26.753188Z
0 likes, 0 repeats
Unfortunately to piss off people it costs money. You seem like a smart person, learn how to write a grant application. Use a university grant or something to raise money. People/Corporations donate massive amounts to universities every year. You can ask for like 10 grand or something, do a little research project and fund your patent passions on the side.
(DIR) Post #AUOZPeooQFOwcSm0Su by kkarhan@mstdn.social
2023-04-07T02:54:49Z
0 likes, 0 repeats
@lispi314 @Tony exactly that is the problem:Shit's being paywalled to the point that only rich wankers can afford it...
(DIR) Post #AUOZPfTDzzjAdngHSK by Tony@clew.lol
2023-04-07T02:55:40.576026Z
0 likes, 0 repeats
Thats why you get the 30 day trials with each one of your 12 emails - boom gmail services for the year.
(DIR) Post #AUe0zobrxLWHy4N8ls by kkarhan@mstdn.social
2023-04-06T16:44:13Z
0 likes, 0 repeats
What would you think about an eMail provider that blocks all unencrypted eMails with no exceptions whatsoever?
(DIR) Post #AUe0zpMf9MwyJCGVhw by bryanbrake@mastodon.social
2023-04-13T17:49:46Z
0 likes, 0 repeats
@kkarhan sounds good, but would fail... Same reason I don't use WhatsApp, signal, etc... People won't use it, and the second you don't get an important email from a customer or time sensitive email, they'll go elsewhere for email or have an email for 'unencrypted' comms, and you already lost.I used hushmail for years because it allowed for encryption of emails... Except I paid for a service no one uses..Encrypt the attachment if you need to, send the password in another way, like SMS
(DIR) Post #AUe0zq7oK4fEfQKACG by kkarhan@mstdn.social
2023-04-13T17:59:31Z
0 likes, 0 repeats
@bryanbrake Personally, I'm just fed-up with excuses by ignorant & #TechIlliterates on why they don't encrypt their shit.It's not rocket science:Most eMail clients can do S/MIME and more than ever PGP/MIME out of the box.Also I'd see this as a beneficial feature as even if a provider has been hacked or otherwise taken over, the data is useless for anyone...Consider it an "additional Layer" for #ComSec & #InfoSec...
(DIR) Post #AUe0zqig709eVlZbf6 by bryanbrake@mastodon.social
2023-04-13T18:16:54Z
0 likes, 0 repeats
@kkarhan because 'security' people treat everyone like shit if they don't do everything EXACTLY as 'they' say... There's use cases where it's a hard requirement to send information with the highest possible encryption, then there's the 'hey honey, did I leave my socks in the dryer?' does that need the highest possible "Security"? If you say yes, then you're the problem...#security#informationsecurity #cybersecurity#email
(DIR) Post #AUe0zrGM5n5qCDKV9c by docRekd@hachyderm.io
2023-04-13T18:25:28Z
0 likes, 0 repeats
@bryanbrake @kkarhan That's because people *in general* have great difficulties reasoning about threat models, especially if in the middle of doing something, and attackers are known to use it to their advantage.And no tech literacy is *not* the answer
(DIR) Post #AUe0zrgwUwMPWfljay by bryanbrake@mastodon.social
2023-04-13T18:33:06Z
0 likes, 0 repeats
@docRekd @kkarhan I'd imagine y'all are on the same team as 'everyone should have a password manager', even the 'tech illiterate 'Who do you propose speak to the 'tech illiterate ' about password managers? We cannot deal in absolutes in #infosec, or you're going to lose the 'tech illiterate 'Do you blame the person or the tech for phishes?
(DIR) Post #AUe0zsDuWMjRAvC3yy by docRekd@hachyderm.io
2023-04-13T20:04:18Z
0 likes, 0 repeats
@bryanbrake @kkarhan I am of the opinion that a physical notebook you write password on is better than a KeePassXC account that is not used.Still modern browsers have an integrated password manager that is quite easy to explain and use.
(DIR) Post #AUe0zsksXn6SpAcOMy by bryanbrake@mastodon.social
2023-04-13T20:06:13Z
0 likes, 0 repeats
@docRekd @kkarhan if I was using this platform like Twitter, I'd be following you. That is great advice.
(DIR) Post #AUe0ztNsCoIMm6rX9M by kkarhan@mstdn.social
2023-04-14T01:44:06Z
0 likes, 0 repeats
@bryanbrake @docRekd For #TechIlliterates and #Normies who need an idiot #PasswordManager I can recommend #Enpass since it doesn's solely run on #Windows, #macOS & #iOS but also #Android and #Linux. It just works and integrates seamlessly with an extension into the Browser.I disrecommend using the Browsers' password storage as the Browser is the most attacked surface that isn't MicroShit Bloatware / Govware
(DIR) Post #AUe0zu8JQ9RT68acXA by kkarhan@mstdn.social
2023-04-14T05:30:05Z
0 likes, 0 repeats
@bryanbrake @docRekd and yes, everyone should use a password manager - no exceptions or excuses!I may have a #GalaxyBrain, but I'm not gonna memorize hundreds of individual 64-digit long passwords!Because that's what I use to generate strong & secure passwords!https://github.com/kkarhan/misc-stuff/blob/572dd1437ae4c1d9151e6825b9b9a9ce52e2b0a4/.bash_aliases#L5
(DIR) Post #AUe0zuhPJfVyqz0eEi by bryanbrake@mastodon.social
2023-04-14T13:32:58Z
0 likes, 0 repeats
@kkarhan @docRekd no one will remember 64-character passphrases. And we should not ask ppl to do so. @docRekd, myself, and others have advocated for pragmatic approaches to security, like writing down passwords on paper or a physical book. I ask this of my mother, who visits 2-5 websites and 7 billion people do not have access to her home. Safer option than keypass even.The security absolutism requested from 'everyone' is something that our industry needs to take a hard look at.
(DIR) Post #AUe0zvENL5t0VEQyci by kkarhan@mstdn.social
2023-04-14T13:39:43Z
0 likes, 0 repeats
@bryanbrake @docRekd Personally, I think that plaintext & on-paper passwords are not a good option and that with the existanve of password managers people only need to remember two passwords:- The first to start/unlock their machine- The second to unlock their password vault.Otherwise, they may get Gilfoyle'd very easily, cuz plaintext is plaintext and thus can't establish authentification or consent.https://www.youtube.com/watch?v=F6ySNAA_2Iw
(DIR) Post #AUe0zvkzNpyS8Nh1SS by kkarhan@mstdn.social
2023-04-14T13:43:06Z
0 likes, 0 repeats
@bryanbrake @docRekd in fact, writing down passwords on paper or storing them in plaintext would qualify as "criminal neglect" in my position as sysadmin, since I can't claim that "I didn't knew better".It would've likely put at least one employers' business at risk due to violating fundamental ITsec standards it has to comply with, had I done so.The convenience of password managers also recude the risk of sloppy passwords thx to copy & paste!
(DIR) Post #AUe0zwJNJzTnr1mU3U by thatguyoverthere@shitposter.club
2023-04-14T13:45:22.349772Z
1 likes, 0 repeats
@kkarhan @bryanbrake @docRekd I had a client once that sold something like this :smirk:
(DIR) Post #AUe0zyEUB8kzoRVbiC by kkarhan@mstdn.social
2023-04-14T05:31:46Z
0 likes, 0 repeats
@bryanbrake @docRekd also #Enpass - like #KeePassXC & #KeePassDX can sync vaults and thus allow for easy exchange of said credentials if needed, which is something I use constantly because one needs to be able to change credentials and seamlessly update them...
(DIR) Post #AUe0zzjiaVKmTb8424 by kkarhan@mstdn.social
2023-04-14T05:32:11Z
0 likes, 0 repeats
@bryanbrake @docRekd ...all that's needed is access to the vault file and password of it.
(DIR) Post #AUe1UPGWEgbcLByNMW by kkarhan@mstdn.social
2023-04-14T13:49:39Z
1 likes, 0 repeats
@thatguyoverthere @docRekd @bryanbrake DEAR GOD!If that shit didn't use Nicrocellulose sheets and wasn't pit in a locker, I'd say this is just bad.
(DIR) Post #AUe1UQLAEtupft9bF2 by thatguyoverthere@shitposter.club
2023-04-14T13:50:55.703851Z
0 likes, 0 repeats
@kkarhan @docRekd @bryanbrake my fav is that it makes sure you don't forget what it's for by labeling it as your password keeper.
(DIR) Post #AUe1u1LjmELFhEcxxw by kkarhan@mstdn.social
2023-04-14T13:53:49Z
1 likes, 0 repeats
@thatguyoverthere @docRekd @bryanbrake Yeah, I mean Germany's Federal Defense Forces deployed these too, but at least they had nitrocellulose-based "flash paper" for quick asset denial in the field...
(DIR) Post #AUe1u1vXd6yvUHNYm0 by thatguyoverthere@shitposter.club
2023-04-14T13:55:34.963108Z
0 likes, 0 repeats
@kkarhan @docRekd @bryanbrake they didn't know semen can be used to make invisible ink :eyeroll:
(DIR) Post #AUe2GwysBayoo6rmka by bryanbrake@mastodon.social
2023-04-14T13:53:04Z
0 likes, 0 repeats
@kkarhan @thatguyoverthere @docRekd you assume I expect 'everyone' to write passwords down... In a business setting, or where it's applicable, no.Again, the use case fits the scenario.
(DIR) Post #AUe2GxTiKveMLlIPp2 by kkarhan@mstdn.social
2023-04-14T13:54:52Z
0 likes, 0 repeats
@bryanbrake @thatguyoverthere @docRekd if one doesn't write it down it's either so essential they know it from memory or it's so trivial it took them seconds to memorize...
(DIR) Post #AUe2GxzGRct3vc3c00 by thatguyoverthere@shitposter.club
2023-04-14T13:59:43.523890Z
0 likes, 0 repeats
@kkarhan @bryanbrake @docRekd I have several "passwords" that are well over 40 characters and still plenty easy to remember. The trick is to come up with a meaningful phase or sentence that you can remember but would be near impossible for someone else to guess.The LUKS key to start my laptop is somewhere between 50 and 100 characters and easy for me to remember. Also since it's real words and punctuation typing it in is natural and not a pain (as opposed to using L33t or something)