Archive for Email
Author: Dave Lewis
February 15, 2008 at 8:27 am · Filed under DR/BCP, Email, Legal Aspects, Politics
The fun and games that is the missing White House email story is ramping up. A federal judge has now issued an order for the WH to prepare a discovery.
Where’s my popcorn? This is getting good.
From Computer World:
District Court Judge Colleen Kollar-Kotelly this week issued an order enabling the Washington-based Citizens for Responsibility and Ethics watchdog group to perform limited questioning of White House officials. The group last May had filed suit against the White House Office of Administration seeking access to White House e-mail under the federal Freedom of Information Act.
The nonprofit group had been seeking White House e-mail documents related to various controversial issues, including the release of the identity of a former CIA operative, the reasons for launching the war in Iraq and actions by the U.S. Department of Justice. The White House has contended that the e-mail requested by the group has been lost.
Kollar-Kotelly ordered the discovery to determine whether the Office of Administration is subject to the Freedom of Information Act. The office contends it is not subject to FOI requests.
Not subject to…? OK, if they cover their eyes and say “lalalala, I can’t see you” that will not make this problem go away.
Article Link
Tags: White House Email, Missing White House Emails, Colleen Kollar-Kotelly
Author: Dave Lewis
February 11, 2008 at 10:11 am · Filed under Email, Spam/Phishing
Things are set to get a little harder for the spammers and phishers out there. The question remains though. For how long?
From Network World:
The new weapon is called DKIM, an emerging e-mail authentication standard developed by the Internet Engineering Task Force. DKIM, which stands for DomainKeys Identified Mail, allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message.
DKIM addresses one of the Internet’s biggest threats: e-mail fraud. As much as 80% of e-mail from leading brands, banks and ISPs is spoofed, according to a report released in late January by the Authentication and Online Trust Alliance (AOTA). AOTA analyzed more than 100 million e-mails from Fortune 500 brands sent over a five-month period.
Article Link
Tags: DKIM, Spam, Phishing, Anti Phishing
Author: Dave Lewis
January 25, 2008 at 11:47 am · Filed under DR/BCP, Email
You wake up. Roll out of bed and wander to the coffee machine. Bleary eyed you sit down to check your Charter Communications email only to find that your account is gone.
Ouch.
From the AP:
Charter Communications officials believe a software error during routine maintenance caused the company to delete the contents of 14,000 customer e-mail accounts.
There is no way to retrieve the messages, photos and other attachments that were erased from inboxes and archive folders across the country on Monday, said Anita Lamont, a spokeswoman for the suburban St. Louis-based company.
“We really are sincerely sorry for having had this happen and do apologize to all those folks who were affected by the error,” Lamont said Thursday when the company announced the gaff.
Charter, one of the nation’s largest cable TV operators, also provides telephone and high-speed Internet service. It has applied a $50 credit to the bill of each customer whose account was affected by the mistake, Lamont said.
A $50 credit? So, hold on a tick. They have no backups?
Article Link
Tags: Charter Communications, Charter Cable Email Deleted, Charter Email Deleted
Author: Dave Lewis
January 22, 2008 at 8:40 am · Filed under Dumbass, Email, Politics
From the Washington Post this morning I read this headline “White House Has No Comprehensive E-Mail Archive”.
WTF?
From the Washington Post:
For years, the Bush administration has relied on an inadequate archiving system for storing the millions of e-mails sent through White House servers, despite court orders and statutes requiring the preservation of such records, according to documents and technical experts.
So, what you’re telling me is that my Mom has a better email archival process than the White House? Cheebus.
President Bush’s White House early on scrapped a custom archiving system that the Clinton administration had adopted under a federal court order. From 2001 to 2003, the Bush White House also recorded over computer backup tapes that provided a last line of defense for preserving e-mails, even though a similar practice landed the Clinton administration in legal trouble.
It’s amazing how the Bush White House seems to feel that the law doesn’t apply to them. So, thousands of emails have been “lost” that could land a lot of people in a court room? How convenient. I do find amusement that the OMB is now “looking” into data security. And then this passage:
In the presidential offices, for example, not a single e-mail was archived on Dec. 17, 20 or 21 in 2003 — the week after the capture of Saddam Hussein. According to the study summary that the committee released, e-mails were not archived for Vice President Cheney’s office on four days in early October 2003, coinciding with the start of a Justice Department probe into the leak of a CIA officer’s identity, which later led to criminal charges against Cheney’s chief of staff.
I’m at a loss.
Article Link
Author: Dave Lewis
December 14, 2007 at 8:30 am · Filed under Email, Exploit, Vulnerability
A commonly deployed ass ugly webmail software application, SquirrelMail, is in the news this morning. Apparently the version 1.4.12 package was compromised. This came to light when it was noticed that the MD5 checksums were not matching up. This was the result of a compromised release maintainers account according to the notice published on the SquirrelMail site.
From SquirrelMail:
Further investigations show that the modifications to the code should have little to no impact at this time. Modifications seemed to be based around a PHP global variable which we cannot track down. The changes made will most likely generate an error, rather than a compromise of a system in the event the code does get executed.
Original packages, stored on secure media, have been restored to the Sourceforge download servers, and additional signatures for the packages are now available on the SquirrelMail download page at http://www.squirrelmail.org/download.php
While we believe the changes made should have little impact, we strongly recommend everybody that has downloaded the 1.4.12 package after the 8th December, to redownload the package.
So. If you are using version 1.4.12 get on yer bike. You have some patching to do.
Article Link
Tags: Webmail, SquirrelMail, Web Base Email, SquirrelMail Compromised
Author: Dave Lewis
November 8, 2007 at 4:58 pm · Filed under Crypto, Email, Legal Aspects
Well, so much for that bastion of email security. Hushmail is open season, as long as you have a warrant.
From The Register UK:
Hush Communications said it would only accede to requests made in respect to targeted accounts and via court orders filed through Canadian court.
Nonetheless, the incident illustrates that Hushmail’s marketing claims that not even its own staff can access encrypted email is well wide of the mark.
September court documents (pdf) from a US federal prosecution of alleged steroid dealers reveals that Hush turned over 12 CDs involving emails on three targeted Hushmail accounts, in compliance of court orders made through the mutual assistance treaty between the US and Canada.
Hushmail is widely used by privacy advocates and the security-conscious to send confidential emails. The service uses robust cryptographic and encryption protocols (OpenPGP and AES 256) to scramble the contents of messages stored on its servers, and to exchange encrypted messages with other encrypted email users.
So, encrypted huh? Indeed.
Article Link
Tags: Hushmail, Hushmail Court Orders, Hushmail Monitoring
Author: Dave Lewis
November 5, 2007 at 10:40 pm · Filed under Email
Interesting. One of the things that I have been historically bothered by was the lack of use of SSL in Google’s Gmail. They did manage to encrypt the initial login but, that could be potentially captured using hamster. This evening I noticed that Gmail is now, using SSL for the entire session.
If this isn’t news, please accept my apology. It’s new to me.
There is nothing about it on their blog. (as of 10:40 pm EST)
Well, at the very least I’m pleased to see this change.
Tags: Gmail SSL, Google Mail SSL, Gmail Security
Author: Dave Lewis
November 5, 2007 at 5:46 pm · Filed under Crypto, Email
Picking up on the thread of email privacy from earlier today I found this article over on ZDNet UK.
BT Secure Mail and Encrypted Message Exchange (BT EMX) are based on a public key infrastructure (PKI).
In a PKI, user identity is bound to a public key by means of a digital certificate. Communications can then be encrypted with a public key and decrypted with a private key. A certificate authority acts as a trusted third party to validate user credentials and link them to a public key. In this instance, BT will act as the certificate authority.
The services are aimed at regulated industries such as the financial sector, government and healthcare. Email messages can be encrypted to be sent over the internet.
This isn’t for the John Q. Publics of the world but, if you would prefer to avoid prying eyes (for now) this might be more your pace.
Article Link
Tags: Encrypted Email, Email Privacy, Email Security
Author: Dave Lewis
September 4, 2007 at 12:28 pm · Filed under Email, Military
Wait, not again? The Washington Post is reporting on this email breach story today. I may be confused but, this appears to be the same story that broke two months ago.
The Pentagon on Tuesday said computer hackers gained access to an unclassified e-mail system in the office of Defense Secretary Robert Gates, but declined comment on a report that the Chinese army was responsible.
The security breach occurred late last spring when Defense Department monitors detected the penetration of “elements of an unclassified e-mail system” that was immediately taken off line, Pentagon spokesman Bryan Whitman told reporters.
Is this the same breach that was reported on June 22nd? Are Chinese hackers the Pentagon’s new “boogy man”? I’m starting to wonder if this is just a push to get new hardware/software.
Article Link
Tags: Pentagon Email, Email Breach, Chinese Hackers
Author: Dave Lewis
June 21, 2007 at 4:28 pm · Filed under Email, Hacker
It appears that the current administration in the US is having a rough go all around with respects to email.
A hacker penetrated an unclassified Pentagon email system, prompting authorities to take as many 1500 accounts off-line, defence officials said overnight.
“All precautionary measures are being taken and we expect this system to be on-line again very soon,” said Colonel Gary Keck, a Pentagon spokesman.
He said the penetration was detected yesterday in the unclassified email system of the office of the secretary of defence, which employs thousands of people.
Between 1000 and 1500 users of the system were taken off-line, a defence official said.
The system carries “routine email” involving administrative manners but not classified information related to military operations, Colonel Keck said.
He would not comment on the source of the attack, or whether the hacker was able to read email sent over the system.
Maybe that hacker could help the White House track down their missing emails?
Article Link
Tags: Pentagon Email Hacked, Email Security
Next entries »
Explore
Security Bloggers Network
