Just prior to the release of MacOS High Sierra, an Ex-NSA employee reveals a vulnerability that allows an unsigned application to reveal your entire keychain, which stores information such as credit card numbers and website passwords. Continue reading Ex-NSA Hacker Reveals Mac OS High Sierra Keychain Vulnerability
Most of the time when I travel I don’t need a fancy multi-compartment backpack, making a tote bag the go-to method for transporting my things. The LocTote is a surprisingly robust bag that combines security with functionality through its anti-slash fabric, various locking mechanisms, and RFID blocking pouch. Continue reading The LocTote: A Bag Worth Breaking Into
To everybody’s “surprise”, the popular Facebook-owned messenger WhatsApp shares information with the social media giant. To make matters worse, they’re also distributing this information to advertisers for monetary benefit. Continue reading Surprise! WhatsApp Shares Your Data with Facebook
I’m used to setting up wireless cameras around the house, and they can sometimes be a pain to set up given that the applications they come with sometimes don’t work right. With Wansview’s app, I had this camera set up in less than 10 minutes, giving me access to the live HD feed and other customizable options like motion detection and automatic recording. Continue reading Wansview’s HD Wireless Camera: Compact and Easy to Set Up
Yesterday at around 10:00 AM EST, TeamViewer’s website and log on servers had gone down due to Denial of Service attacks, causing users of the popular remote-desktop application to be locked out of their accounts. Some users, thinking they were secure, were still compromised. Continue reading TeamViewer Users Hacked, Company Denies Responsibility
Browsing the internet isn’t as safe as it used to be, and even then probably was not as safe as we’d all thought it was. Hackers are constantly crawling the web for vulnerabilities in website code to expose the privacy of individual users, and chances are if you have ever connected to a public WiFi hotspot you have been on the same network of somebody that was trying to attack it. Protecting your privacy with a VPN is one great way to prevent accidental leakage of your sensitive information.
Everyone knows that the internet is an awesome place. We share photos on social networks, make conversation with friends, and play games with random strangers on the internet. While it may seem like we’re always in our private little bubble on the internet, sometimes we’re not always secure as we may think we are. Although using a special encryption algorithm known as GPG (similar to PGP), there is a way to communicate between you and others via email without compromising your information.
Whether you’re just an everyday person or an individual trying to ensure sensitive data doesn’t fall into the wrong hands, due to the nature and general insecurity of the internet something as potentially important as e-mails should be encrypted, especially now that governments are illegally accessing our information. It is quite easy to encrypt information sent through an email, although the concept of the way that it is encrypted is a little harder to understand, but I’m going to try and make it easy for you.
How does GPG encryption actually work?
GPG encryption works using two things: a public key, also known as a certificate meant to be distributed those you would like to contact, and a private key, used to decrypt the messages created using your public key. So let’s say that I have a guy named Jimmy, and I want to send him my social security number because I forgot to put it on the job application I handed him. I’d rather not just send it through a regular email, because I run the risk of someone potentially finding the email and copying down the information. Instead, me and Jimmy have our own public keys (certificates) created using special software, which we safely exchange through regular email. Even if someone had these certificates, it wouldn’t matter since they’re not signed on both sides by whoever is trying to read them. Now that we exchanged certificates and signed each others keys, essentially confirming each others identities, I enter my social security number into the email and encrypt it using my public key. It’s ready for whoever is on the other side, waiting to decrypt it using their very own private key.
Setting up E-Mail Encryption using Thunderbird
If you want to set up this encryption through your email account, there are a few steps that must be taken to do so. If you’re not the kind of person that’s big on internet security or anything computer related, it’s all good because I will make this as simple as possible.
Download GPG4Win: http://www.gpg4win.org/
Start by installing GPG4Win, which will allow you to create a unique certificate to encrypt whatever you want, in this case it is emails. This package includes the encryption algorithms and the user interface that controls it. When installing, make sure only the following are checked off:
Awesome! If you’re wondering why we don’t use Claws-Mail, it’s because it was poorly ported to Windows. I’ve had numerous crashing issues doing the simplest of things with it, like sending an email. Instead, we’ll just use Mozilla Thunderbird, because not only is it easier to setup, it’s a better program. Before we install Thunderbird, let’s setup our magical certificate.
While there is a way to do it within Thunderbird, I’m going to do it this way. Open up Kleopatra, the graphical user interface used to create GPG certificates. It looks a little funny, but it’s really easy to set one up. Go to File > New Certificate, or hit Ctrl+N.
You’ll now be presented with two options: “Create a personal OpenPGP key pair”, or “Create a personal X.509 key pair and certification request. Click the first option. Now put in a name and email, and if you want you can even put in a comment. These parameters are not encrypted and are publically visible to those that have your public certificate. Make sure you put in your real name, and the email address you will associate this with. Hit “Next”, and then “Create Key”. That’s it! You now have a unique GPG certificate. The best part about GPG4Win is that it works hand in hand with the plugin we install into Thunderbird, you don’t have to configure any settings whatsoever.
Download Mozilla Thunderbird: http://www.mozilla.com/thunderbird/
To set up Thunderbird, it’s pretty straightforward: just type in your email and it will automatically grab the server addresses associated with your account. Once your account is setup, we’re going to go ahead and download Enigmail.
Download Enigmail Thunderbird plugin: https://www.enigmail.net/download/index.php
Choose the plugin accordingly with whichever OS you have, in my case it is Windows 7. If you have a 64-bit OS don’t worry about it. It will still work since the Thunderbird client is a 32-bit application anyway. You’re probably wondering “what the heck is an .xpi file”? The first time I saw one I had no idea either, because it isn’t associated with any program. This file extension is used in accordance with Mozilla plugins, for both Firefox and Thunderbird. This plugin will obviously only work on Thunderbird though.
Now that you have the plugin downloaded, here’s what you do with it. Make sure you have Thunderbird open, and start by clicking the options button on the top right. Then choose “Add-ons”.
It will bring up a menu, and you’re just going to want to click the “Extensions” option on the left side of this menu. Now go to the folder where you downloaded this .xpi file, and drag it right into the extensions menu you opened in Thunderbird. It should prompt you asking to install the plugin, just wait the few seconds and accept. You’ve installed the plugin successfully!
By now you should have done four things: installed GPG4Win, set up a unique GPG certificate, installed Thunderbird, and installed the Enigmail plugin. We’re almost done! I’m just going to teach you how to send and receive encrypted emails.
Go ahead and open Thunderbird, and create a new email. Take note of the OpenPGP option at the top of the email composition window (there is also the S/MIME encryption next to it, but don’t worry about that). If you click the drop-down menu for OpenPGP, you will see two options: “Sign Message” and “Encrypt Message”. The option that matters the most is the “Encrypt Message” option to obfuscate the message that you’re sending, making it a jumbled mess of characters. Although if you are curious, when you sign an email what this does is just literally attach a digital signature (A.K.A. your certificate) to your email proving that you were the one that actually sent it. It’s made for security reasons on the receiving side, and it wouldn’t hurt to activate this option. Also, if this is the first time sending an encrypted email to a specific person, make sure they have your public key. You can go to OpenPGP in the top most bar, and select “Attach My Public Key”, this way it will be added to their keyring.
Now let’s say they send you a message back, which is encrypted but has their certificate attached. Thunderbird should prompt you to import their certificate, and you should proceed by accessing the “Key Management” in OpenPGP settings, right clicking their imported key (if you can’t see it, make sure “Display All Keys by Default is checked off), and signing it using your own key. So long as both parties have done it to each others keys, you should be able to decrypt each others messages.
Now you’re finally done! Feel free to send all the emails you want, because nobody will ever get a hold of them without your permission.