The other day, a medical office needed my insurance card. I asked them where to e-mail it and they acted like I had offered them human flesh as an appetizer. “We don’t have e-mail! You have to bring it to us in person!” They finally admitted that they could take a fax and I then had to go figure out how to get a free one page fax sent over the Internet. Keep in mind, that I live in the fourth largest city in the United States — firmly in the top 100 largest cities in the world. I’m not out in the wilderness dealing with a country doctor.
I understand HIPAA and other legal and regulatory concerns probably inhibit them from taking e-mail, but other doctors and health care providers have apparently figured it out. But it turns out that the more regulations are involved in something, the more behind-the-times it is likely to be.
Continue reading “Floppy Disk Sings: I’m Big In Japan”
Last week the PGPocalipse was all over the news… Except that, well, it wasn’t an apocalypse.
A team of researchers published a paper(PDF) where they describe how to decrypt a PGP encrypted email via a targeted attack. The research itself is pretty well documented and, from a security researcher perspective, it’s a good paper to read, especially the cryptography parts.
But we here at Hackaday were skeptical about media claims that Efail had broken PGP. Some media reports went as far as recommending everyone turn off PGP encryption on all email clients., but they weren’t able to back this recommendation up with firm reasoning. In fact, Efail isn’t an immediate threat for the vast majority of people simply because an attacker must already have access to an encrypted email to use the exploit. Advising everyone to disable encryption all together just makes no sense.
Aside from the massive false alarm, Efail is a very interesting exploit to wrap your head around. Join me after the break as I walk through how it works, and what you can do to avoid it.
Continue reading “Explaining Efail And Why It Isn’t The End Of Email Privacy”