This May 14th, a group of German security researchers revealed EFail, a successful attack against PGP (short for Pretty Good Privacy), and S/MIME, the leading methods for end-to-end encrypted email nowadays. You can read their shorter post here, and their full paper here. I’ve contacted a number of people who wrote about it to tell them about PassLok and its immunity to the EFail attack. This post adds more details to what you may shortly found printed elsewhere. Read More
All my crypto apps, with the exception of those meant to be performed also by hand, have been upgraded to include the powerful DOM Purify filter, which removes malicious content from web pages. This is in case you get an encrypted message with a malicious payload, which might execute and do something nasty as soon as you decrypt it. Apps involved: PassLok, PassLok for Email, SeeOnce, URSA.
PassLok did it first, and now SeeOnce and URSA have followed. Both are available as extension/addon at the Chrome and Firefox web stores. They are just one click away, and are protected from interference by other code running on the browser. These are the links for SeeOnce: Chrome, Firefox, and for URSA: Chrome, Firefox. And, for good measure, PassLok: Chrome, Firefox, and PassLok for Email: Chrome, Firefox. Read More
As of late-October, 2017, only one week is left before the spanking new iPhone X stars shipping. I predict FaceIDgate to start within a week of the first units being received, with no end in sight. The source for this prediction is Apple’s own documents.
Update 11/12/17: It took researchers only five days to break Face ID, from the moment the devices were available. Read all about it here, or at the end of my post.
Ever got a funny feeling when your password manager popped up offering to save a login that you thought was really, really confidential? Well, you should get it, because this is a sign that the app is able to see everything you’re doing. The developer of this app could get hacked (or the developer of any add-on or extension you’re using, for that matter), and then all your precious logins would be sent to some hacker’s computer without your noticing anything amiss. That is, until you look at your bank account and find that all your life’s savings have been sent to an account in Cayman Islands.
Page Cage is here to help you with that. It won’t work always, but it will work with a number of sites. Read More
PassLok has had a Chrome app version since 2.0, but now Google has announced that packaged Chrome apps will be discontinued in early 2018. Rather than wait for the blade to fall, we have worked hard to keep the nice features of hosting PassLok though Chrome, and we are adding Firefox in the process. Read More
What started as a small improvement on image steganography has grown into a major update of all my published apps, encompassing PassLok Privacy, PassLok for Email, SeeOnce, URSA, plus two new apps: PassLok Image Encryption, and PassLok Human Encryption. This articles summarizes the changes for those who might be curious. Read More
PassLok is once again getting some attention in the news, so I thought it would be a good idea to collect some of the things that have been said in a post. Some of the titles from major tech outlets: “PassLok Simplifies Email Encryption so Anyone Can Use It” (lifehacker.com), “PassLock (sic): Easy Email Encryption for Everyone” (makeuseof.com). Read More
I’m going to start this post blowing the punch line, which is an unequivocal: “yes, but…” Yes because today’s communications can use stronger encryption than ever, and it’s getting stronger all the time, historically speaking. Ah, but the but. . . . You’ve got to read the article to see how we’re managing to throw all that security out the window, and what can be done about it. Read More
Yes, the rumors of our death were somewhat exaggerated. It all started when our web host, Wizzerwerks.com, disappeared into thin air without any warning around May 23rd. It took all our content down with it, so we’ll see how much can we get back. My hopes are high; after all, doesn’t the NSA have a copy of everything?
Wizzerdwerks was an awesome web host while it lived. The new host is SiteGround, which has high ratings online that seem legitimate. Even better, the files are located in the Netherlands, and if someone were to mess with them this could start a nasty diplomatic situation. This is why the Dutch flag is proudly displayed in this post.