UK’s GCQH is at it again. Now with a bold proposal to request Apple and other companies to build backdoors into their real-time chat apps, as this article reveals. And the weird things is, Apple and the bunch may be forced to comply since they are hosting those chats. But PassLok will fare quite a bit better, as the post explains. Read More
I’m not Australian, but I can’t help putting in my two (US) cents’ worth on the current debate over the “Assistance and Access Bill.” My point is that the bill has no teeth since it is possible for any citizen (terrorist or not) to use encryption that the bill will never be able to control. It has been possible for years and will remain so for the foreseeable future. So might as well drop the bill and do some productive business. Read More
PassLok Privacy, PassLok for Email, SeeOnce, and URSA, both in their standalone and extension versions, have all been updated. Besides the usual bug squashing, there are two more significant enhancements:
- Fewer errors, which now cause the programs to return to the user rather than interrupt execution. A subtle but maybe important difference, especially for the extensions.
- Enhanced password/Key entry. The “Show” checkbox is gone, replaced by a standard “eye” icon on the right of the box. There is also a mnemonic “Hashili” word accompanying the strength score, so users can be reassured that they typed their password or Key correctly.
Read more for a fuller description of Hashili. Read More
Chances are you, like me, have a collection of logins, each with their separate requirements for password strength and lifetime, user ID, and so forth, and your memory has already reached the saturation point. Since writing them on a piece of paper is a no-no, you may have resorted to a password manager. There are many good ones, even free ones, but you still wonder if things could be a little easier. If you are thinking this, SynthPass is for you. It does not work like the other password managers, which store your logins more or less securely, but rather gets around the whole problem by not storing your passwords.
Intrigued? Read on… Read More
This May 14th, a group of German security researchers revealed EFail, a successful attack against PGP (short for Pretty Good Privacy), and S/MIME, the leading methods for end-to-end encrypted email nowadays. You can read their shorter post here, and their full paper here. I’ve contacted a number of people who wrote about it to tell them about PassLok and its immunity to the EFail attack. This post adds more details to what you may shortly found printed elsewhere. Read More
All my crypto apps, with the exception of those meant to be performed also by hand, have been upgraded to include the powerful DOM Purify filter, which removes malicious content from web pages. This is in case you get an encrypted message with a malicious payload, which might execute and do something nasty as soon as you decrypt it. Apps involved: PassLok, PassLok for Email, SeeOnce, URSA.
PassLok did it first, and now SeeOnce and URSA have followed. Both are available as extension/addon at the Chrome and Firefox web stores. They are just one click away, and are protected from interference by other code running on the browser. These are the links for SeeOnce: Chrome, Firefox, and for URSA: Chrome, Firefox. And, for good measure, PassLok: Chrome, Firefox, and PassLok for Email: Chrome, Firefox. Read More
As of late-October, 2017, only one week is left before the spanking new iPhone X stars shipping. I predict FaceIDgate to start within a week of the first units being received, with no end in sight. The source for this prediction is Apple’s own documents.
Update 11/12/17: It took researchers only five days to break Face ID, from the moment the devices were available. Read all about it here, or at the end of my post.
Ever got a funny feeling when your password manager popped up offering to save a login that you thought was really, really confidential? Well, you should get it, because this is a sign that the app is able to see everything you’re doing. The developer of this app could get hacked (or the developer of any add-on or extension you’re using, for that matter), and then all your precious logins would be sent to some hacker’s computer without your noticing anything amiss. That is, until you look at your bank account and find that all your life’s savings have been sent to an account in Cayman Islands.
Page Cage is here to help you with that. It won’t work always, but it will work with a number of sites. Read More