Language Selection

English French German Italian Portuguese Spanish

Mozilla: FTAPI SecuTransfer, European Union Policy and Notes by Firefox

Filed under
Moz/FF
  • FTAPI SecuTransfer - the secure alternative to emails? Not quite...

    Emails aren’t private, so much should be known by now. When you communicate via email, the contents are not only visible to yours and the other side’s email providers, but potentially also to numerous others like the NSA who intercepted your email on the network. Encrypting emails is possible via PGP or S/MIME, but neither is particularly easy to deploy and use. Worse yet, both standard were found to have security deficits recently. So it is not surprising that people and especially companies look for better alternatives.

    It appears that the German company FTAPI gained a good standing in this market, at least in Germany, Austria and Switzerland. Their website continues to stress how simple and secure their solution is. And the list of references is impressive, featuring a number of known names that should have a very high standard when it comes to data security: Bavarian tax authorities, a bank, lawyers etc. A few years ago they even developed a “Secure E-Mail” service for Vodafone customers.

  • Mozilla Open Policy & Advocacy Blog: Searching for sustainable and progressive policy solutions for illegal content in Europe

    As we’ve previously blogged, lawmakers in the European Union are reflecting intensively on the problem of illegal and harmful content on the internet, and whether the mechanisms that exist to tackle those phenomena are working well. In that context, we’ve just filed comment with the European Commission, where we address some of the key issues around how to efficiently tackle illegal content online within a rights and ecosystem-protective framework.

  • Notes by Firefox Now Lets You Sync Notes Between Desktop and Android

    Mozilla has released a note taking app for Android that syncs with the Firefox browser on the desktop. Called (rather simply) ‘Notes by Firefox‘, the feature offers basic, encrypted note taking in the browser and via a standalone app for Android phones and tablets.

More in Tux Machines

Security: Data Security and Back Doors (ME) in Hardware

  • Episode 106 - Data isn't oil, it's nuclear waste
    Josh and Kurt talk about Cory Doctorow's piece on Facebook data privacy. It's common to call data the new oil but it's more like nuclear waste. How we fix the data problem in the future is going to require solutions we can't yet imagine as well as new ways of thinking about the problems.
  • Intel Patches New ME Flaws That Could Let Hackers Run Arbitrary Code: Check For Patches
    Talking specifically about the flaws, the first one is CVE-2018-3627. Described as a logic bug, this easily exploitable bug allows code execution. CVE-2018-3628 is the more dangerous sibling which enables comprehensive remote code execution in the AMT process; it’s also identified as a “Buffer overflow in HTTP handler.”
  • Intel patches new ME vulnerabilities
    In early July, Intel issued security advisories SA-00112 and SA-00118 regarding fixes for vulnerabilities in Intel Management Engine. Both advisories describe vulnerabilities with which an attacker could execute arbitrary code on the Minute IA PCH microcontroller. The vulnerabilities are similar to ones previously discovered by Positive Technologies security experts last November (SA-00086). But that was not the end of the story, as Intel has now released fixes for additional vulnerabilities in ME.
  • Why Intel will never let owners control the ME

    Intel/AMD will never allow machine owners to control the code executing on the ME/PSP because they have decided to build a business on preventing you from doing so. In particular, it's likely that they're actually contractually obligated not to let you control these processors.

    The reason is that Intel literally decided to collude with Hollywood to integrate DRM into their CPUs; they conspired with media companies to lock you out of certain parts of your machine. After all, this is the company that created HDCP.

    This DRM functionality is implemented on the ME/PSP. Its ability to implement DRM depends on you not having control over it, and not having control over the code that runs on it. Allowing you to control the code running on the ME would directly compromise an initiative which Intel has been advancing for over a decade.

Android Leftovers

ReactOS 0.4.9 released

The ReactOS Project is pleased to announce the release of version 0.4.9, the latest in our accelerated cadence targeting a release every three months. While a consequence of this faster cycle might mean fewer headliner changes, much of the visible effort nowadays comes in the form of quality-of-life improvements in how ReactOS functions. At the same time work continues on the underlying systems which provide more subtle improvements such as greater system stability and general consistency. Read more Also: ReactOS 0.4.9 Officially Released As The First Self-Hosting Version, Better Stability ReactOS 0.4.9 Officially Released with Self-Hosting Capabilities, New Features

Slax 9.5.0 released

I am happy to announce that a next version of Slax Linux has been released. Slax is a minimalistic, fully modular operating system. As usual, this version incorporates all upstream improvements from Debian stable, and fixes few small known bugs. I am also happy to announce that it is now possible to purchase Slax preinstalled on an USB flash drive with hardware-based AES encryption. This device is universally usable because the encryption is performed directly by the drive itself, there is no software to install needed. Once disconnected, the USB drive automatically locks itself again. Payment is possible only with Bitcoin, because I truly wish to see PayPal and credit card companies to cease to exist soon. Read more