Let's say I need to send some personal data (e.g., full name, DOB, SSN, address history, etc.). I already know I should never transmit that information via email, but why? What are the risks, and where and when do they occur? At what point(s) during transmission is the info in that email in danger? Hit me with every worse-case scenario you can think of. [more inside]
At work, I can digitally sign and encrypt emails using digital certificates on my ID (and a card reader attached to my laptop). It integrates decently with Outlook and Acrobat. It's 2014. What are my PKI options for personal use? [more inside]
I know there are a variety of options out there, but I'm having a hard time sifting through the information myself. [more inside]
Lavabit's Ladar Levinson was recently quoted as follows: "I'm taking a break from email. If you knew what I know about email, you might not use it either." Why would Levinson warn other people off using email? He's not just saying, "Be careful how you use email," but, "It's probably a good idea not to use email at all. I'm taking a break from it myself." [more inside]
My Dad received a spam email purporting to be from his email provider (BT Yahoo, fwiw) asking him to verify his account. In a moment of utter stupidity, I fell for the scam and entered his email password into a bogus website (I know, I know: STUPID). I was using his iPad at the time, and a ransomware website opened in safari, however the browser didn't lock, and I was able to close it straight away. I immediately logged into his email account and successfully changed his password to something completely different. Google tells me that there is currently no ransomware which can successfully hijack Apple devices, which my experience seems to bear out. I am a bit worried about the risk that I've accidentally compromised his email, though. Is there anything else I should do beyond what I've already done, ie changing the password? Should I contact BT Yahoo about it?
I'm interested in asserting a lot more control of my personal information and communications to prevent prying eyes of both governmental and criminal types. I'm interested in general best practices to secure my personal information, passwords, data and communication (including phones, texting and email). I am not an expert in software or anything of the kind. I use an iPhone and Apple computers. There's a few more specific requests inside. [more inside]
What's a better-security alternative to Spam Arrest for challenge-response email? I received a password reminder email from Spam Arrest today. It included my full password in cleartext, and when I went to change my password to a long semi-random string of hashed characters I discovered that they silently truncate entries to 20 characters, which would have locked me out if they didn't keep everything in the clear to remind me. Frightening. Is there anyone out there who offer C/R email and knows how to store passwords?
A friend has had an old Hotmail account hacked. The hacker used information in the archives there to access a YouTube account where apparently some compromising videos were uploaded. The hacker copied the videos to another YouTube account, and then sent links to the videos to my friend's family - and worse still, to members of the executive board of the nonprofit organization by whom my friend is (was?) employed. He reached out desperately to me, but I know nothing but the most basic things about Internet security and privacy law... [more inside]
Security Nerds: What do you think of using Riseup.net for secure online communications for leftist movements? [more inside]
A while ago, my Gmail account notified me of suspicious activity. The IP that accessed my account seems to be from Microsoft. [more inside]
How should a business that's about security set up its own secure communications? [more inside]
Does my wife need to abandon her email address? [more inside]
What is the best email provider for security and privacy? Requirements and more info inside. [more inside]
When I log into Gmail, Firefox redirects me to a page on Facebook. What gives? [more inside]
I occasionally need to email PDFs and Word docs that contain confidential information. My clients claim their email is "secure" and don't see the need for any encryption or any approach other than me emailing them the files. What can I do? [more inside]
Online Security Filter: Welcome email contained plain text password. Specific examples of why this is bad needed. [more inside]
It's become apparent that my computer may have a Trojan. I just received a Returned Mail notice for mail I never sent, which instead of displaying my name it displayed "jasen kimberly," and was sent to a strange russian email address: email@example.com. I'm concerned that this may be the result of a trojan "phoning home," or using my computer to send spam.
My cousin's Facebook account was compromised and some person or bot is sending spam to his Facebook friend list. He canceled his Facebook account a month ago, but spam keeps arriving in my email box -- as if my cousin is still a Facebook member. The spam seems to be arriving from a legitimate Facebook domain. [more inside]
Send a password over email (to a non-techy client) without compromising its security. [more inside]
Where can I find information about email headers? I'd like to learn how to look at an email header and answer such questions as "Was this email forged?" and "What is the IP of the sender and the sender's ISP?" [more inside]
I love Gmail, but with all the security and privacy concerns, I'm thinking of bailing. Whereto next? [more inside]
Is there any simple way to encrypt the information in a web form and deliver it via email? [more inside]
What are the legal implications of a university monitoring, storing, and cataloging all incoming and outgoing email into a searchable database? What if I have first hand knowledge of a university doing this? [more inside]
What's the absolute simplest way for two or more people to share encrypted information via email, either in the text body or as a file attachment? [more inside]
Yahoo mail password anomaly. [more inside]
So I've gone to www.thawte.com/email and got myself a Freemail certificate and imported it into Thunderbird, and my friend is about to do the same thing, and we want to exchange encrypted mails. What do we actually DO with our shiny new certificates? [more inside]
stop reading my email filter; I type an email, I send said email to person X, I immediately delete said email from sent folder, and I delete said email from the deleted folder. I can no longer see said email. Now the fun begins! Fast forward 24 hours. Person Y tells me that he is looking at my screen and said email and can quote from email. [more inside]
Due to "security concerns," my web host provider has just banned two Form-to-email scripts (Formmail and NMS Formmail). Now I'm hard up to find a replacement. Any ideas? I'd prefer a solution that doesn't require a mastery of PERL to configure.
I've been reading my mail on the server for a long time, but I'm starting to provide hosting for people here, and some of them want to read their mail through a regular old POP client. Is there a secure way to provide this service? [more] [more inside]