Jump to content

Search the Community

Showing results for tags 'email'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...

Found 37 results

  1. 38,000 people forced to pick up email passwords in person Malware and legal requirements force academics and students to join a near-endless line in order to pick up their passwords Usually, if you forget your password or need to change it for other reasons, getting a new one is a straightforward process that involves a few clicks. Now imagine you would have to prove your identity and retrieve your password in person. Don’t rush to laugh this off as a bizarre fantasy, as thousands of students and faculty members at the Justus Liebig University Giessen in Germany were unlikely to be laughing when they learned that they would have to do just that. According to the institution’s statement, 38,000 students and academics now have to stand in line, ID card in hand, so that they can receive new passwords to their university email accounts. The distribution of new passwords was prompted by a malware incident detected last week, with the university’s network being offline since December 8th. As for the unorthodox way of issuing new passwords in person, the staff are citing the legal requirements of the German National Research and Education Network (DFN). Arguably, in a way the university can be lauded for its incident response. Since the incident was noticed, the servers and machines were taken offline. USB flash drives loaded with security software were handed out to faculty members, institutes and departments to carry out scans of all machines connected to the university’s network. The devices that passed the first wave of checks were labeled with green stickers. A second wave of scans then followed, and included, to use the university’s own words, a “specialized scan for the new virus type”. A total of 1,200 USBs were prepared for the second wave, which has been underway since December 18th. Computers that passed both scans are immediately cleared for use. Students were assured that their private machines were free of any risks since they use a separate university network to the one that was compromised. Nevertheless, the university’s IT Service center decided to assign new passwords to everyone since they suspected that the malware hit their e-mail servers as well. The whole process was designed to be as precise and orderly as possible, and the students and faculty were separated into groups based on their date of birth and can pick up their passwords during allotted timeslots. Prospective students were affected as well. The website through which they could apply is currently offline as well. This means that they will have to apply through more “analog” ways, such as submitting applications in person or sending them by traditional mail. Source
  2. Pay Up, Or We’ll Make Google Ban Your Ads A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic. A redacted extortion email targeting users of Google’s AdSense program. Earlier this month, KrebsOnSecurity heard from a reader who maintains several sites that receive a fair amount of traffic. The message this reader shared began by quoting from an automated email Google’s systems might send if they detect your site is seeking to benefit from automated clicks. The message continues: “Very soon the warning notice from above will appear at the dashboard of your AdSense account undoubtedly! This will happen due to the fact that we’re about to flood your site with huge amount of direct bot generated web traffic with 100% bounce ratio and thousands of IP’s in rotation — a nightmare for every AdSense publisher. More also we’ll adjust our sophisticated bots to open, in endless cycle with different time duration, every AdSense banner which runs on your site.” The message goes on to warn that while the targeted site’s ad revenue will be briefly increased, “AdSense traffic assessment algorithms will detect very fast such a web traffic pattern as fraudulent.” “Next an ad serving limit will be placed on your publisher account and all the revenue will be refunded to advertisers. This means that the main source of profit for your site will be temporarily suspended. It will take some time, usually a month, for the AdSense to lift your ad ban, but if this happens we will have all the resources needed to flood your site again with bad quality web traffic which will lead to second AdSense ban that could be permanent!” The message demands $5,000 worth of bitcoin to forestall the attack. In this scam, the extortionists are likely betting that some publishers may see paying up as a cheaper alternative to having their main source of advertising revenue evaporate. The reader who shared this email said while he considered the message likely to be a baseless threat, a review of his recent AdSense traffic statistics showed that detections in his “AdSense invalid traffic report” from the past month had increased substantially. The reader, who asked not to be identified in this story, also pointed to articles about a recent AdSense crackdown in which Google announced it was enhancing its defenses by improving the systems that identify potentially invalid traffic or high risk activities before ads are served. Google defines invalid traffic as “clicks or impressions generated by publishers clicking their own live ads,” as well as “automated clicking tools or traffic sources.” “Pretty concerning, thought it seems this group is only saying they’re planning their attack,” the reader wrote. Google declined to discuss this reader’s account, saying its contracts prevent the company from commenting publicly on a specific partner’s status or enforcement actions. But in a statement shared with KrebsOnSecurity, the company said the message appears to be a classic threat of sabotage, wherein an actor attempts to trigger an enforcement action against a publisher by sending invalid traffic to their inventory. “We hear a lot about the potential for sabotage, it’s extremely rare in practice, and we have built some safeguards in place to prevent sabotage from succeeding,” the statement explained. “For example, we have detection mechanisms in place to proactively detect potential sabotage and take it into account in our enforcement systems.” Google said it has extensive tools and processes to protect against invalid traffic across its products, and that most invalid traffic is filtered from its systems before advertisers and publishers are ever impacted. “We have a help center on our website with tips for AdSense publishers on sabotage,” the statement continues. “There’s also a form we provide for publishers to contact us if they believe they are the victims of sabotage. We encourage publishers to disengage from any communication or further action with parties that signal that they will drive invalid traffic to their web properties. If there are concerns about invalid traffic, they should communicate that to us, and our Ad Traffic Quality team will monitor and evaluate their accounts as needed.” Source: Pay Up, Or We’ll Make Google Ban Your Ads (KrebsOnSecurity - Brian Krebs)
  3. Hello guys, I hope I'm not posting this thread at wrong place. If I did, I apologize to the moderators! I want to hear your opinions about email providers, which are good, legit, and not scam. I don't like Gmail because it is the worst spy ever. So, I'm looking for alternatives. I know there are some other free email providers, but the problem at some of them is they very easy can terminate your account for many reasons, or for inactivity of 3 months (like Protonmail for example). Some other have a period of inactivity of 6 months (like GMX, Mail.com, Tutanota etc.) My first question is: Q1: Is there any good legit FREE email provider which doesn't terminate the accounts so easy? And my other question is about the PAID email providers. At them the "inactivity" is not a reason for terminating. From what I found out, the cheapest is the Mail.com (Premium) with 19.95 USD per year. So, my question is: Q2: Are there other cheaper alternatives to Mail.com? And how good and legit is Mail.com? I heard different opinions about Mail.com, many of them were negative, so I don't know how good it is. Thank you in advance, and I apologize if I made a mistake!
  4. Apple sends me so many invoices every week that I scarcely know what I've gone and bought. Does it still stink? Then there are the constantly cheery emails I get from apparent relatives who want me to keep large sums of money for them. Just for a few days. Occasionally, I wonder why Microsoft -- I still proudly rock my Hotmail -- Apple and Google aren't blocking more of such phishing messages. This appears to have also crossed the minds of researchers at the UK's University of Plymouth. The wise wonderers at the university's Center for Security, Communications and Network Research thought they'd try and become phishers themselves. So they grabbed some sample email formulations from phishing attacks of the past and sent them to specific email addresses. Some of these phishing emails had links, others didn't. Would they be blocked? Would they at least be marked as suspicious? Would fish make excellent world leaders? The results were truly painful. A fulsome 75% of the linkless messages wafted straight through to inboxes. A hearty 64% of the ones enjoying links also sailed in without so much as a passport check. Professor Steven Furnell, the Center's leader, offered a dim view of email providers. He said: "The poor performance of most providers implies they either do not employ filtering based on language content or that it is inadequate to protect users. Given users' tendency to perform poorly at identifying malicious messages, this is a worrying outcome." We're told that technology has such a large brain these days. It can (allegedly) recognize a human face, predict your propensity to commit a crime, and even make President Obama say things he didn't. It seems less able, however, to spot that A. Harland O'Mali Whitebait is not a real name. Nor that, even if it was, the email address associated with it wouldn't be mailbox50990 @ abangabobby. Equally, technology struggles to notice that a message reading: "My dear, your inheritance is to arriving here fast and soon. Please allow remittance details" isn't likely to come from anyone who is actually related to you, knows you or would even ever want to send you money. Could it be, perhaps, that many of the largest email providers just don't care? After all, have you ever tried to get any sort of customer service from most of them? I tried with Microsoft once and was offered lots of unhelpful pre-prepared FAQs and a complete inability to contact an actual human being. As my colleague Danny Palmer recently reported, the most common form of phishing threat in your inbox is the personal impersonation. Of course, users should have become more adept at noticing when an email is an evil fake. You might think, though, that tech companies would have used their sophisticated systems to learn the clumsy wordings of so many of these scammers and made sure that none of these fakes ever reaches their customers' eyes. After all, I actually pay Microsoft for my Hotmail, yet many of the phishing emails don't even get labeled as junk. Source
  5. Encryptomatic PST Viewer PRO 2019 v9.0.1009.0 Unlimited Site License Edition Since 2006, PstViewer Pro™ by Encryptomatic® LLC is the premier Windows software tool for viewing and managing your Outlook emails, without Outlook. It works with any .pst/.ost file, from Outlook 98 to Outlook 2019/365. It is used to organize, discover, print, and convert emails even if they were created by different mail clients. In addition to Outlook .pst files, PstViewer Pro gives you access to many other email formats supported by dozens of email clients, including Thunderbird. Supported e-mail formats include PST, OST, MSG, EML, MHTML, Winmail.dat, and MBOX. PstViewer Pro can combine different email files into a single searchable email list. Don't fuss with multiple viewers or email clients when PstViewer Pro alone can let you view your messages. More than a decade of software development has been invested in PstViewer Pro. During that time, hundreds of malformatted email exceptions have been discovered in the while and incorporated directly into PstViewer Pro. That's why it is the most accurate email viewer on the market. PstViewer Pro has been built with a focus on rendering complex emails that include rich text with embedded graphics, and those that SmartArt with embedded charts, shapes and drawings. - Easy To Use - PST To PDF Conversion - Opens All Outlook PST Files - Searching PST Files - Open a Password Protected PST Home Page: https://www.encryptomatic.com/pstviewer/ DOWNLOAD: Features of this edition: Enjoy!
  6. A N G E L

    CheckMail 5.19.2

    CheckMail is a powerful POP3 email checking program, which notifies you when you have received new email. It allows you to check all your email accounts for new messages and preview or delete them before downloading to your computer. CheckMail saves time and money by allowing you to delete unwanted or large emails directly from the server without downloading them and you can even compose and send new emails directly with CheckMail, or reply to or forward existing ones. It supports custom notifications, multiple email accounts, sorting and filtering and much more. It is absolutely immune to viruses and other harmful email content, because it will never start any attachments, scripts, programs, etc. For home offices or small businesses, CheckMail can act as a server by collecting and sending emails for many users. CheckMail is ideal for computers with permanent internet connection, because it can check for new emails at regular intervals. If you connect to the internet manually, CheckMail will ask you to connect whenever you want to check for new emails. Key Features: Unlimited number of POP3 email accounts SSL support (e.g. for Gmail and other SSL enabled servers) Supports replying, forwarding and sending new emails Can act as a POP3 server by collecting emails of many accounts and storing them locally Can act as an SMTP server by collecting all emails of a local network and sending them on schedule Can be used as a complete mail server for local and remote accounts Custom notifications for different emails/accounts/groups/etc. Powerful sorting options for filtering spam Absolutely immune to viruses and other harmful email content, because it will never start any attachments, scripts, programs, etc. Many options for full customization Now with Windows 10 support! Direct link Download: Site: http://sd.afree.ir Sharecode: /C/CheckMail_5.19.2.afree.ir.rar Password:afree.ir
  7. MaxBulk Mailer is a full-featured bulk emailer and mail-merge tool for Macintosh and Windows that allows you to send out customized press releases, prices lists and any kind of text or HTML documents to your customers. MaxBulk Mailer is fast, fully customizable and very easy to use. MaxBulk Mailer handles plain text, HTML and styled text documents and gives full support for attachments. Take a look at the screenshots. With MaxBulk Mailer you will create, manage and send your own powerful, personalized marketing message to your customers and potential customers. MaxBulk Mailer is a software tool that you purchase once, no need to pay on a per-email basis to submission services. Now your promotional messages will jump off the screen with HTML mail! MaxBulk Mailer HTML allows you to include graphics, fonts and colors turning your messages into professional online brochures. Look at our tutorial on how to create and publish your first newsletter. MaxBulk Mailer comes in English, German, French, Spanish, Italian, Swedish, Russian, Chinese, Japanese, Korean, Dutch and Portuguese. Key Features: Detects and use your language if available. Send Text/HTML in a way client always shows the right format. Drag and drop support for mailing text and address list. Easy import/export address list files easy to use functions. Advanced parser and duplicates checking, also from clipboard. Powerful tools in order to rewrap and justify text. Preview function to check document appearance before sending. Full support for international characters (40 different encodings). Multiple customizable easy-to-use mail accounts. Remote List Management (MLM) and Global Blacklist support. Attachment support (Base64, UUEncode, BinHex, …). Complete SMTP/POP connection log. POP, APOP and ESMTP Authentication. E-mails can be sent all at once, grouped or using mail-merge tags. Custom tags for mail-merge. Mail scheduling (Mail delayed delivery). Pro version also adds Styled text support – Bold, Italic, Underline, Color, Font… Conditional message contents depending on optional tags value. 20 Custom Tags for advanced mail-merge. Ability to process tags in subject. 13 date tags, Long Date, Short Date, Abbreviated Date… Quick selector in order to check/uncheck recipients. Hyperlink manager. Allows you to insert text and HTML hyperlinks tags with one click. Full mySQL, postgreSQL and OBDC database support. Secure SSL connection support. Possibility to use several server at once. Cc and Bcc support. Message opening and click-through tracking. Random words and random words editor CHANGES 8.6.9. The statistics pie chart is now 3D. New confirmation windows added for DKIM validation. Help added to the DKIM Window. New 'About the app' box tool menu entry to Get license info, Register and Unregister. New 'About the app' box tool menu entry to see the User License Agreement. New 'About the app' box tool menu entry to Reset the app settings to factory default. New 'About the app' box tool menu entry to Copy the current serial. New 'About the app' box tool menu entry to Renew the Update Plan FIX NOT PERSONALLY TESTED WEBSITE: https://www.maxprog.com/site/software/internet-marketing/mass-bulk-emailer_sheet_us.php links: Site: https://www89.zippyshare.com Sharecode: /v/7ChgW6AM/file.html Site: https://uptobox.com Sharecode: /brpwwdi466l9
  8. It’s not the apps – they’ve got better. It’s not even the devices – they’re faster, slicker, with shortcuts and enhancements that make it easier, but not good. The problem is the medium itself – mobile communication has aspired to take over the entirety of our business communication, but the awkward way in which we type and the inconsistencies of a purely touch-based interface utterly shred precision and accuracy. I should also be clear that I’m talking about phone-based communication. Allegedly, Jack Dorsey, CEO of both Twitter and Square, doesn’t even use a laptop or computer. The article (and many others) have hinted that this may mean he only uses a phone, which I consider utterly preposterous – unless he has entire team members dedicated to tasks that are arduous on mobile – like writing long-form content. Accurate, detailed and well-formatted content simply doesn’t work on mobile. It’s not there, and on tablets is only just becoming viable, as they cross back into the realm of becoming, well, laptops. The issues with phone-based communication in business are obvious: Formatting is difficult Editing is difficult Fast, consistent and detailed communication is significantly slower than on a desktop Interoperability in apps is incredibly poor – even in iOS, which has improved leaps and bounds, but still requires bouncing between apps, leading to confusion and lost data It’s inefficient The success of Gmail’s smart replies, though most commonly discussed on desktop, is a glimpse toward a future of automation that isn’t totally automated, but takes the awkwardness in constructing communication out of the equation. Here’s how I see this happening in the next 10 years. Autocomplete for entire emails Templating is nothing new in business email, but the next logical step is natural language processing and machine learning that can create and customize the workflows for you. This isn’t something that’s going to be unique to mobile – on the contrary, it’ll have a huge effect on desktop communication – but it’s something that will be so common and necessary to making your phone that bit more effective in business. For example, once you finish a phone call with someone, your automated mobile inbox could create a follow-up template with line items to fill in, scheduled to send at the right time. A more complex system would understand your conversations with a prospect in advance, and at a particular time of day would prompt you to send a follow-up email at the right time. Another might be the simpler and more particular stuff – the creation of agendas before meetings handled automatically, with the right people in the “to:” and “CC” field, with the correct dates and formatting handled for you. Why this is so applicable to mobile is that you don’t have to handle the nitty gritty – it’s almost adjacent to a tinder experience of swiping left or right on what particular email to sent. Content creation on demand While certain emails may be created based on certain factors, days and calls you’ve made, your mobile phone could actually be a far more efficient interface if AI was capable of creating the emails from scratch based on ones you’d sent before. This (in line with what I’ve said about chatbots previously) is where a chatbot connected to AI is necessary. The creation of an email would be a conversation with a bot that could understand the context of both what you’re saying, your current inbox, and your contacts, and say “okay, you want to put together a short (400-500) word summary of a financial document, sent to Bob, Sally and Barbara” based on a few things. It could then understand a document (after confirming what you’d just said) and produce an email based on it – free of grammatical and spelling errors, and with a quick review you’d have it out the door. This would work incredibly well on mobile – all you need is a quick glance versus a full-screen review. It’ll require trust, but once it works, it will be amazing. There are also smaller-scale yet wonderful ideas you could build from such a system based on more casual conversation. For example, you could direct the email assistant to reach out to someone to catch up, with a little bit of an update about how things have been, with some suggested dates to meet up, and perhaps a few questions to get them thinking on a reply. Finally, as a salesperson this is a natural solution to quick and efficient prospecting – the natural language processing of an AI could learn our particular personal touches, and the general parts of a personalized, thoughtful email can be researched by the AI based on more than just databases you populate, but on recent things in the news, financials from Crunchbase and beyond. Active, intelligent responses One of those incredibly annoying feelings is getting an email when mobile that you’re not able to fully respond to before you get back to your desk. Our AI-based mobile future is one that has an inbox capable of reading itself and producing informed, accurate responses. If someone asks you if you’re able to make a call at 2PM PST, your inbox should be able to consider both your calendar and how many meetings you have booked that day. If you’re free, it produces a well-worded and grammatically sound “yes,” with an invitation prompt filled in with your Zoom conference link attached along with the right people invited. If you’re not free, it can intelligently see the rest of your calendar, and produce a response that’s empathetic and suggesting other answers. More interestingly, it could also respond with potential attachments or links to your Google Drive or other cloud storage. Someone requesting the latest version of a document is a cross-platform annoyance, but is particularly awkward when mobile – unless your inbox can see what it is, respond, suggest a document to you, and create a “here it is – let me know what you think!” reply. Intelligent replies that trigger entire other workflows already exist (we’ve already built some!), but your inbox should, with the right connections, be able to take care of these for you. When a contract’s requested, assuming the right boilerplate contract exists, your inbox could read the request, fill in the necessary details (or request them all on its own), create the signature boxes, send out the contract for signature, and when it’s completed send out a summary email internally to tell everyone the good news. The napkin math of doing that on mobile is headache-inducing – more than likely leading you to give up halfway and head back to the office. Your inbox gets smarter every day While many of these ideas can cross multiple platforms, your mobile device is an incredibly efficient interface for executing commands with those you trust. We’re used to turning on our lights, opening our cars and unlocking our doors with our phones because it’s a tap or two to make them happen – we swipe, we tap, and it’s done. If mobile email could be condensed and automated so that the repetitive, exhausting actions of email are taken away, the entire experience could be vastly preferable to the desktop. Better yet, your desktop emails could become more personal, more focused and more about what you want to do versus have to do. Source
  9. Rok


    Mailbird Mailbird is a relatively new email client that has quickly developed a reputation for being a powerful, feature-packed application that’s beautifully designed for a quick, easy user experience. Set up is simple and it only takes 5 minutes to learn how to navigate the app. You can also customize your layout and color theme to design an experience that’s ideal for you. Homepage: https://www.getmailbird.com/ Offline Installer: https://download.getmailbird.com/installers/MailbirdOfflineInstaller.exe Fix: Site: https://www.mirrored.toShareCode: /files/1XT85546/Mailbird_Pro_2.5.10.0_Full_Version.zip_links
  10. Hackers uploaded a collection of 42 million Email Address , plain text passwords, Spotify details, and partial credit card data to free anonymous hosting service Kayo.moe. The operators of the service Kayo reached out to the security expert Troy Hunt to report the data and for further investigation. Kayo shared 755 files totaling 1.8GB. According to Hunt, the data is typically taken from multiple data breaches and then combined into a single list to perform Credential stuffing attacks. The data is not related to Kayo.moe and the platform is not affected by any incidents. The data also contains a number of files, some with partial credit card data, logs and some with Spotify details. While checking for Email, Hunt found 42M unique values Email Address 93% of them already exists in HIBP. These Credential stuffing attacks can be avoided by using a unique password for each service and change the passwords to all accounts at least once a month. You can also strengthen your security by taking additional precautions such as moving to two-factor authentication. Don’t use the same password for multiple accounts, especially Internet banking and other accounts where money or sensitive information are involved. Source
  11. Yahoo Mail and AOL Mail, which both fly under the Oath banner, a Verizon owned company, scan emails that arrive in user inboxes to improve advertisement targeting. An article published by The Wall Street Journal (sorry, no link as it is paywalled), suggests that Oath's email scanning may go beyond what users of the service may deem acceptable. According to the article, Yahoo is scanning commercial emails of all free users who did not opt-out of personalized advertisement to improve targeted advertising. Yahoo creates profiles of users by assigning them to certain groups or categories. A user who receives receipts for online purchases may be put into different categories based on the purchases, frequent traveler for example for users who get emails about several plane tickets in a period of time. Yahoo Mail users who get brokerage emails, e.g. trade confirmations, may be assigned to the investors group. While the exact classification and profiling system is unknown, it is clear that it uses information found in emails to profile users. The system places a cookie on users systems that identifies the interest groups the Yahoo user is associated with. Companies and advertisers may use the data to serve personalized advertisement to users and the paper suggests that Oath may also use receipts in the Yahoo Mail inbox as proof to advertisers that a particular campaign worked. Yahoo confirmed to The Wall Street Journal that it scans commercial emails only, and that the algorithms the company uses strip out personal information to make sure that those are not leaked in any way. The company claimed that the majority of emails that arrive in user inboxes are commercial in nature, and that the system is adjusted when the need arises to avoid wrong classifications and other issues. Yahoo customers have some options to deal with the email scanning: Close the account. Opt-out of interested-based ads and hope for the best. Closing an email account is problematic for a number of reasons. Users have to find another email provider, may want to back up all emails they received over the years, and may even want to keep the account open for a period to make sure no mail is lost. Closing the account may require that users change email addresses on websites, for instance those that they signed up for using the email address. One good option to back up all emails is the free MailStore Home software for Windows. It is capable of backing up all emails on the local system. You can read my review of MailStore Home here. The desktop email client Thunderbird is another option. Tip: Find out how to delete your entire Yahoo account. We published the guide after a Reuter's article suggested that Yahoo has been working with U.S. intelligence services to search all customer emails. Opt-out of interest-based ads on Yahoo Yahoo customers can opt-out of interest-based ads. Yahoo notes on the page that opting-out will stop the analysis of communication content for advertising purposes among other things. You can opt out of interest-based advertising, analysis of communications content for advertising purposes, and the sharing of your information with partners for data matching and appends using the tools on this page. Perform the following steps to opt-out. Visit The Ad Internet Manager page on the Yahoo website. Click on the opt-out button to opt-out of interest-based ads and thus also the analysis of communication content for advertising purposes. The button should change to a "opt-in" button after the request has been processed. Switch to "On Yahoo", and opt-out there as well. Note that the use of ad-blockers or content-blockers may prevent the opt-out from working correctly. Closing Words I don't know how good Yahoo's algorithms are to distinguish between commercial emails and others; the past has shown that it is tricky to get it right. Yahoo customers who use email may want to opt-out of the automated scanning to avoid any issues related to the scanning; some may want to create new email accounts at providers that don't scan emails or put privacy first. Examples of such providers are Startmail or ProtonMail. Now You: Would you use email providers that scan your emails for commercial purposes? Source
  12. A malspam campaign is underway that pretends to be an invoice for an outstanding payment. When these invoices are opened they install the AZORult information stealing Trojan and the Hermes 2.1 Ransomware onto the recipient's computer. A recent sample of this campaign was shared with BleepingComputer by security researcher Yves Agostini, which was identified as installing AZORult and Hermes 2.1. These spam emails have a subject of "Invoice Due" and pretend to be about outstanding balances that contain a Word document attachment called Invoice.doc as shown below. Malspam with Fake Invoice Attachment These Word document attachments are password protected in order to make it more difficult for antivirus vendors to detect them as malicious. The password for these attachments are given in the malspam and in the case above, the password is 1234. Document asking for a password Once a recipient enters the password, they will be greeted with the Enable Content prompt. For those who are not familiar with this button, once you click on it, Word will enable Macros or other embedded scripts, which would then be executed. Enable content In this case, when you click on Enable Content, the AZORult Trojan (azo.exe) will be downloaded and executed, which will then download and execute the Hermes 2.1 Ransomware (hrms.exe). Fiddler showing download of malware The Hermes 2.1 Ransomware will be executed first and encrypts the files on a computer. This particular ransomware does not change the filenames, so the only way you would you know you are infected is by spotting the DECRYPT_INFORMATION.html ransom notes as shown below. Hermes 2.1 Ransom Note As always, beware of fake invoices or other unknown attachments. Furthermore, never open an attachment unless you are expecting it from the sender and have confirmed that they actually sent it to you. Otherwise, you never know what you will be opening and potentially infecting yourself with. IOCs Hashes: Hermes 2.1 Ransomware: 416235b085b6b86640cac3a78f0bd52583eed7154fc3666f5338bde96db10fab AZORult: 6ef12546c720ca40303dbf1ec391c967e5e0446c1e719d44001d3dcd2c2b8460 Malspam Message: Subject: Invoice Due This is to inform you that there is still an outstanding payment of $12,340 USD. We would appriciate it if this could be settled no later than the 20th. I have attached the current invoice and the password for the document is: 1234 Thank you. Federico Crowley Source
  13. How to Fix: Disable Windows 10 Email Notifications Option #1: Remove Your Account from the Mail App To remove your account from the mail app, do the following: Click Start, then click on the cogwheel (the "Settings" icon); the Settings window will appear; next, click the "Accounts" icon. On the left side of the "Settings" screen, click the "Email & app accounts" option. Under the heading "Email & app accounts", click the account you want to delete, then click on the "manage" button. A new window will appear. Click the "Delete account" option. Windows will ask if you want to delete the account - click Yes. Option #2: Disable Alerts inside the Mail App To shut off the email notification alerts inside of the Mail app, do the following: Click Start, type in "mail" (no quotes); wait for "Mail" to appear and click it. Next, click the "Settings" icon near the bottom left, then click on "Notifications" in Settings. Select an email account you wish to disable, or select "apply to all accounts" and set the "Show in action center" to "off". Option #3: Uninstall the Mail App To uninstall the Mail app entirely (which will also disable all email notifications), do the following: Click Start, then type in "powershell" (no quotes); wait for PowerShell to appear in the list, then right click it and select "Run as administrator". Use your mouse to highlight the text below: get-appxpackage *microsoft.windowscommunicationsapps* | remove-appxpackage echo this is a dummy line Right click over top of the highlighted text, then select "Copy" from the dialogue menu. Next, go to the PowerShell window and right click in the middle of the window. The text you highlighted above should now be output to the command line and the mail app should be removed. Article
  14. A new email attack scenario nicknamed ROPEMAKER allows a threat actor to change the content of emails received by targets via remote CSS files. ROPEMAKER — which stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky — revolves around the idea that an attacker sends an email in HTML format to a victim, but instead of using inline or embedded CSS code to decorate the text, it uses a CSS file loaded from his server. The purpose is to write and send an initially benign email, which the attacker modifies at a later date by altering the content of the CSS file hosted on his server. ROPEMAKER attack fools current email security products The initial benign email passes local email security scanners installed on the target's network, but any changes to the email's content aren't picked up when they happen. This is because email security systems don't re-scan emails delivered to users' inboxes, but only incoming emails at the time of their delivery. Two types of ROPEMAKER attacks Francisco Ribeiro, a security researcher with Mimecast and the one who discovered this theoretical attack, says he identified two methods of carrying out a ROPEMAKER attack. The first method is named the ROPEMAKER Switch Exploit and relies on attackers switching the CSS "display" function of various elements. For example, an attacker could send an email with two links, one good and one bad, and show only the good one. After the email's delivery, the attacker can modify the remote CSS file and enable the bad link while hiding the good one. The second technique is called the ROPEMAKER Matrix Exploit and relies on embedding matrices of all ASCII characters for each letter inside the email. Using CSS display rules, the attacker can turn the visibility of each letter on, one by one, and recreate the text he wants to appear in the email at any time he wishes. Both attacks are invisible to email scanners, but the Matrix exploit produces very bulky emails, as attackers will need to embed an alpha-numeric matrix for each letter of their message, something that email security products could be configured to look for. At the time of writing, Ribeiro says that Mimecast has not detected any attacks using the ROPEMAKER techniques, but because the exploit is currently invisible to all email security products, he doesn't rule out it being deployed in the wild. ROPEMAKER is more hype than danger While the attack looks scary, in reality, users have very little to fear. This is because most email clients are in the habit of stripping out header tags for emails in HTML format, including any tags calling for remote CSS files. This practice of header stripping is why most tutorials for writing HTML emails encourage web developers to use only inline CSS and avoid embedded or remote CSS. Mimecast, who tested ROPEMAKER against various email clients, says that browser-based email interfaces are not affected by the ROPEMAKER attack. Not surprisingly, these interfaces are known to strip header tags as a precautionary measure not to interfere with the page's normal headers. Furthermore, as one Reddit user points out, "this attack as described would be extremely easy to filter," as sysadmins could just block the loading of remote CSS resources when requested by email clients. All in all, ROPEMAKER is a clever attack technique but is not that useful in real-world scenarios. Article
  15. Freemium, open source encrypted email service, Tutanota, which is based in Germany, is offering to “donate” (as it puts it) the business version of its end-to-end encrypted email service to non-profits — so they either don’t have to pay for the service, or can tap into it at a half-price discount. “We are donating Tutanota because we believe the world can change and must change, particularly when it comes to the problem of mass surveillance. With this donation we want to do our part and make a difference to change the Internet for the better,” says co-founder Matthias Pfau. “We at Tutanota see ourselves as Freedom Fighters. We believe in human rights such as our right to privacy and freedom of speech. But as these rights are being cut by governments around the world, we need to fight back.” Tutanota does already offer a free service for private individuals, with 1GB of storage. But its premium product offers various paid tiers, starting from €1.20 per month, which includes things like extra storage, extra aliases, the ability to host at your own domain, additional power-user features, and so on. The donation offer, which Tutanota notes is being run in conjunction with two partner organizations which will be collecting a “small administration fee” to cover their costs (so it’s not 100 per cent gratis) — is currently available to non-profits in Austria, Canada, France, Germany, Netherlands, and Switzerland. Pfau says more countries will follow — including the UK and Poland. While he notes that non-profits located elsewhere can still get the business account with a 50 per cent discount. Also worth noting: Non-profits taking up either offer can only get 50 user accounts (so larger organizations are going to fall outside this offer). The free offer also includes 100 aliases and 1 GB of storage. On the latter, Pfau says more storage can be added if needed — thought non-profits will need to pay for any expansion. “Storage has to be added at the normal prices as we ourselves have to pay for the servers. However we keep prices for this as low as possible, and organizations can add the required storage package that is then shared among all users,” he adds. Tutanota, which started back in 2011, now has more than two million users, and “tens of thousands” of paying customers, according to Pfau — with its best markets being in Europe and the US. Article source
  16. The exploit is one of the largest-scale malware deliveries to be identified by MailGuard within the past year Emails purporting to be from the Australian corporate regulator and loaded with malware are filling inboxes around the country, according to local email filtering company, MailGuard. The attack began just after the start of the working day on 10 July and quickly escalated to become one of the largest-scale malware deliveries to be identified by MailGuard within the past year. The exploit, which is delivered via an email pretending to be from the Australian Securities and Investments Commission (ASIC), tells recipients that their business name is due for renewal, directing them to click on a link to download a renewal notice. However, the link downloads a .zip archive file, which contains a malicious JavaScript file. “While the exact type of malware isn’t clear – it could be anything from a virus to ransomware – the point of it is to disrupt, damage or gain control of a computer system or data,” MailGuard CEO, Craig McDonald, said in a statement. MailGuard has outlined a number of telltale signs that potential targets can use to identify the dodgy email. A sample of the dodgy email (MailGuard) First, the email appears to be from ‘ASIC Messaging Service’, and is sent from the domain ASIC.Transaction.No-reply @ asicdesk. com [altered] – the domain was recently registered in China. The subject line of the email is “Renewal”, while the well-formatted message contains ASIC branding and government coat of arms. It stands out, however, due to a lack of personalisation, simply addressing the recipient as “Dear customer”. This is something legitimate agencies don’t do, according to MailGuard. The email also provides details on how to renew a business name, telling recipients they can pay for the fake renewal with their credit card or by requesting an invoice. “The payment tips are just part of the scam; the cybercriminals want victims to download the malicious attachment rather than to open their wallets,” McDonald said. Finally, the suspect email is signed off by “Myra Tango, Senior Executive Leader, Registry”. No employee by that name appears to exist at ASIC, according to MailGuard. The file name to watch out for (MailGuard) This is not the first time ASIC has been used as a false identity for malware-laden emails, with similar scams landing in January, March and May. The new wave of malware comes just days after MailGuard released details of another email scam targeting Microsoft Windows users. In that scam, the sender pretends to be forwarding a document from the Australian Taxation Office (ATO) supposedly intended for the end victim. The sender claims to have mistakenly received the victim’s tax information and asks what should be done to solve the problem. By asking the recipients if they received a particular document with a link to the document in question, it lures the person into clicking on a link to a document loaded with malware. Article source
  17. Aid4Mail Professional 3.2 Portable Aid4Mail is an easy-to-use, fast, and highly accurate email conversion program covering three main areas of expertise: Import or export mail to another program, or convert it to a different format. In compact, non-proprietary files with duplicates removed and easy access to attachments. Search, filter, collect, extract data and analyze it, create custom output. Aid4Mail can save lots of time and hassle compared to other mail import/export solutions, and gives much better results. For businesses, Aid4Mail can significantly cut costs. It is suitable for both small and large scale projects, from home use to large corporate migrations, and mission-critical forensic work. If you are a home user or student, take a look at our new Aid4Mail MBOX Converter freeware tool. You can use it to convert mbox-type mailboxes to EML files. This format is useful as a first step to, for example, export Thunderbird to Outlook or Windows Live Mail. Over 40 supported mail formats! Aid4Mail supports over 40 email client programs and mail formats, as well as many popular webmail services and remote accounts through IMAP. These include: Office Outlook, Windows Live Mail, Outlook Express,Mozilla Thunderbird, Eudora, Apple Mail,Outlook MSG and PST files, DBX, mbox, EML,IMAP accounts, Gmail, Yahoo! Mail, Outlook.com, Outlook 356Accuracy is crucial You can trust Aid4Mail to convert your email messages accurately, including: formatting,sender, recipient, dates and other header details,attachments,embedded contents.Email conversion is a complex task with many pitfalls and no product is perfect. However, Aid4Mail is unmatched in its accuracy and retains more information during conversion than any of its competitors, including the native import and export features of most email applications. Who uses Aid4Mail? We respect the privacy of our clients and prefer not to name them directly. They include: fortune 500 corporations,leading law and e-discovery firms,government and law enforcement agencies,intelligence and military organizations,educational and scientific institutions,small and medium sized businesses,home users and students.Website: http://www.aid4mail.com OS: Windows XP / Vista / 7 / 8 Language: Eng Size: 10,28 Mb.
  18. Yahoo plans to enable end-to-end encryption for all of its Mail users next year. The company is working with Google on the project and the encryption will be mostly transparent for users, making it as simple as possible to use. Alex Stamos, CISO at Yahoo, said that the project has been a priority since he joined the company a few months ago and will be a key way to make online life safer for millions of users. Yahoo is using the browser plugin Google released in June that enables end-to-end encryption of all data leaving the browser. Stamos said Yahoo is working to ensure that its system works well with Google’s so that encrypted communications between Yahoo Mail and Gmail users will be simple. “The goal is to have complete compatibility with Gmail,” Stamos said during a talk at the Black Hat USA conference here Thursday. The email encryption isn’t the only security improvement on the horizon for Yahoo. The company is also working on enabling HSTS on its servers, as well as certificate transparency. HSTS (HTTP strict transport security) allows Web sites to tell users’ browsers that they only want to communicate over an encrypted connection. Thecertificate transparency concept involves a system of public logs that list all certificates issued by cooperating certificate authorities. It requires the CAs to voluntarily submit their certificates, but it would help protect against attacks such as spoofing Web sites or man-in-the-middle. The security upgrades on the docket at Yahoo are aimed at making it easier for everyday users to use the Internet safely and securely, without needing to be security or privacy experts, Stamos said. The security industry spends a lot of time working out defenses and new products to protect against exotic attacks while users are being targeted by much more mundane attacks that still don’t have effective solutions. “Post-Snowden, we have a strain of nihilism that’s keeping us from focusing on what’s real,” Stamos said. “We as an industry have failed. We’ve failed to keep users safe. “If we can’t build systems that our users in the twenty-fifth percentile can use, we’re failing. And we are failing. We don’t build systems that normal people can use.” Source
  19. E-mail addresses and cryptographically protected passwords for thousands of Mozilla developers were exposed through a database glitch that may have been exploited by hackers, Mozilla officials warned Friday. About 76,000 e-mail addresses and 4,000 password hashes were left on a publicly accessible server for about 30 days beginning June 23, according to a blog post. There is no indication the data was accessed, but Mozilla officials investigating the disclosure can't rule out the possibility. Hackers who might have managed to crack the hashes wouldn't be able to use the passwords to access Mozilla Developer Network accounts, but they may be able to access other user accounts secured with the same cracked passcode. The glitch was touched off when a data "sanitization" process failed, causing the addresses and hashes to be dumped to a publicly accessible server. "We are known for our commitment to privacy and security, and we are deeply sorry for any inconvenience or concern this incident may cause you," Stormy Peters, director of developer relations, and Joe Stevensen, operations security manager, wrote. They continued: Source : http://arstechnica.com/security/2014/08/thousands-of-mozilla-developers-e-mail-addresses-password-hashes-exposed/
  20. Microsoft's 'Patch Tuesday' is a big event for those who manage networks for a living; the updates are meant to patch security flaws and fix bugs in the company's many software platforms. While Microsoft does update its various blogs about the patches, one service they did offer was to send out an email alerting those who signed up about the patches. Unfortunately, thanks to a change in government regulation, that practice will be halted on July 1st. Below, you can find a copy of the email that Microsoft began sending out today that let readers know that the emails would be coming to a stop next week. The email does say that it is suspending the practice, which means that it could be turned back on in the future, but that's only speculation at this point. WindowsITPro points out that this could be because of Canada's Anti-Spam regulation that goes into affect on July 1, but Microsoft does not explicitly state that this is the reason. You can read the email below but if you need alternative ways to be notified about the changes, you can subscribe to these RSS feeds. ******************************************************************** Title: Microsoft Security Notifications Issued: June 27, 2014 ******************************************************************** Notice to IT professionals: As of July 1, 2014, due to changing governmental policies concerning the issuance of automated electronic messaging, Microsoft is suspending the use of email notifications that announce the following: * Security bulletin advance notifications * Security bulletin summaries * New security advisories and bulletins * Major and minor revisions to security advisories and bulletins In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website. For more information, or to sign up for an RSS feed, visit the Microsoft Technical Security Notifications webpage at http://technet.microsoft.com/security/dd252948. Other Information ================= Follow us on Twitter for the latest information and updates: http://twitter.com/msftsecresponse Recognize and avoid fraudulent email to Microsoft customers: ============================================================= If you receive an email message that claims to be distributing a Microsoft security update, it is a hoax that may contain malware or pointers to malicious websites. Microsoft does not distribute security updates via email. The Microsoft Security Response Center (MSRC) uses PGP to digitally sign all security notifications. However, it is not required to read security notifications, security bulletins, security advisories, or install security updates. You can obtain the MSRC public PGP key at https://technet.microsoft.com/security/bulletin/pgp. To receive automatic notifications whenever Microsoft Security Bulletins and Microsoft Security Advisories are issued or revised, subscribe to Microsoft Technical Security Notifications on http://technet.microsoft.com/security/dd252948. ******************************************************************** THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. ******************************************************************** To manage or cancel your subscription to this newsletter, visit the Microsoft.com Profile Center at <http://go.microsoft.com/fwlink/?LinkId=245953> and then click Manage Communications under My Subscriptions in the Quicklinks section. For more information, see the Communications Preferences section of the Microsoft Online Privacy Statement at: <http://go.microsoft.com/fwlink/?LinkId=92781>. For the complete Microsoft Online Privacy Statement, see: <http://go.microsoft.com/fwlink/?LinkId=81184>. For legal Information, see: <http://www.microsoft.com/info/legalinfo/default.mspx>. This newsletter was sent by: Microsoft Corporation 1 Microsoft Way Redmond, Washington, USA 98052 Source
  21. The stock Email app that has been part of Android for a long time is now available to download in the Play Store. The app is also updated with a few new visual additions that reflect the latest look and feel of Google’s apps. As part of the changelog, the Email client now sports increased security for Gmail accounts as well as easier account setup flow (not that it was difficult to start with). Moreover, you can now send emails for print directly from the app and you’ll be able to do so more effortlessly thanks to the numerous bug fixes. There’s one slight annoyance, though. It is only available for stock KitKat users (Nexus and Google Play Edition devices). Download Link Google Play Store Mirror http://d-h.st/K8w Source
  22. [email protected] Mail Pro (Kat Mail Pro), the first and only email client for Android that combines a gorgeous graphical design with great user experience and the power of K-9 “under the hood”. Please note: Exchange accounts are NOT supported yet. ••••• Highlights ••••• ★ Beautiful yet simple design for a great user experience ★ Automatic setup for many popular email services like Yahoo, Hotmail or Gmail ★ Supports more email services via IMAP, POP3 and/or SMTP ★ Split-screen views on tablet sized screens ★ Advanced Email Widget ★ Rich-text editor to format text including the signature: bold, italic, underline, strike-through, superscript, subscript, text size, text color, background color, numbering, bullet points, indentation, left/center/right alignment, links, images, undo/redo. ★ Swipe messages to delete, archive or mark as spam ★ Text-to-speech notifications based on user activity (driving, cycling, walking...) ★ Localized in more than 20 different languages ★ Encryption and signatures (PGP in conjunction with APG) ★ Integration with DashClock widget, Nova and Apex Launcher ★ Highly configurable and customizable ••••• Supports ••••• ✔ Phones and Tablets ✔ Portrait and landscape mode ✔ All screen types and sizes ✔ Keyboard, trackball and touch screen ✔ Android 2.2, 2.3, 3.x, 4.0 - 4.4 What's New- New IMAP IDLE implementation (push email) to reduce battery use- New contact picture implementation to improve performance- Copying html text into address fields (to, cc, bcc) didn’t work- In KitKat the message re-flow was broken- Fix for disappearing messages, messages becoming unread, sqlite errors etc.- Deleting mails was done without retry if it failed- More reliable DashClockWidget integration- Complete Russian translation- Numerous minor bug fixes and (performance) improvements More Info: https://play.google.com/store/apps/details?id=com.onegravity.k10.pro2 Download:http://www.tusfiles.net/ak13ucy77o2w
  23. This is the version of TouchDown for Honeycomb/ICS/JellyBean Tablets and Smartphones. TouchDown HD gets your Email, Contacts, Calendar and Tasks from your corporate Exchange server, and gives you a single tabbed view. Now your Android tablet comes closer to Outlook when it comes to the user experience. When it comes to corporate data access on your device, you get what you pay for. For a fair comparison, compare the download counts along with the stars. NitroDesk, Inc. has been building and improving TouchDown since October 2008. We have improved the product through hundreds of internal versions, to bring you the best and most downloaded Email solution for Android. Comprehensive : Support for most number of data types (Email, Calendar, Contacts, Tasks) and Notes and SMS syncing for Exchange 2010 servers. Customizable : Dozens of options to make the app behave just the way you want. Custom notifications, speech notifications, viewing tweaks, pinch-to-zoom, peak times and many more. SD card support : Move your data to the SD card if necessary Widgets : Email, Tasks, Calendar, Universal Widgets make it easy for you to see your status at a glance. Support for third party widgets give you a wide range of choice Most Secure: TouchDown supports exchange activesync policies such as PIN, Remote Wipe, Data encryption and Storage card encryption of corporate data. Hundreds of organizations trust TouchDown to ensure security, privacy and confidentiality of their data. Discerning organizations mandage the use of TouchDown to ensure high usability along with security. Corporate Data Separation: TouchDown keeps your corporate data separate from your personal data. Without TouchDown, your employer can actually flatten your phone to factory defaults. With TouchDown, they can only remove corporate data belonging to them, leaving behind your personal information. S/MIME: TouchDown is the only android solution so far that supports sending and receiving S/MIME signed and encrypted emails. S/MIME signing and encryption ensures that your emails are not tampered with, and can ensure that emails you send can be ensured to be visible only to the intended recipient. Manageable : TouchDown integrates with most popular Mobile Device Management solutions in the market today, increasing the chances that your phone can play well with your IT organization's security policies. More Info: https://play.google.com/store/apps/details?id=com.nitrodesk.honey.nitroid Download: http://www.tusfiles.net/l7gai5zlds98 http://www.indishare.com/mgei2tjl36iq http://up.bannedhost.com/xhjoboe1drkz
  24. Vote for your email provider and tell us why you use it. I use Gmail because never tried other :tooth:
  25. A federal appeals court has upheld a contempt citation against the founder of the defunct secure e-mail company Lavabit, finding that the weighty internet privacy issues he raised on appeal should have been brought up earlier in the legal process. The decision disposes of a closely watched privacy case on a technicality, without ruling one way or the other on the substantial issue: whether an internet company can be compelled to turn over the master encryption keys for its entire system to facilitate court-approved surveillance on a single user. The case began in June, when Texas-based Lavabit was served with a “pen register” order requiring it to give the government a live feed of the email activity on a particular account. The feed would include metadata like the “from” and “to” lines on every message, and the IP addresses used to access the mailbox. Because pen register orders provide only metadata, they can be obtained without probable cause that the target has committed a crime. But in this case the court filings suggest strongly that the target was indicted NSA leaker Edward Snowden, Lavabit’s most famous user. Levison resisted the order on the grounds that he couldn’t comply without reprogramming the elaborate encryption system he’d built to protect his users’ privacy. He eventually relented and offered to gather up the email metadata and transmit it to the government after 60 days. Later he offered to engineer a faster solution. But by then, weeks had passed, and the FBI was determined to get what it wanted directly and in real time. So in July the government served Levison with a search warrant striking at the Achilles’ heel of his system: the private SSL key that would allow the FBI to decrypt traffic to and from the site, and collect Snowden’s metadata directly. The government promised it wouldn’t use the key to spy on Lavabit’s other 400,000 users, which the key would technically enable them to do. Levison turned over the keys as a nearly illegible computer printout in 4-point type. In early August, Hilton – who once served on the top-secret FISA court – ordered Levison to provide the keys instead in the industry-standard electronic format, and began fining him $5,000 a day for noncompliance. After two days, Levison complied, but then immediately shuttered Lavabit altogether. Levison appealed the contempt order to the 4th Circuit, and civil rights groups, including the ACLU and the EFF, filed briefs in support of his position. But the appeals court today said that the bulk of Levison’s arguments couldn’t be considered, because he hadn’t clearly raised them in the lower court, where he represented himself without a lawyer for much of the proceedings. Prior to appeal, Levison’s only voiced objection to turning over the SSL keys was this statement in court: “I have only ever objected to turning over the SSL keys because that would compromise all of the secure communications in and out of my network, including my own administrative traffic.” “We cannot refashion this vague statement of personal preference into anything remotely close to the argument that Lavabit now raises on appeal: a statutory-text-based challenge to the district court’s fundamental authority under the Pen/Trap Statute,” wrote Judge G. Steven Agee, for the three appellate panel. “Levison’s statement to the district court simply reflected his personal angst over complying with the Pen/Trap Order, not his present appellate argument that questions whether the district court possessed the authority to act at all,” wrote Agee. The Lavabit case is the only publicly documented instance where a district judge ordered an internet company to hand over its SSL key to the U.S. government. If the practice had been given the imprimatur of the U.S. 4th Circuit Court of Appeals, it could have opened a new avenue for U.S. spies to expand their surveillance against users of U.S. internet services like Gmail and Dropbox. “The court focused its decision on procedural aspects of the case unrelated to the merits of Lavabit’s claims,” says ACLU attorney Brian Hauss, in a statement. “On the merits, we believe it’s clear that there are limits on the government’s power to coerce innocent service providers into its surveillance activities.” The 4th Circuit panel wasn’t terribly sympathetic to the privacy issues during oral arguments in the case. So today’s ruling on a procedural technicality is probably for the best. And the next time a secure e-mail provider tangles with the feds, you can bet it will get a lawyer earlier on in the process. Source
  • Create New...