free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

quote

Bob Mottram 9 years ago
parent
da8b51ce52
commit
e9d8f4aba9
1 changed files with 11 additions and 1 deletions
Unified View Show Diff Stats
  1. 11
    1
      website/EN/usage.html

+ 11
- 1
website/EN/usage.html View File

4 
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 4 
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
5 
 <head>
 5 
 <head>
6 
 <title></title>
 6 
 <title></title>
7 
-<!-- 2015-10-06 Tue 20:21 -->
7 
+<!-- 2015-10-28 Wed 22:51 -->
8 
 <meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
 8 
 <meta  http-equiv="Content-Type" content="text/html;charset=utf-8" />
9 
 <meta  name="generator" content="Org-mode" />
 9 
 <meta  name="generator" content="Org-mode" />
10 
 <meta  name="author" content="Bob Mottram" />
 10 
 <meta  name="author" content="Bob Mottram" />
287 
 <p>
 287 
 <p>
288 
 Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are <a href="https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks">possible attacks against STARTTLS</a> in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties.
 288 
 Port 465 is used for SMTP and this is supposedly deprecated for secure email. However, using TLS from the start of the communications seems far more secure than starting off with insecure communications and then trying to upgrade it with a command to begin TLS, as happens with STARTTLS. There are <a href="https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks">possible attacks against STARTTLS</a> in which the command to begin secure communications is removed or overwritten which could then result in email being transferred in plain text over the internet and be readable by third parties.
289 
 </p>
 289 
 </p>
290 
+
291 
+<p>
292 
+From <a href="http://motherboard.vice.com/read/email-encryption-is-broken">http://motherboard.vice.com/read/email-encryption-is-broken</a>:
293 
+</p>
294 
+
295 
+<blockquote>
296 
+<p>
297 
+The researchers also uncovered mass scale attacks of STARTTLS sessions being stripped of their encryption. That attack itself isn't new: internet service providers sometimes do it to monitor users; organizations may use it to keep an eye on employees; or it may come from a malicious actor
298 
+</p>
299 
+</blockquote>
290 
 </div>
 300 
 </div>
291 
 </div>
 301 
 </div>
292 
 <div id="outline-container-orgheadline11" class="outline-3">
 302 
 <div id="outline-container-orgheadline11" class="outline-3">