A KMail bug has inadvertently sent PGP encrypted emails in plain-text — for the past four years! A flaw in the ‘Send it Later’ feature, introduced in Kmail 4.11, allows users to schedule the time and date that emails are sent. Unfortunately, the feature was incompatible with the client’s OpenPGP implementation. This resulted in encrypted emails […]
This post, KMail Bug Sent Encrypted Emails in Plain-Text — for 4 years, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.
Plasma Vault makes it quick and easy to create an encrypted folder on the KDE Plasma desktop in which to store files and other data you wish to keep private.
This post, Plasma Vault Makes It Easy to Create Encrypted Folders on the KDE Desktop, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.
Ubuntu has disabled guest session logins for Ubuntu 17.04 & 16.10 after finding a security vulnerability that could allow unintended access to user files.
This post, Security Flaw in Ubuntu Login Screen Could Let Anyone Access Your Files, was written by Joey Sneddon and first appeared on OMG! Ubuntu!.
In my last
article, I talked about the classic, complicated approach to
server hardening you typically will find in many hardening documents and countered it
with some specific, simple hardening steps that are much more effective
and take a only few minutes. more>>
Microsoft Windows is usually a presence in most computing environments, and UNIX
administrators likely will be forced to use resources in Windows networks from
time to time. Although many are familiar with the Samba server software, the matching
smbclient utility often escapes notice.
These days, it’s more important than ever to tighten up the security on
your servers, yet if you were to look at several official hardening
guides, they read as though they were written for Red Hat from
2005. That’s because they were written for Red Hat in 2005
and updated here and there through the years. more>>
Stories of compromised servers and data theft fill today’s news. It
isn’t difficult for someone who has read an informative blog post to
access a system via a misconfigured service, take advantage of a recently
exposed vulnerability or gain control using a stolen password. more>>
EncryptPad, a free, open source text editor for sensitive information, was updated to version 0.3.2.5 recently, bringing numerous bug fixes along with some minor new features.
EncryptPad is a text editor that can be used to save private information, such as passwords, credit card info and so on, and access the files by using a password, key files, or both. It can also be used to encrypt binary files as well, like images or videos, etc. The application is available for Linux, Windows and Mac.
Changes in EncryptPad 0.3.2.5 include:
- in the File Encryption dialog, a radio button was added to select between EPD and GPG. Previously the user had to edit the extension manually to output to the GPG format;
- there are now more properties in the preferences to control default encryption parameters: key file random sequence length, key file encryption properties, default file encryption properties (cipher, s2k, iterations, compression), the number of encryption keys to save or load without prompting the passphrase again;
- the default number of iterations has been changed to 1015808
- bug fix: if a decrypted passphrase-only EPD file contained less than 4 characters, the content was ignored and EncryptPad produced an empty file;
- bug fix: when opening a plain-text file and saving it as encrypted, the encryption parameters did not reset to the default values but used the parameters of the last encrypted file;
- bug fix: the encryptpad file command line parameter did not support non ASCII characters;
- bug fix: when multiple EncryptPad instances were opened and preferences updated, the last instance overwrote the preferences changed in other instances on closing;
A complete changelog can be found HERE.
Install EncryptPad in Ubuntu or Linux Mint
To make it easier to install EncryptPad in Ubuntu or Linux Mint, I’ve uploaded it to the main WebUpd8 PPA. Since security is very important for an encryption app, you may want to verify the PPA source integrity.
The EncryptPad GitHub page explains
exactly how to do this (but note that it’s for an older EncryptPad version, hopefully it will be updated soon).
To add the PPA and install EncryptPad in Ubuntu 16.10, 16.04 or 14.04 / Linux Mint 18 or 17, use the following commands:
sudo add-apt-repository ppa:nilarimogard/webupd8
sudo apt update
sudo apt install encryptpad encryptcli
If you don’t want to add the PPA, you can download the binaries from HERE
(you’ll need both encryptpad and encryptcli).
To download the source, AppImage, Windows or Mac binaries (as well as the source), see the EncryptPad GitHub page.
HTTPS is a small island of security in this insecure world, and in this day
and age, there is absolutely no reason not to have it on every Web site you
host. Up until last year, there was just a single last excuse: purchasing
certificates was kind of pricey. more>>
Account details of 68 million Dropbox accounts has been leaked online. Here’s how to check whether you’re affected, and how to change your password.
This post, Dropbox User? Change Your Password As Soon As Possible, was written by Joey-Elijah Sneddon and first appeared on OMG! Ubuntu!.