Offshore Outsourcing & Scammer
Blog about offshore outsourcing and scammer in the outsourcing industry
Why Google denies us real end-to-end encryption?
by Rudolf Faix Monday, April 6, 2015 3:40 PM

Why did we still do not have easy-to-use end-to-end encryption? The standard answer is far too complicated! But this is nonsense; Apple shows how to make it simple.

AndroidThe technical challenges for true end-to-end encryption are solved for many years. In principle, one could make the simple. With it would be sure not just anybody can easily read along our private and business communications.

Nevertheless, emails, chats and phone calls are still almost always in plain text. They are secured for transport (SSL / TLS), but at least, the service provider can read everything and often does. This course also various other interested parties that attach to help him, the contents of confidential messages.

At this point I always hear, end-to-end encryption is still far too complicated. Alone to generate key, not to mention the checking and signing - end users don’t like do that. In fact, I'll never get anyone to use PGP. Nevertheless, the argument is simply wrong.

Because there is already end-to-end encryption, which is so simple that they use many millions of users and do not even know this: Apple's iMessage encrypts any message with a key that is only known by the recipient. Not Apple, not the network operator and not the NSA. And the highlight: Thanks to Apple's iMessage is a sophisticated design that not a bit more complicated than traditional SMS. Each iPhone owners use it easily and has not to worry about the encryption. The encryption is just there.

This one who wants to read along these messages has to attack this encryption. This also applies to Apple or someone standing there with a National Security Letter at the door. In practice this means: It is not enough that Apple or engage NSAs to the appropriate server to write there the plaintext with, as would be the case with Google, Skype and almost all other services. Instead, Apple would have to actively engage in communication and distribute counterfeit keys.

Of course, experts will argue that Apple does not satisfy the pure doctrine and the user himself has no control over his keys. Specifically, the system is not hedged against the fact that Apple itself eventually distributed as "Man in the Middle" wrong keys. But these are details that go past the actual heart of the matter. It can get improved without much effort. (The ignorance and arrogance of Apple is typical and with that the refuse demands for such extensions and perhaps the other side of the coin is that Apple like no other company can create easy-to-use products). Is crucial, however, Apple is the only major manufacturer and service provider offering such end-to-end encryption at all.

The real question is: Why does Google's Android has no a similar function and nourishes us with Hangouts without proper encryption? I seriously doubt that Google no one has come up with this idea or that technological pioneer in so many areas that could not be implemented just as elegant as Apple; Moxie Marlinspike shows with TextSecure how this might look like. There is only one plausible explanation for why Google has nothing to offer in this respect:

Easy to use end-to-end encryption is undesirable.

There is strong political interest to be able to read the communication of all Internet users at any time without much effort. We can only speculate as large as the pressure is exerted by politicians and authorities on the Group. But much harder probably weighs Google own economic interest: With functioning end-to-end encryption, Google would torpedo his own business model. This is in fact based on that the Group can read and analyze our data - and then to present, inter alia for suitable advertising. This of course applies equally to Facebook; so you can write off any hopes about WhatsApp.

Apple, however, earns his money is still with the sale of equipment and Commissions from business apps and content. And they deserve it obviously so good that they - unlike Google and Facebook - have the luxury to leave us our privacy.

What does that mean for us now? Not that we should buy now Apple products. There are too many things that you can refuse to Apple for good reason. But we must not be fobbed off with cloudy promise to respect our privacy and the protection of our business communications to us. Correct and above all simple end-to-end encryption for all could be done - we must demand only finite.

 

Tags: , , , , , , , , ,

Blog Rudolf Faix

Operator of revenge porn site sentence for a long time in prison
by Rudolf Faix Monday, April 6, 2015 3:20 AM

In February the operator of the website ugotposted.com was found guilty. Now the sentence is clear: He has to be for 18 years in prison for 31 counts of identity theft, extortion, and conspiracy.

JustitiaIn its judgment, the Court in San Diego, California, remained just below the possible maximum sentence of 20 years. According to the indictment, the 28-year-old Kevin Bollaert earned with his "business model" 30 000 US dollars: he published on ugotposted.com intimate images of women and men given to him by the ex-partners at the end of the relationship for having revenge. He invited others posting the pictures including name, age, residence and a link to their Facebook profile. However, authorities say he ran afoul of state laws against identity theft, which prevent even simple personal information like names and addresses from being used "for any unlawful purpose, including with the intent to annoy or harass."  At changemyreputation.com he offered to delete these pictures from the other website for a payment of $ 350.

Even before the verdict, which ran on identity theft and extortion, Kevin B. was sentenced to pay a fine in the amount of 385 000 US dollars for child pornography. The attorney of one victim announced in his blog post that the victim should have been a minor at the time of the shoot. Accordingly, the Court classified the images in two cases as child pornography, which contributed significantly to the amount of damages. It is also prohibited the defendants ever to publish pictures of the applicant again.

Evidence of the harassing effect was published in the state's complaint against Bollaert. One woman e-mailed Bollaert saying she started getting "nonstop harassing messages" after her photos went up on ugotposted. Another told him she was "scared for my life," continuing: "People are calling my work place and they obtained the information from this site! I did not give permission for anyone to put up those pictures or my personal information. I have contacted the police but these pictures need to come down! Please!"

One Jane Doe victim reported receiving dozens of Facebook and Instagram friend requests after she was featured on the site, as well as text messages with lewd photos and several phone calls, which made her "worried for her safety." Another woman had "over a hundred different sources" try to contact her after her information went up on ugotposted, and she ultimately changed her phone number.

This case shows that nobody can hide himself in the anonymity of the Internet. As soon as a case from a public prosecutor is opened the anonymity gets dropped and the fraudster ends up in the prison!!!

 

 

Tags: , , , , ,

Blog Rudolf Faix

Offset uncomfortable official for the 45th time
by Rudolf Faix Thursday, April 2, 2015 5:04 PM

Ashok KhemkaNew Delhi - An uncomfortable officer has been placed in India for the 45th time. The NDTV Indian TV channel reported that Ashok Khemka got now moved to a simple job in the Department of Archaeology and Museums of the State of Haryana. Khemka is known all over India, because during his 23-years career he has uncovered numerous corruption scandals - and he was removed from his positions by various governments again and again.

Before Khemka has been transport officer in Haryana. He tweeted after the takeover of the position a few months ago: "We have to decide between road safety, protection of the public good and the environment on the one site and private profit on the other side". He said he wanted to tackle license purchase on the black market and make the names of all illegal profiteers public.

It never came. Now he tweeted: "I have taken great pains to fight corruption and enforce reforms in the transport sector, although my room was very limited and many stakeholders were involved deeply. That moment is now very painful."

What can we expect from a country where such a corruption and fraud is already public and nobody is doing something against it? 

Why should in such a case the business to be honest? 

India is a land of scam?
No! There are after all honest people there too. Don’t throw all into one pot. A good example for a honest person is Ashok Khemka. 
He leads by being a good example and I hope that many people will follow his example.

 

Tags: , , , , , , ,

Blog Rudolf Faix

SPAM from an anti email spammer tool: boxbe.com
by Rudolf Faix Thursday, April 2, 2015 4:05 PM

A LinkedIn member has asked me to reply to his email address. I have sent an email to him and got immediately a reply from boxbe-notifications@boxbe.com with the following content:

Hello Rudolf Faix,
Your message about "RE: NEW DEFENCE RESEARCH PAPER & BOOK" was waitlisted.
Please add yourself to my Guest List so your messages will be delivered to my Inbox. Use the link below.

Click here to deliver your message

Thank you,
china.research.team@gmail.com
boxbe
Powered by Boxbe -- "End Email Overload"
Boxbe, Inc. | 65 Broadway, Suite 601 | New York, NY 10006
Privacy Policy | Unsubscribe

Final-Recipient: rfc822; china.research.team@gmail.com
Diagnostic-Code: X-Boxbe-Notice; message given low priority. To fix, see accompanying notice.
Status: 4.7.0

As I did not send any message to somebody from the domain @boxbe.com and I did not subscribe somewhere (see the unsubscribe link under their signature) is this email nothing else than SPAM. Following a link in an unsolicitous email will result in more spam, because with this you'll verify that your email exists. For this I did not press the "Click here to deliver your message" and the "Unsubscribe" link. I simple reported this e-mail as spam. In future, I'll not receive any message from them.

Don't expect any answer from me if you like to communicate with me per e-mail and use a similar service like boxbe.com. I'll even will not see in future a confirmation link from boxbe.com. If you are too lazy to filter out a few spam messages a week, then it would be better use snail mail instead of e-mail.

The full email headers:

Delivered-To: rudolffaix@gmail.com
Received: by 10.36.40.144 with SMTP id h138csp1291074ith;
        Thu, 2 Apr 2015 03:16:40 -0700 (PDT)
X-Received: by 10.140.216.67 with SMTP id m64mr40519897qhb.6.1427969800053;
        Thu, 02 Apr 2015 03:16:40 -0700 (PDT)
Return-Path: <bounces+rudolffaix=gmail.com@dynect-mailer.net>
Received: from mtaout-204-ewr.sendlabs.com (mtaout-204-ewr.sendlabs.com. [216.146.33.204])
        by mx.google.com with ESMTPS id v32si4526164qge.71.2015.04.02.03.16.39
        for <rudolffaix@gmail.com>
        (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Thu, 02 Apr 2015 03:16:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of bounces+rudolffaix=gmail.com@dynect-mailer.net designates 216.146.33.204 as permitted sender) client-ip=216.146.33.204;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of bounces+rudolffaix=gmail.com@dynect-mailer.net designates 216.146.33.204 as permitted sender) smtp.mail=bounces+rudolffaix=gmail.com@dynect-mailer.net;
       dkim=pass (test mode) header.i=@boxbe.com
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dyn; d=boxbe.com;
 h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Sender:List-Unsubscribe; i=boxbe-notifications@boxbe.com;
 bh=nKDuo8pxB1J4J6hCaChvgnPI9C4=;
 b=cdwtGiTRGvon01+RJCS+dqntHGWxAp+v8N25wdwkhCu3IuepUzdikg/rUzrbQSEH3lpTqzY3cS24
   3STK+6Eok+6MYxzhQnDk7wJAptLSKxPamb4JHOfmNfDaOoQarlZvGq//UfWxY1s/fZITgFSHevjs
   lKI7t3v+B6M1NcupcJs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=dynect1213; d=dynect.net;
 h=Date:From:Reply-To:To:Message-ID:Subject:MIME-Version:Content-Type:Sender:List-Unsubscribe;
 bh=nKDuo8pxB1J4J6hCaChvgnPI9C4=;
 b=Yq4bM7gFViIQ0I7Ub0ED+6h2kQ8Dk+peB+OYSYkAW25NIRT5PGfTIs+zevzZNgg525KpuH/qCs2a
   iccS1xHvPSQwkpl35PxT8X9jwmoSfyIrRQMkRHWqWMmvOVGZB3rQYZJGe94Z6vzLTnVrY3IbnB4U
   MIDMlUodQ12ATNPo278=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=dyn; d=boxbe.com;
 b=LjLN4/7AG2VUDIpuyB+Xj+SJjgwdfWYOBXUD2t/21Y13rlpJmJYvPR//x2njCz0rQtNk63YbDSZf
   TeXc7Lqy036LOHGYgbZ40cFkWBGah/WeSjYlF611QMWNkK63ppfLfeO9meAm/Ny21o8oSFxAIBsA
   ALsgoHYNecI2y38SZ/c=;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=boxbe.com; s=s1;
	t=1427969796; bh=MFvOv6JBBu06WCfwdUusWnzQxr+9B12zOnpolDxkvgs=;
	h=Date:From:Reply-To:To:Subject;
	b=VB2Ib/ijqsmnu3HWvPs+VSrnkxCsXRIMtEfk3M4GeS9fQziNdDiLy6caO4euHEVcF
	 tIQC3HX2Igt0dP9IVVkx8vka2N7xmeKZXpB5Elvc2GV6z7KSLASdaZBFFb28dxe/TX
	 rGnLaj9kpk9YE6pTfOqvHw4Gw8KLaPXJd76DBikc=
Date: Thu, 2 Apr 2015 03:16:36 -0700 (PDT)
From: boxbe-notifications@boxbe.com
Reply-To: china.research.team@gmail.com
To: Rudolf Faix <rudolffaix@gmail.com>
X-DynectEmail-Msg-Key: 20150402101637.07640F0F2130@mail6-01-pao.dynback.net
Message-ID: <977552929.15870.1427969796453.JavaMail.prod@ems-imap01.ny3>
Subject: Re: RE: NEW DEFENCE RESEARCH PAPER & BOOK (Action Requested)
MIME-Version: 1.0
Content-Type: multipart/report; 
	boundary="----=_Part_15869_1801915389.1427969796448"; 
	report-type=delivery-status
Envelope-From: <>
Auto-Submitted: auto-replied
Sender: boxbe-notifications@boxbe.com
X-DynectEmail-Msg-Hash: fRSspyRTfXPA1bNH7n3imVZvebSdS9eyc4kWgmyq9SLBoK2B0cDq/sP+lmBC1F3v2eCnejSeu4OeejcjA6Fc96K38r8qii2AqNEEGQbgd3I=
X-DynectEmail-X-Headers: 
X-Feedback-ID: R29sZFRyYW5WTVRBcw==:477795:315291:dyn06
List-Unsubscribe: <http://unsub.email.dynect.net/unsub??h=fRSspyRTfXPA1bNH7n3imVZvebSdS9eyc4kWgmyq9SLBoK2B0cDq%2FsP%2BlmBC1F3v2eCnejSeu4OeejcjA6Fc96K38r8qii2AqNEEGQbgd3I%3Di=20150402101637.07640F0F2130%40mail6-01-pao.dynback.netx=>, <mailto:unsubscribe@dynect-email.com?subject=fRSspyRTfXPA1bNH7n3imVZvebSdS9eyc4kWgmyq9SLBoK2B0cDq%2FsP%2BlmBC1F3v2eCnejSeu4OeejcjA6Fc96K38r8qii2AqNEEGQbgd3I%3D&message_id=20150402101637.07640F0F2130%40mail6-01-pao.dynback.net&x_headers==>

------=_Part_15869_1801915389.1427969796448
Content-Type: multipart/alternative; 
	boundary="----=_Part_15868_923012810.1427969796447"
Content-Disposition: inline
Content-Description: Notification

The contents of this message require a modern email client
for correct display.  If you are reading this message, it may
be because your reader is without MIME support.
------=_Part_15868_923012810.1427969796447
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
 

 

Tags: , , , ,

Blog Rudolf Faix

Jailbreak via e-mail Scams
by Rudolf Faix Monday, March 30, 2015 10:40 AM

JailFile and carved soap gun are past: Modern Fugitive obtained his release by social engineering, as the case of a British prisoner shows.

A prisoner in London succeeded via an e-mail fraud his release.  He smuggled according to the BBC report a smartphone into the jail. He used the smartphone to create a similar sounding domain of the court with a registration of the investigating officer. In e-mails with this TLD he pretended to be a senior official and sent instructions to his dismissal to the prison administration. He got released without difficulty on the 10th of March.

Just three days later, when his defenders wanted to talk to him, the prison staff noticed that M. has been unlawfully removed from the jail. A few days after, M. handed himself later.  So much ingenuity obviously made an impression: both judge and prosecutor M. classified as "brilliant" criminal one, as the BBC writes.

The verdict on the talented social engineer M. is expected in April; he is said to have operated investment fraud under false identities and swindled about more than 1.8 million pounds.

 

Tags: , , , , , , ,

Blog Rudolf Faix

Filter by APML

AboutMe

I'm since more then 35 years in the computer business (programming and technical support) and using the Internet since it has started. Since 2002 I'm programming solutions for Asterisk and since 2004 I'm in the call center industry.

Disclaimer

All data and information provided on this site is for informational purposes only. I make no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site and will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis and is only representing my own opinion. By browsing or using content from this site you accept the full legal disclaimer of this website.