Do you use NetDocuments® DMS today or are you evaluating NetDocuments? If you are looking for an encrypted container app approach for mobile NetDocuments DMS, our LINK app may provide that extra client-side security that you are looking for.
Date and time: Monday, February 11, 2019, Noon EST
A few days ago, the FBI revealed that Michael Cohen’s messages sent with Signal and WhatsApp are now available as evidence in the on-going investigation into his various dealings. While thousands of emails and documents have already been recovered from Cohen’s devices, home, hotel room, and office, the recovery of data from messaging apps that promise end-to-end encryption is surprising. One would presume that end-to-end message encryption should ensure that those messages are unrecoverable without assistance from Mr. Cohen. However, clearly that is not the case.
Continue reading
By Seth Hallem, Moble Helix CEO, Co-founder, & Chief Architect
Secure email using S/MIME and OpenPGP is fundamentally broken. Our CEO explains the EFAIL vulnerability and why our LINK Email is not susceptible to EFAIL. What do we do next to protect email?
On Sunday night, a team of researchers from Germany and Belgium dropped a major bomb on the world of encrypted email by describing a simple, widely applicable, and wildly effective technique for coercing email clients to release encrypted email contents through “Exfiltration channels.”[1] The concept is simple – by using a combination of known manipulation techniques against the encryption algorithms specified in the S/MIME and OpenPGP standards and lax security choices in a wide variety of email clients, the research team was able to intercept and manipulate encrypted emails such that large blocks of the encrypted text are revealed to a malicious server.
What is most brilliant (and most dangerous) about this attack, is that the attack does not require decrypting the email messages or stealing encryption keys. Hence, the attack can be deployed as a man-in-the-middle attack on the infrastructure of the internet itself, rather than requiring that a specific email server or email client is compromised.
The essential idea behind this attack is simple – HTML emails expose a variety of reasons to query remote servers to load parts of those emails. The simplest (and most common) example of this concept is displaying embedded images. Many marketing emails use tiny embedded images to monitor who has opened an email. This technique is so pervasive that many of us have become desensitized to clicking the “Allow images from this sender” prompt in Outlook. It is common practice for marketing emails to contain embedded images with essential content, which encourages users to allow the client to load all images in that message. However, doing so loads both visible images and tiny, single pixel images that marketing tools use to uniquely determine that we have opened the email message in question.
By Mobile Helix CEO and Co-founder, Seth Hallem
Hackers are siphoning billions from the global economy each year by stealing data for profit. However, in spite of this rising threat, enterprises continue to make the same mistakes over and over again. It is time to change our assumptions and to re-think how we protect sensitive data.
Hacking is a booming business. Business has been good for several years now. Data breaches are at all-time highs. Cyber-attacks are skyrocketing, and ransomware is a growing fad. And the best news of all is that the same old tricks (see XSS, SQL Injection, SPAM ….) are still working just as well as they always have. How is it possible that a business that was estimated to cost the global economy $450 billion dollars is continuing to grow? That is a lot of money diverted to criminals in lieu of legitimate participants in our global economy.
In the field of data security, 2018 began with a jolt. The revelation of the Meltdown and Spectre security vulnerabilities has taught us that in 2018 (and beyond), nothing is sacred.
Speculative execution, the architectural concept that is exploited in the Spectre vulnerability, has been in use by mainframe processors since the mid-1970s. It is taught in Computer Architecture 101 in universities around the world. And yet, it turns out that the security implications were never fully understood until about seven months ago.
Out-of-order execution, the culprit in the Meltdown vulnerability, is also a ubiquitous concept, although Meltdown is easily avoided with a better implementation of the concept.
Continue readingAbstract: Most firms have made great efforts to catch up and deal with this issue, but Seth Hallem, founder and CEO of security firm Mobile Helix, thinks that the majority of them are looking at the problem in the wrong way.
This interview by Steve Mansfield-Devine with Mobile Helix CEO and Co-founder, Seth Hallem, originally appeared in Science Direct, Volume 2013, Issue 10, October 2013
Pages 18-20,
ISSN 1353-4858,
https://doi.org/10.1016/S1353-4858(13)70116-8.
https://www.sciencedirect.com/science/article/abs/pii/S1353485813701168
Posted 12/25/2023