LOL. I am by no means caught up. I’ve got to-do lists and piles of
sorted business cards. Plenty of follow-up yet to go. How about you?
If you were there, wasn’t ILTACON fantastic this year?
A View from a Booth
2019 was the first year of Joy. Not only do I mean the first year of
ILTA’s vibrant new CEO, Joy Heath Rush, but the first year that ILTA
felt truly back on-track.
ILTACON 2019 broke all attendance
records, at over 3,500 legal techies comprised of over 1,800 members and
1,700 business partners. Over 800 members were first-timers, which is
fantastic. I can imagine that some of the booth locations were poor at
the Dolphin. We were fortunate to have good traffic and terrific
interest in our LINK app.
We’ve been a NetDocuments partner for years. Recently, with Leonard Johnson heading up their partner ecosystem, NetDocuments have formalized their NetDocuments ISV Partner Program. We have used their REST APIs to give NetDocuments users access to their documents and their email in the same encrypted container app, LINK. NetDocuments is committed to the platform approach wherein both Independent Software Vendors and NetDocuments customers can develop solutions for optimizing their workflows using the REST APIs.
It’s easy to review, compare, annotate, file, and email documents all within our LINK app. LINK also offers a managed integration with the Microsoft Office apps for editing on an iPad or smartphone.
In the investigations of Paul Manafort and Michael Cohen, the FBI has retrieved messages from Signal, Telegram and WhatsApp. While there are weaknesses inherent in all of these apps, the question remains: What does a good data protection scheme look like?
A few days ago, the FBI revealed that Michael Cohen’s messages sent with Signal and WhatsApp
are now available as evidence in the on-going investigation into his
various dealings. While thousands of emails and documents have already
been recovered from Cohen’s devices, home, hotel room, and office, the
recovery of data from messaging apps that promise end-to-end encryption
is surprising. One would presume that end-to-end message encryption
should ensure that those messages are unrecoverable without assistance
from Mr. Cohen. However, clearly that is not the case.
By Seth Hallem, Moble Helix CEO, Co-founder, & Chief Architect
Secure email using S/MIME and OpenPGP is fundamentally broken. Our CEO explains the EFAIL vulnerability and why our LINK Email is not susceptible to EFAIL. What do we do next to protect email?
On Sunday night, a team of researchers from Germany and Belgium dropped a major bomb on the world of encrypted email by describing a simple, widely applicable, and wildly effective technique for coercing email clients to release encrypted email contents through “Exfiltration channels.” The concept is simple – by using a combination of known manipulation techniques against the encryption algorithms specified in the S/MIME and OpenPGP standards and lax security choices in a wide variety of email clients, the research team was able to intercept and manipulate encrypted emails such that large blocks of the encrypted text are revealed to a malicious server.
What is most brilliant (and most dangerous) about this attack, is that the attack does not require decrypting the email messages or stealing encryption keys. Hence, the attack can be deployed as a man-in-the-middle attack on the infrastructure of the internet itself, rather than requiring that a specific email server or email client is compromised.
The essential idea behind this attack is simple – HTML emails expose a variety of reasons to query remote servers to load parts of those emails. The simplest (and most common) example of this concept is displaying embedded images. Many marketing emails use tiny embedded images to monitor who has opened an email. This technique is so pervasive that many of us have become desensitized to clicking the “Allow images from this sender” prompt in Outlook. It is common practice for marketing emails to contain embedded images with essential content, which encourages users to allow the client to load all images in that message. However, doing so loads both visible images and tiny, single pixel images that marketing tools use to uniquely determine that we have opened the email message in question.
On March 28th, the Department of Justice confirmed that it had successfully unlocked the San Bernardino shooter’s iPhone 5C without Apple’s assistance. On that same day, the US government moved to vacate a California court order that had attempted to force Apple to assist in the decryption of the device. While the legal maneuverings are fascinating in their own right, the conclusion leads to an even more fascinating technology discussion – how did the FBI crack the iPhone, and what are the implications of this successful hack? Continue reading →