Zero day in the cloud

Topic

New Reply

ON SECURITY By Susan Bradley If you are a consumer, home user, small-business user, or even a medium-sized business user, today’s column may anger you
[See the full post at: Zero day in the cloud]

Susan Bradley Patch Lady/Prudent patcher

13 users thanked author for this post.

WSGeo, ibe98765, fisher75, Casey S, jburk07, schmootoo, Rick Corbett, J9438, lmacri, rc primak, DLivesInTexas, WCHS, windbg

Reply | Quote

Replies

Susan Bradley wrote:

Too often, the click-bait technology news headlines make it seem as if all of us will suffer from some patching side effect (“the sky is falling”), when in reality few are impacted.

We get that from some AskWoody members, as well.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We all have our own reasons for doing the things that we do with our systems; we don't need anyone's approval, and we don't all have to do the same things.

We were all once "Average Users".

Computer Specs

1 user thanked author for this post.

rc primak

Reply | Quote

Great article! In addition to the logging where you said, “I hope this will become available to all Microsoft customers — at no charge.”, this should also be said about email encryption.

I would dare to say the average email user has no idea if their email is encrypted or not. I asked Google about this and surprisingly Microsoft only offers encryption if you have the MS 365. Web outlook users are out of luck. Google also said Yahoo and Gmail do encrypt using TLS but that does not sound like end to end.

With all the endless hacking and financial losses occurring these days I would dare to say that MS and other email providers have an obligation, both financial and moral, to provide encryption automatically, by default, and without requiring technical knowledge by the consumer. I especially commend Apple for doing this very thing with its iMessage automatically on its phones (although I admit I was not aware of this for a long time and the difference between a text noted with a green or blue symbol – so Apple needs better communication about this feature).

Encryption code is already there. It does not cost MS or anyone to develop it. It just needs to be added to all existing email systems.

Why do we make it so easy for criminals and foreign governments to steal from us?

 

 

2 users thanked author for this post.

ibe98765, Douglas

Reply | Quote

J9438 wrote:

I would dare to say that MS and other email providers have an obligation, both financial and moral, to provide encryption automatically, by default,

What good is encrypted mail were anyone on the receiving end has the key to decrypt ?
Encrypted end-to-end iMessages work only for Apple devices (other platforms get unencrypted SMSs).

1 user thanked author for this post.

J9438

Reply | Quote

I think you mean Apple mobile devices. End to end encrypted messaging is available for PCs and Enterprise networks. And it’s available for Linux on many platforms. Android is admittedly behind the curve.

-- rc primak

3 users thanked author for this post.

WSGeo, J9438, Alex5723

Reply | Quote

Android has had encrypted messages for more than two years:

published June 16, 2021

Android Messages gets an important update with end-to-end encryption

Android Messages finally supports end-to-end encryption — How to use it

2 users thanked author for this post.

ibe98765, J9438

Reply | Quote

RCS chats are not that obvious to me

* _ ... _ *

Reply | Quote

It’s available but no one uses it.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

I was told many years ago to treat email just like sending a post card through the USPS. Anyone who handles it can read it. The email may be passed through and stored on many servers on its way to the recipient. Anyone who has access to that server can read the email. Many people are surprised when I tell them this. Email is NOT secure or private. Thank you for this article to alert more people.

3 users thanked author for this post.

J9438, LHiggins, rc primak

Reply | Quote

Probably the best article I’ve ever read.

Certainly an eye-opener.

Thank you.

Reply | Quote

Alex5723 wrote:

What good is encrypted mail were anyone on the receiving end has the key to decrypt ?

Alex5723 wrote:

Encrypted end-to-end iMessages work only for Apple devices

That is the problem. There is no standard for exchanging encrypted emails so we have this hodgepodge of some encryption and some not.
At least with Apple the encryption function is preinstalled on my phone. When I compose a text if the font is blue then Apple is telling me the receiver is also on iMessage and the whole text is encrypted. If green the receiver is not Apple and it is not encrypted.

I am not a technical person, but here is the possibility I see. There are 3 dominant email providers – Microsoft, Yahoo, and Gmail. If I am sending an email to just about any company or individual they are most likely using one of these three providers and Windows or Chrome. So why cannot these 3 giants come up with a common encryption standard and have it preinstalled on whatever version email the client is using such that when one sends an email from a home PC using Windows and MS to a bank customer service agent using Chrome and Yahoo or whatever that also has that common encryption standard preinstalled then that email is encrypted all the way – sort of like an email VPN tunnel?

I know this would not be a complete solution but with the dominance of the big 3 it surely would plug a big hole in the swiss cheese and could be expanded to other less dominant email systems. This could also be employed between Apple and Android to fill the text gap.

Sound reasonable or should I go back to using certified mail (which on several occasions has just disappeared without trace!)

 

Reply | Quote

A new standard was published last week for messaging apps (not email):

An important step towards secure and interoperable messaging

July 19, 2023

Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform. This is why Google is strongly supportive of regulatory efforts that require interoperability for large end-to-end messaging platforms.

…

With the recent publication of the IETF’s Message Layer Security (MLS) specification RFC 9420, messaging users can look forward to this reality.

Google Security Blog

2 users thanked author for this post.

windbg, J9438

Reply | Quote

Fred wrote:

RCS chats are not that obvious to me

Google is trying to push Rich Communication Service (RCS) and continue to harass Apple for not joining.

Meanwhile the EU pushes for Digital Markets Act’s Interoperability Rule for all messaging apps.

3 users thanked author for this post.

windbg, J9438, Fred

Reply | Quote

Simple txt messages over G4 or G5 phone connections are safe enough for me.

* _ ... _ *

Reply | Quote

Fred wrote:

Simple txt messages over G4 or G5 phone connections are safe enough for me.

Both 4G and 5G provide built-in encryption.

4G includes 128-bit encryption.

5G includes 256-bit encryption.

1 user thanked author for this post.

J9438

Reply | Quote