Here’s a gust of fresh air: a guy talking about hacking and computers who actually knows something about hacking and computers. From Karl Denninger on a guest post on theburningplatform.com:
Let’s focus just for a minute on the oft-repeated claim that the US Government’s “agencies” have “declared” that Russia is behind the Podesta (and other) Wikileaks releases — that is, they stole the data.
There’s no evidence to support that which passes even the most-rudimentary sniff test.
You have one guy who’s made that claim in the US — Clapper. The same Clapper who knowingly lied before Congress in the past. Yes, that Clapper.
Now it is certainly true that Russia is likely capable of such a hack. Then again the hack itself, as I’ve pointed out, isn’t especially surprising given that it appears many of these “email accounts” have been sitting on public cloud-provided email services.
By definition such ‘services’ are not secure and cannot be made secure. That people like Podesta are using them for sensitive private matters (which the government is NOT entitled to copies of) such as campaign work is proof of their stupidity — and little more.
Folks, I can set anyone up with a system that is virtually hack-proof for email, yet for those emails where you don’t care about security you can still exchange them with anyone else. I use such a system myself, built by myself. Key to this sort of design is that unencrypted emails that you wish to be secure against tampering, interception or both are never stored on the server.
This is obviously unsuitable for the government and its official business (which is why they don’t do that) because the government relies on being able to see what is going on both for routine business purposes and to comply with FOIA requests. Obviously a classified network is an entirely different thing but an unclassified network used for government business stores and distributes unencrypted email because if it was otherwise nobody, including legitimate government oversight organs, could access it!
Let’s assume you want to send me a secure email. All you need to do is email me first, and ask me to reply to you. Doing so will give you my public key for S/MIME. You now use that key to encrypt your message (which modern email clients can do automatically) and send me the message you wish to send “securely.” Commonly-available client software which can do this includes Outlook (Microsoft’s), Thunderbird, BlackBerry’s Android phones (the Priv and DTEK50) and reasonably-recent Apple iPhone software, among others. You can obtain a key pair for such a purpose from a number of places on the Internet, some of them free, and the better ones do not require that anything other than your public key ever touch their infrastructure, so the risk of them leaking your private key to others is zero (since they are never in possession of it.)
To continue reading: About Those So-Called ‘Russian’ Hackers…
Reblogged this on behindertvertriebentessarzblog.