Jon Mentzell

Picture of

Recent Posts

The Importance of Strong Encryption in Free Societies

September 18, 2018 / by Jon Mentzell

There is growing concern regarding the role that encryption on personal devices might play in the future of law enforcement activities. Strong encryption, which uses large keys that are controversially hard to crack, has caused complaints in recent years as manufacturers such as Apple and Google increasingly add these features to their devices. What these companies have done is not new technology, but the broader application of existing public-private key encryption in a way that’s easy to use for the average consumer.

Read more

What Is the 'EFAIL' Vulnerability and What Can I Do About It?

May 18, 2018 / by Jon Mentzell

What is efail? 

Efail is the name given by German Researchers to a potential attack against PGP or S/MIME encoded emails to take the encrypted contents and send them to a third-party actor.

How does efail work?

Efail requires an HTML encoded email to be manipulated by prepending an html image tag to the beginning of the email. This in turn forces the email client to send a request to a malicious domain looking for an image file that is the body of the encrypted email.

Read more

Spectre & Meltdown: Processor Design Flaw Leads to Executable Side-Channel Attack

January 17, 2018 / by Jon Mentzell

Starting in late December, the Linux kernel development lists started buzzing about some commits going into the kernel without the usual documentation that adjoins such code changes. When an AMD developer added some code on December 26th with the following comment, security researchers started zeroing in on the problem:

Read more

Adobe Product Security Team Accidentally Leaks PGP Private Key

September 26, 2017 / by Jon Mentzell

Adobe's Product Security Incident Response Team (PSIRT) accidentally posted their private key to the internet allowing anyone with access to either side of a conversation with the PSIRT to be able to decrypt the messages.  The Adobe security team was quick to revoke the PGP key, but it has left people with encrypted messages to Adobe in the clear.  How did it happen?

Read more

Poor Information Security Practices Lead to Massive Data Leak

June 20, 2017 / by Jon Mentzell

A Republican National Committee data analytics firm, Deep Root Analytics, disclosed that as many as 198 million U.S. citizens’ names, dates of birth, home addresses, phone numbers, and other identifiable information were exposed to the internet due to a database misconfiguration. Many firms are hastily moving to the cloud without fully understanding the security implications of doing so. By rolling new cloud implementations, data collection and analysis problems become simpler tasks. However, without a proper security framework around it, data is accessible to the internet and more likely to be retrieved.

Read more
1
Page 1 of 1

Subscribe to Email Updates

Recent Posts