Browsed by
Month: May 2016

Review: Threema Secure Messenger

Review: Threema Secure Messenger

It seems that encrypted messaging systems are all the rage these days.  I’m not complaining – this is a very good thing.  Even WhatsApp recently announced it would implement strong end-to-end encryption using Signal’s excellent protocol.  I think this is great – a billion users will be using end-to-end encryption by default.  There is still room, however, for dedicated secure messaging apps.  Threema Secure Messenger is one of those apps.  While many of the features mirror apps like Signal and…

Read More Read More

Mechanical Lock Threat Models

Mechanical Lock Threat Models

In a continuation my suite on threat modeling, this post will discuss lock threat models.  There are many high security locks that are intended to address the vulnerabilities of the standard pin-tumbler mechanism.  There is also a spectrum between bargain-basement hardware and expensive high-security locksets.  I understand that security doesn’t exist in a vacuum: though it would probably be a more secure world if everyone had a high security lock, it would also be a very expensive one.  Deciding on…

Read More Read More

Gate Access Control: Doing It Wrong

Gate Access Control: Doing It Wrong

I have several photos like the one below.  Friends who know me know that I like locks, and sometimes send these photos to me.  I occasionally run across a gaggle of locks like this, and perhaps you have, too.  There is a reason gates are sometimes locked like this.  This is a method of gate access control.  This gate protects a facility that must be accessed by multiple parties.  These parties may not want to share a key or combination…

Read More Read More

DIY Encrypted Email 4: In Practice

DIY Encrypted Email 4: In Practice

In Part I of this series we discussed the principles of rolling your own encrypted email.  Part II and Part III covered the installation and setup of the applications needed to make this happen.  Today we will begin talking about how to actually use all this “stuff”.  Installing the programs are the easiest parts of this process, but using it isn’t as daunting as it was just a few years ago.  Hopefully you have been using Thunderbird over the past…

Read More Read More

ITRH Interview & Bugout Backup

ITRH Interview & Bugout Backup

I haven’t written much about data backups here before, but they are incredibly important.  Everyday, run-of-the-mill data loss can range from frustrating to devastating. In the midst of a natural disaster the impact of personal data loss may be compounded as you are trying to deal with much more basic needs.  I am proud to be a guest on the In The Rabbit Hole Urban Survival Podcast this week (the episode will air today and can be found here).  Aaron…

Read More Read More

DIY Encrypted Email 3: GPG and Enigmail

DIY Encrypted Email 3: GPG and Enigmail

In the last part of this installment we discussed importing mail into the Thunderbird mail client.  Now that our email has been taken out of the browser, we can begin adding the cryptographic elements.  The first of these is GPG (Gnu Privacy Guard).  GPG is an open source implementation of PGP.  It will provide the actual encryption used for our emails. The next step is to install an add-on to Thunderbird called Enigmail.  Enigmail will provide the interface, allowing Thunderbird…

Read More Read More

Lock Safari Salt Lake City, UT

Lock Safari Salt Lake City, UT

I recently had the opportunity to explore another city in my search for rare and interesting locks.  Lock Safari Salt Lake City took me through quite a few neighborhoods over a long weekend.  Over three days a close friend and I covered the Marmalade, 9th and 9th, Temple Square/Downtown, and Sugar House areas of SLC.  I found quite a few interesting locks, but not as many as I expected from a city of this size.  But I didn’t come up…

Read More Read More

DIY Encrypted Email 2: Thunderbird

DIY Encrypted Email 2: Thunderbird

This is the second in a multi-part series on setting up your own email encryption.  Today we will cover installing and setting up Mozilla Thunderbird.  Thunderbird is a desktop mail client that allows you to access your email from a platform other than the browser.  This is a necessary step because of the vulnerabilities inherent in internet browsers.  Thunderbird is popular (I am far from the first person to post a Thunderbird tutorial) and capable.  For our purposes it will be…

Read More Read More

DIY Encrypted Email 1: The Basics

DIY Encrypted Email 1: The Basics

As promised in my post on email threat models, today I am going to begin a series on DIY encrypted email.  As I discussed in the email threat modeling post, this is the most secure email encryption available.  Before we get into the “how to” portion of this, it is important to first understand asymmetric encryption. Email encryption relies on a wholly different encryption model than that used to protect data-at-rest.  Encrypting email and web traffic relies on asymmetric encryption…

Read More Read More

Gmail Two Step Verification Pt. 4

Gmail Two Step Verification Pt. 4

Welcome to the 4th and final installment of this series on Gmail Two Step Verification. This part will cover “App passwords”.  App passwords are an extremely handy function of the Gmail Two Step system.  The allow you to create custom, one-time passwords for two-factor accounts, that can be used on certain apps.  This option is only available if you have two-factor authentication enabled.  It allows you to login on apps that do not accept two factor tokens (the unique, six-digit…

Read More Read More