S/Mime Email security
More context at the bottom of the page.I have to encrypt and sign an email with an attachment per some instructions, but I don't know enough about cryptology to know how to interpret the instructions.I took the instructions below to mean "encrypt only the attachment (not the full e-mail), encrypt it with AES 256, using the RSA public key as the secret, (which means generating a random IV")The problem is that the secret key in C# doesn't appear that it can be more than 32 bytes. If I use the public key byte array, it is 270 bytes and it is not allowed.My guess at this point is that I should NOT be creating the AES key from the RSA public key, but that's where it loses me. Should I be creating a random key, or using the same one, how are they able to decrypt it if they don't have this key?"Using the secure/multipurpose internet mail exchange (S/MIME) standard, the email must be encrypted using AES-256 (AES cipher with a 256-bit key length) and FMCSA’s ELD public key. The message must be signed using the manufacturer’s ELD private key that corresponds with the ELD public key submitted to FMCSA by the provider when self-certifying the ELD.(a) The ELD must attach a file to an email message to be sent using RFC 5321 Simple Mail Transfer Protocol (SMTP) (incorporated by reference, see § 395.38), to a specific email address, which will be shared with the ELD providers during the technology registration process. (b)The file must have the format described in section 4.8.2.1 of this appendix and must be encrypted using the Secure/Multipurpose Internet Mail Extensions as described in RFC 5751 (incorporated by reference, see § 395.38), and the RSA algorithm as 116 described in RFC 4056 (incorporated by reference, see § 395.38), with the FMCSA public key compliant with NIST SP 800-32 (incorporated by reference, see § 395.38) to be provided to the ELD provider at the time of registration. The content must be encrypted using AES in FIPS Publication 197 (incorporated by reference, see § 395.38), and RFC 3565 (incorporated by reference, see § 395.38). (c)The email must be formatted using the RFC 5322 Internet Message Format (incorporated by reference, see § 395.38), as follows: Element Format To : <Address Provided by FMCSA during online registration> From : <Desired return address for confirmation> Subject : ELD records from <ELD Registration ID><’:’> <ELD Identifier> Body : <Output File Comment> Attachment : MIME encoded AES-256 encrypted file with <filename>.<Date string>.<unique identifier>.aes "
Submitted January 10, 2018 at 01:13AM by educated_female
via reddit http://ift.tt/2CZt6M8
More context at the bottom of the page.I have to encrypt and sign an email with an attachment per some instructions, but I don't know enough about cryptology to know how to interpret the instructions.I took the instructions below to mean "encrypt only the attachment (not the full e-mail), encrypt it with AES 256, using the RSA public key as the secret, (which means generating a random IV")The problem is that the secret key in C# doesn't appear that it can be more than 32 bytes. If I use the public key byte array, it is 270 bytes and it is not allowed.My guess at this point is that I should NOT be creating the AES key from the RSA public key, but that's where it loses me. Should I be creating a random key, or using the same one, how are they able to decrypt it if they don't have this key?"Using the secure/multipurpose internet mail exchange (S/MIME) standard, the email must be encrypted using AES-256 (AES cipher with a 256-bit key length) and FMCSA’s ELD public key. The message must be signed using the manufacturer’s ELD private key that corresponds with the ELD public key submitted to FMCSA by the provider when self-certifying the ELD.(a) The ELD must attach a file to an email message to be sent using RFC 5321 Simple Mail Transfer Protocol (SMTP) (incorporated by reference, see § 395.38), to a specific email address, which will be shared with the ELD providers during the technology registration process. (b)The file must have the format described in section 4.8.2.1 of this appendix and must be encrypted using the Secure/Multipurpose Internet Mail Extensions as described in RFC 5751 (incorporated by reference, see § 395.38), and the RSA algorithm as 116 described in RFC 4056 (incorporated by reference, see § 395.38), with the FMCSA public key compliant with NIST SP 800-32 (incorporated by reference, see § 395.38) to be provided to the ELD provider at the time of registration. The content must be encrypted using AES in FIPS Publication 197 (incorporated by reference, see § 395.38), and RFC 3565 (incorporated by reference, see § 395.38). (c)The email must be formatted using the RFC 5322 Internet Message Format (incorporated by reference, see § 395.38), as follows: Element Format To : <Address Provided by FMCSA during online registration> From : <Desired return address for confirmation> Subject : ELD records from <ELD Registration ID><’:’> <ELD Identifier> Body : <Output File Comment> Attachment : MIME encoded AES-256 encrypted file with <filename>.<Date string>.<unique identifier>.aes "
Submitted January 10, 2018 at 01:13AM by educated_female
via reddit http://ift.tt/2CZt6M8
reddit
S/Mime Email security • r/security
More context at the bottom of the page. I have to encrypt and sign an email with an attachment per some instructions, but I don't know enough...
Find put if phone is cellphone is tapped by govt
Hi Reddit. We are in the middle of a electoral fraud crisis in Honduras and the government has actively cracked down on those of us that denounced the fraud by harassing and murdering people (38 people so far). I'm becoming paranoid my cellphone could be tapped and I want to know if there's a way to tell and hopefully remove the tap or take preventive measures before me or the people I care about die misteriously or get exiled by the government. Thanks.
Submitted January 10, 2018 at 01:03AM by hollow_504
via reddit http://ift.tt/2AIG5w5
Hi Reddit. We are in the middle of a electoral fraud crisis in Honduras and the government has actively cracked down on those of us that denounced the fraud by harassing and murdering people (38 people so far). I'm becoming paranoid my cellphone could be tapped and I want to know if there's a way to tell and hopefully remove the tap or take preventive measures before me or the people I care about die misteriously or get exiled by the government. Thanks.
Submitted January 10, 2018 at 01:03AM by hollow_504
via reddit http://ift.tt/2AIG5w5
reddit
Find put if phone is cellphone is tapped by govt • r/security
Hi Reddit. We are in the middle of a electoral fraud crisis in Honduras and the government has actively cracked down on those of us that denounced...
Major Computer Chip Bugs Show the Need for Open Security Research
http://ift.tt/2D8wzF3
Submitted January 10, 2018 at 01:54AM by punkthesystem
via reddit http://ift.tt/2CM7a3j
http://ift.tt/2D8wzF3
Submitted January 10, 2018 at 01:54AM by punkthesystem
via reddit http://ift.tt/2CM7a3j
Reason.com
Major Computer Chip Bugs Show the Need for Open Security Research
Have you heard about "Meltdown" and "Spectre"? Here's what you need to know.
Website Glitch Let Me Overstock My Coinbase
http://ift.tt/2DeaZyW
Submitted January 10, 2018 at 01:37AM by volci
via reddit http://ift.tt/2qLXC6L
http://ift.tt/2DeaZyW
Submitted January 10, 2018 at 01:37AM by volci
via reddit http://ift.tt/2qLXC6L
reddit
Website Glitch Let Me Overstock My Coinbase • r/security
1 points and 0 comments so far on reddit
Meltdown Proof-of-Concept
http://ift.tt/2EpUlfa
Submitted January 10, 2018 at 01:21AM by Chris911
via reddit http://ift.tt/2CIjRfj
http://ift.tt/2EpUlfa
Submitted January 10, 2018 at 01:21AM by Chris911
via reddit http://ift.tt/2CIjRfj
GitHub
IAIK/meltdown
meltdown - This repository contains several applications, demonstrating the Meltdown bug.
Security Orchestration For Passive DNS Intelligence
http://ift.tt/2Erognc
Submitted January 10, 2018 at 02:49AM by abhishekiyer
via reddit http://ift.tt/2meFuwN
http://ift.tt/2Erognc
Submitted January 10, 2018 at 02:49AM by abhishekiyer
via reddit http://ift.tt/2meFuwN
Demisto
Security Orchestration Meets DNS Intelligence: Farsight Security DNSDB and Demisto
Learn how using Farsight DNSDB’s intelligence with Demisto’s security orchestration lends you a rich view of internet infrastructure to combat attacker agility.
CPUs: information leak using speculative execution (GPZ #1272)
http://ift.tt/2CYeo7x
Submitted January 10, 2018 at 03:15AM by InfrasonicCuneiform
via reddit http://ift.tt/2CJDuDU
http://ift.tt/2CYeo7x
Submitted January 10, 2018 at 03:15AM by InfrasonicCuneiform
via reddit http://ift.tt/2CJDuDU
reddit
CPUs: information leak using speculative execution (GPZ... • r/netsec
1 points and 0 comments so far on reddit
Meltdown Proof-of-Concept
http://ift.tt/2EpUlfa
Submitted January 10, 2018 at 03:14AM by Official_Legacy
via reddit http://ift.tt/2qOFE3z
http://ift.tt/2EpUlfa
Submitted January 10, 2018 at 03:14AM by Official_Legacy
via reddit http://ift.tt/2qOFE3z
GitHub
IAIK/meltdown
meltdown - This repository contains several applications, demonstrating the Meltdown bug.
Allegation that Telegram was Compromised by Russian Intelligence - Pg 233, Ln 20
http://ift.tt/2EqalOf
Submitted January 10, 2018 at 03:50AM by timcotten
via reddit http://ift.tt/2mc4bd8
http://ift.tt/2EqalOf
Submitted January 10, 2018 at 03:50AM by timcotten
via reddit http://ift.tt/2mc4bd8
reddit
Allegation that Telegram was Compromised by Russian... • r/netsec
9 points and 2 comments so far on reddit
Many Formulas, One Calc – Exploiting a New Office Formula Vulnerability
http://ift.tt/2Eq10Gm
Submitted January 10, 2018 at 12:24AM by Omer_Gull
via reddit http://ift.tt/2CUXnem
http://ift.tt/2Eq10Gm
Submitted January 10, 2018 at 12:24AM by Omer_Gull
via reddit http://ift.tt/2CUXnem
Check Point Research
Many Formulas, One Calc - Exploiting a New Office Formula Vulnerability - Check Point Research
By: Omer Gull and Netanel Ben Simon Background A few weeks ago, a vulnerability in the Office Equation 3.0 process (EQNEDT32.EXE) was discovered by Embedi. For a couple of reasons this event raised a few eyebrows. First, the process was a 32bit application…
Match.com password requirements...
They require a password between 2-16 characters, and special characters are not allowed. I successfully created an account with the password "aa". How could their password requirements be so bad?
Submitted January 10, 2018 at 07:17AM by kyto32
via reddit http://ift.tt/2ALvrV2
They require a password between 2-16 characters, and special characters are not allowed. I successfully created an account with the password "aa". How could their password requirements be so bad?
Submitted January 10, 2018 at 07:17AM by kyto32
via reddit http://ift.tt/2ALvrV2
reddit
Match.com password requirements... • r/security
They require a password between 2-16 characters, and special characters are not allowed. I successfully created an account with the password "aa"....
NIST Looking for Post-Quantum Cryptography
http://ift.tt/2yDZmkY
Submitted January 10, 2018 at 06:47AM by sloth_lifestyle
via reddit http://ift.tt/2CXSphO
http://ift.tt/2yDZmkY
Submitted January 10, 2018 at 06:47AM by sloth_lifestyle
via reddit http://ift.tt/2CXSphO
Detecting Spectre And Meltdown Using Hardware Performance Counters
http://ift.tt/2Datrsj
Submitted January 10, 2018 at 08:15AM by cwmbran
via reddit http://ift.tt/2Fl2Wkz
http://ift.tt/2Datrsj
Submitted January 10, 2018 at 08:15AM by cwmbran
via reddit http://ift.tt/2Fl2Wkz
Endgame
Detecting Spectre and Meltdown Using Hardware Performance Counters
For several years, security researchers have been working on a new type of hardware attack that exploits cache side-effects and speculative execution to perform privileged memory disclosure. Last week, a blog post by Jann Horn of Google and the release of…
Why “Have a Safe Trip” is Taking on Greater Meaning
http://ift.tt/2CXic93
Submitted January 10, 2018 at 10:37AM by TechBiteMe
via reddit http://ift.tt/2md7zEx
http://ift.tt/2CXic93
Submitted January 10, 2018 at 10:37AM by TechBiteMe
via reddit http://ift.tt/2md7zEx
reddit
Why “Have a Safe Trip” is Taking on Greater Meaning • r/security
0 points and 0 comments so far on reddit
Let’s Encrypt down due to investigation on potential ACME TLS-SNI vulnerability
http://ift.tt/2De2q7m
Submitted January 10, 2018 at 11:12AM by fproulx
via reddit http://ift.tt/2qM1jcH
http://ift.tt/2De2q7m
Submitted January 10, 2018 at 11:12AM by fproulx
via reddit http://ift.tt/2qM1jcH
Let's Encrypt Community Support
ACME TLS-SNI-01 validation disabled due to vulnerability
We’ve received a credible report of a problem with ACME TLS-SNI-01 validation which could allow people to get certificates they should not be able to get. While we investigate further we have disabled tls-sni-01 validation. We’ll post more information soon.
What Are The Various Types Of Availability Of CCTV Camera In Jaipur ?
http://ift.tt/2CNp4CN
Submitted January 10, 2018 at 10:51AM by systemindus
via reddit http://ift.tt/2ALaFFi
http://ift.tt/2CNp4CN
Submitted January 10, 2018 at 10:51AM by systemindus
via reddit http://ift.tt/2ALaFFi
Error when editing an equation in Office: Equation Editor 3.0 removed due to security issues.
http://ift.tt/2DhW4Eh
Submitted January 10, 2018 at 12:35PM by HeWhoWritesCode
via reddit http://ift.tt/2md5c4I
http://ift.tt/2DhW4Eh
Submitted January 10, 2018 at 12:35PM by HeWhoWritesCode
via reddit http://ift.tt/2md5c4I
Microsoft
Error when editing an equation in Office
If you try to edit an equation that was inserted using Equation Editor 3.0 in an Office application (such as Word), you will get an error:Microsoft Equation is not available
Ubuntu Meltdown patches are here.
http://ift.tt/2AK8C45
Submitted January 10, 2018 at 01:06PM by Neo-Bubba
via reddit http://ift.tt/2qRatog
http://ift.tt/2AK8C45
Submitted January 10, 2018 at 01:06PM by Neo-Bubba
via reddit http://ift.tt/2qRatog
WPA3 – The Promise of Security
http://ift.tt/2mlOdhv
Submitted January 10, 2018 at 01:57PM by vaxfms
via reddit http://ift.tt/2qNfVZ9
http://ift.tt/2mlOdhv
Submitted January 10, 2018 at 01:57PM by vaxfms
via reddit http://ift.tt/2qNfVZ9
OS Radar
WPA3 – The Promise of Security - OS Radar
Wi-Fi is one of the most used techs in our everyday life. Unfortunately, the present security protocol, WPA2, is severely broken due to numerous bugs. The Wi-Fi Alliance is working on WPA3, a lot better, tougher and faster protocol to ensure security. Take…
Spectre & Meltdown Checker
http://ift.tt/2D0Gz37
Submitted January 10, 2018 at 01:37PM by charlyyyyv
via reddit http://ift.tt/2Flu8zS
http://ift.tt/2D0Gz37
Submitted January 10, 2018 at 01:37PM by charlyyyyv
via reddit http://ift.tt/2Flu8zS
GitHub
speed47/spectre-meltdown-checker
spectre-meltdown-checker - Spectre & Meltdown vulnerability/mitigation checker for Linux
How to Check if Your PC Is Protected Against Meltdown and Spectre
http://ift.tt/2qIuD3N
Submitted January 10, 2018 at 02:09PM by mm_farahat
via reddit http://ift.tt/2mlJ8pj
http://ift.tt/2qIuD3N
Submitted January 10, 2018 at 02:09PM by mm_farahat
via reddit http://ift.tt/2mlJ8pj
Howtogeek
How to Check if Your PC Is Protected Against Meltdown and Spectre
Warning: Even if you’ve installed patches from Windows Update, your PC may not completely protected from the Meltdown and Spectre CPU flaws. Here’s how to check if you’re fully protected, and what to do if you aren’t.