Host of Hak5
With a life long aspiration for theater and love of technology Shannon Morse began her journey in the world of New Media and Podcasting in 2005. Once graduated from Missouri State University in May of 2008 and able to escape her hometown, Shannon found her way to the East Coast as a co-host for... Read More
Today we show you how to encrypt your email the easy way! Plus, backing up your Gmail Account using your Ubuntu PC. And we cover Text Messaging your WiFi Pineapple. All that and more, this time on Hak5!
We're going to learn Email Encryption the easy way
A lot of times on Hak5 we go really in depth for weeks at a time on a complex subject like SSH exploring every nook and cranny. That's not this segment. Today we're taking a high level, practical approach at Email Encryption. This is the segment you send to all your friends, techy or not, who should be using strong encryption on their email.
The Basics: In 1991 Phil Zimmermann created PGP, or Pretty Good Privacy. It's a program for encrypting and decrypting texts, emails, files - even whole hard drives. There's a pretty good read on Wikipedia so I encourage you to check it out.
PGP uses various methods for encryption - one in particular we're interested in called Public Key Cryptography.
Rather than simply having a single password used to encrypt and decrypt data, it uses a combination of a public key and private key. The idea basically breaks down to this:
On Linux you can setup GnuPG (or GPG) and OpenPGP compliant open source tool, along with Enigmail, a plugin for Thunderbird -- and that's great -- but in the world of webmail there's an easier alternative:
If you're wondering why this is important or how it applies to you keep in mind that the ECPA or Electronic Communications Privacy Act states that "email stored on a third party server for more than 180 days is considered by the law to be abandoned, and all that is required to obtain the content of the emails by a law enforcement agency is a written statement certifying that the information is relevant to an investigation" -- there is absolutely no judicial review. no need for a warrant. nothing. The ECPA was written in the 80s, and the world has changed. So while the lobbyist, activists, civil rights organizations and our government quibble over the law we can protect ourselves using strong encryption. In fact we should encrypt all the things regardless -- it's simply good practice.
Setting up PGP encryption for webmail with Mailvelope
Apocolypse! What do you do if Google's mail servers go down? Unlikely, but could happen... Use this tool in Ubuntu to backup Gmail acct! Getmail avail. in Ubuntu Software System. Works in any Linux distro though. Install. Make a directory for the mbox (gmail inbox) file. -m 0700 changes the permissions. 7= read, write, execute for owner. 0= no permissions for group or other users. mkdir -m 0700 $HOME/.getmail Second command sets up directory for the .mbox file to store your inbox messages. mkdir -m 0700 $HOME/gmail-archive Third command creates the .mbox file in the gmail backup directory. Touch creates new files easily. touch ~/gmail-archive/gmail-backup.mbox In gedit, create config file to tell Getmail to get your Gmail mail: [retriever]type = SimplePOP3SSLRetriever server = pop.gmail.com username = firstname.lastname@example.org<-- change this password = yourpassword<-- change this [destination]type = Mboxrd path = ~/gmail-archive/gmail-backup.mbox<-- change this if needed. [options] verbose = 2 message_log = ~/.getmail/gmail.log Save as .getmail/getmailrc in your new directory. Close, open terminal and run 'getmail'. Script may take a while to download inbox. When done close out. New mbox file can be saved for use in Thunderbird, Outlook, etc. Create a shell script w/ timed cron job to enhance efficiency and automatically download at timed intervals. If it stops before finished, restart w/ the same getmail command to run it. Gmail Labels are supposed to be a part of the .mbox download. Archived messages are downloaded as well. Deleted msg are not backed up. I suggest using two-factor auth with app specific pw, because your pw is saved in clear text.Feedback
Frozen Java sends in this video of his Texting WiFi Pineapple: ""This is just a PoC video of my texting pineapple. The goal here is to be able to activate karma, dns spoof, or what ever from your phone's texting app so If you are in a location where you can't pull up ssh or the web interface you can just look like you are having a normal conversation with a human.
3 minutes ago
@grantimahara @leolaporte anytime! It was great to see you!
about 7 hours ago
@SudoOutlaw @Hak5 follow lots of interesting people, post frequently about things that spur convo, and use links/ hashtags/ images.
about 7 hours ago
I'm at Hallie's Diner (Petaluma, CA) http://t.co/xnYPcKDhGw
Wondering what a technical director does? This is similar to my training with This Week in Law: http://t.co/NaQGIkcPUp
This is so cool!!! @jasonhowell shows us what it feels like to TD Tech News Today with his #GoogleGlass #ThroughGlass http://t.co/WwGmpYqMP7
@tvsegon yes! i love my poster!