unspecified vulnerability in GPG

BM-2cUJvFYHhXpBHyd96KHfjxsgTYi44BajdE
May 14 11:34 [raw]

All, in case you missed the announcement, have a look here: https://twitter.com/seecurity/status/995906576170053633 Until further announcements, it's safest to turn off any automatic PGP processing on your systems.

BM-2cUdgkDDAahwPAU6oD2A7DnjqZz3hgY832
May 14 12:20 [raw]

Whitepaper: https://efail.de/efail-attack-paper.pdf Luckily, since the remote code exploit in PyBitmessage I hardened my systems, so I'm not affected: - my email client runs in firejail with a firewall that only allows to connect to my mail server and pgp.net keyservers, and doesn't have access to the rest of the filesystem like configuration, documents and source code. I have to copy&paste if I want to follow a link, but it's just a small inconvenience - converting from HTML to plaintext is done offline - SMTP/IMAP passwords are encrypted using PGP, so are only unencrypted in memory No more exfiltration. Peter Surda Bitmessage core developer

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 14 13:12 [raw]

your kung fu is good

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 14 13:32 [raw]

> Luckily, since the remote code exploit in PyBitmessage I hardened my systems, so I'm not affected: NO. His Kung Fu is LUCKY :)

BM-2cTG2w8YK4DhEE5oPoE9XDSXn3Bo2oEhZC
May 14 22:44 [raw]

Speaking of firejail, why has no one submitted a default profile for PyBitmessage yet? It could've saved quite a number of people who were victims of the code exploit a few months ago. https://github.com/netblue30/firejail/tree/master/etc

BM-2cUvXFRZh2kVatnDZmLcvDXZPU1EkwwFyF
May 15 04:50 [raw]

I posted a firejail script to the chans more than a year before the exploit happened. I did this several times. I had been running my bitmessage in a firejail the whole time and when we discovered the exploit I re-announced the simple firejail script a couple times more. You don't need a firejail profile. Move keys.dat and messages.dat to the Bitmessage /src folder. Then create a startup.sh script in the Bitmessage /src folder and launch that script instead of launching bitmessage. Invoke bitmessage from the script, like this: firejail --noprofile --whitelist=/home/code/Apps/PyBitmessage/ python2 /home/bm/PyBitmessage/src/bitmessagemain.py

BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r
May 16 00:29 [raw]

dammit !

[chan] general
BM-2cW67GEKkHGonXKZLCzouLLxnLym3azS8r

Subject Last Count
Using PGP keyservers for decentralised file storage Dec 9 17:09 9
OMEMO only 1000 people use XMPP Dec 9 03:26 2
OMEMO jabber/XMPP chat using Gajim IM Dec 9 02:39 4
UK Column News - 7th December 2018 Dec 9 00:06 3
GB2RS News - Sunday 9th December 2018 Dec 9 00:02 1
TTL? Dec 8 10:07 7
Elysium is back! Dec 8 10:05 3
UK Column News - 13th December 2018 Dec 8 09:20 1
UK Column News - 14th December 2018 Dec 8 09:14 1
UK Column News - 11th December 2018 Dec 8 09:05 1
UK Column News - 10th December 2018 Dec 8 09:05 1
UK Column News - 12th December 2018 Dec 8 09:05 1
UK Column News - 9th December 2018 Dec 8 08:50 1
Hosting hacked: 6500 Tor Hidden Services Wiped Out Dec 7 23:17 10
To all 'Flat Eath' believers Dec 7 17:06 7
The earth is flat. Dec 7 16:55 2
Moving to a new office Dec 7 03:36 1
@bet-at-home.com Dec 7 03:08 1
Freedom Hosting Reloaded @ fhostingineiwjg6cppciac2bemu42nwsupvvisihnczinok362qfrqd.onion Dec 7 02:03 1
Meet Trepper: the Anti-Bigotry App Dec 6 11:50 5
UK Column News - 5th December 2018 Dec 6 08:25 1
UK Column News - 4th December 2018 Dec 5 22:41 1
UK Column News - 3rd December 2018 Dec 5 22:31 3
Test1 Dec 5 14:17 1
no soap Dec 5 08:19 1
BM Music Dec 3 23:45 1
no to gay catholic priest is logical... Dec 3 12:54 1
Conversation with a Police Officer Dec 3 12:31 3
SWAP MEET Dec 3 08:34 3
Bazinga! Dec 3 08:34 6
cool site Dec 3 06:01 20
As Trump Panic-Tweets, Putin Cracks His Whip and Shows Him Who’s Boss Dec 2 18:02 3
A few chans... Dec 2 16:06 1
F1B12212C0A7FD4A03A521D3A1A8A4D2 Dec 2 09:20 1
Short Story Dec 2 08:57 3
Flat Earth News Dec 2 08:32 4
server admin question Dec 2 08:28 2
What does Bitmessage really have to offer? Dec 2 08:27 13
Recipe of the day Dec 2 08:27 2
UK Column News - 05 Decmber 2018 Dec 2 03:16 1
UK Column News - 04 December 2018 Dec 2 03:12 1
UK Column News - 02 December 2018 Dec 2 03:07 1
UK Column News - 30 November 2018 Dec 2 03:00 2
RSGB - GB2RS News 2nd December 2018 Dec 2 02:59 1
Free Bitcoins Dec 2 02:53 2
Cannabis grower looking into privacy tools Dec 2 01:03 14
Now look here ... Dec 1 16:23 2
test5 Dec 1 10:44 6
Abandoning Bitmessage Chans Dec 1 05:35 1
ADVANCED FAGNOSTIC MANIA Dec 1 02:28 2
F.M. Dec 1 02:28 1
UK Column News - 29th November 2018 Dec 1 00:34 2
UK Column News - 31st November 2018 Dec 1 00:34 2
UK Column News - 28th November 2018 Dec 1 00:34 5
UK Column News - 30th November 2018 Dec 1 00:33 2
crypto mailing lists Dec 1 00:18 3
ACHTUNG! Nov 30 12:43 1
the bible. censorship vs free speech. wise vs rude Nov 29 20:59 1
C7CC Newsletter 28.11.2018 Nov 29 16:49 1
Did BitText die? Nov 29 16:45 1
Not the UK Column News Nov 29 16:16 1
UK Column News - 27th November 2018 Nov 27 12:36 1
(no subject) Nov 27 09:14 2
UK Column News - 26th November 2018 Nov 27 08:11 1
random generators are rigged (surprise!) Nov 26 10:00 3
Smoke means fire Nov 25 16:07 7
UK Column News - 23rd November 2018 Nov 24 15:22 2
Crestiantat vey del tot a mal meza Nov 24 13:46 2
Recipe for Scrambled Eggs Nov 24 12:17 12
I'm contributing to Project 14055 Nov 24 09:24 1
It's 'Anything can happen' Friday! Nov 23 20:36 8
PGP Nov 23 19:23 3
Jesus Vs Buddha: 9 Major Differences Nov 23 19:05 1
madness Nov 23 19:04 1
Quick and Easy Chicken Madras Nov 23 17:57 2
GB2RS News - Sunday 25th November 2018 Nov 23 16:37 3
Ebola on the rampage in USA again Nov 23 14:13 20
UK Column Dumbass News - 16th November 2018 Nov 23 03:53 5
UK Column News - 21st November 2018 Nov 22 08:17 5
UK Column News - 14th November 2018 Nov 22 05:51 6
Hello world ! Nov 21 17:19 5
Dezentrale Plattformen zur Förderung des Links- und Rechtsterrorismus Nov 21 16:36 2
We offers HQ Weed from Europe Nov 21 15:30 2
ffmpeg question Nov 21 14:51 10
Carlsen vs Caruana Nov 21 13:04 2
Russian Interpol President Nov 21 12:47 2
mania Nov 21 04:01 6
Be warned! GOD is watching YOU (even on BM) Nov 21 01:35 1
UK Column News - 20th November 2018 Nov 21 00:56 2
Nov 21 00:53 4
All the Snowden documents released so far Nov 21 00:51 19
UK Column News - 19th November 2018 Nov 21 00:43 2
ADVANCED FAGNOSTIC MANIA Nov 21 00:37 1
FAGNOSTIC MANIA Nov 20 19:21 1
Link on Russian Interpol President Nov 20 19:08 2
Protonmail is bullshit Nov 20 19:08 1
UK Column News - 22nd November 2018 Nov 20 17:38 1
Nov 20 17:06 1
FAGNOSTIC SYNDROME Nov 20 00:10 2
BROGRAMMERS Nov 19 12:18 1