encryption – Is there a use for an MDC even when all messages are signed?

I guess I have halfway grasped the concepts of PGP, and I’ve halfway understood the concept of the Efail attack. However, I still don’t understand whether such attacks would be possible (and an MDC would be needed) even if all messages had a signature. I have read several dozens of articles about Efail and MDC, but none of them mentioned how signatures come into play.

In my naive understanding, and without much details and over-simplified, and leaving out problems with headers and so on, the following happens when signing and encrypting a message e.g. with GnuPG:

  • The message text is hashed.
  • The hash is asymmetrically encrypted with the private PGP key of the sender.
  • That encrypted hash becomes part of the message text.
  • An encryption key for a symmetric encryption method is chosen.
  • That symmetric encryption key is asymmetrically encrypted with the public PGP key of the recipient.
  • The message is encrypted using the symmetric encryption key.
  • The (asymmetrically encrypted) symmetric encryption key becomes part of the message.

In this scenario, i.e. when every message is signed, I can’t understand how Efail attacks would work and why the MDC is recommended. After all, if anybody would tamper with the message during transmission, this would be detected when the signature would be verified. In my naive understanding, the following would happen upon reception:

  • The symmetric encryption key is decrypted, using the private PGP key of the recipient.
  • The whole message text is decrypted, using the symmetric encryption key.
  • The hash of the message text is decrypted, using the public key of the sender.
  • The decrypted message text is hashed by the recipient’s client, and the obtained hash is compared with the hash from the previous step. If both hashes are the same, the message has not been modified.

Did I miss something? Is it possible to tamper with signed messages without the recipient knowing about it, provided the recipient’s software always verifies the signature of received messages before doing anything with the message except saving it in decrypted form to disk for further usage?

Gmail: how to filter messages from a specific sender into inbox if they have either of two keywords, and delete all messages with neither keyword

I’m working for a nonprofit that serves people charged with federal crimes. We track their cases online using a system that sends an email to us every time something happens in their case. That’s a huge amount of email though, and up to this point we’ve only really cared about sentencing hearings. So I currently have it set up with the following filters:

Matches: from:(case-updates@app.com) sentencing
Do this: Apply label "Sentencing Update", Never send it to Spam, Categorize as Primary
Matches: from:(case-updates@app.com) -sentencing
Do this: Delete it

We’ve decided we also want to get emails that contain the phrase “Trial held.” I’m pretty comfortable creating the filter that would get something with that phrase into my inbox and labeled, but I’m less clear on how to update the deletion filter. It seems to me there are two options for NOT/- filters with multiple queries:

  1. delete everything that contains both queries
  2. delete everything that contains either query
  3. delete everything that contains neither query

I want option number three. What should the filter look like? I could see 1 or 3 being what happens when you use an AND operator and 2 and 3 happening when using an OR operator…

Does Facebook sometimes block the ability to search for private messages?

It seems Facebook completely dropped my support (but not for other people I know) for searching for messages. I can only look for conversation names (persons, pages or chat group names) or search for messages inside a specific chat.

This directly contradicts what Facebook’s official support states, and as mentioned it does work for other people. It doesn’t work for me in any browser.

Any idea what causes this and how to fix it?

This is how it looks like now:

Search Facebook chat titles

If I choose a specific chat, I can search by clicking “Customize Chat” first, although what does search have anything to do with customization? It’s as if they don’t want people to know search is possible within a specific chat:

Search in a specific chat

And this is how they (used to?) search inside specific conversations:

Search for Facebook messages

messages – Is it possible to display unread iMessage count in the menu bar on macOS 11+

I’m aware that this used to be possible at one point or another, but I’m trying to find a solution specifically for Big Sur and up. I’ve recently decided to automatically hide my dock which unfortunately leads to forgetting that I’ve received text messages until hours later unless I open and respond to them immediately.

Is it possible, either within the system or through third-party software, to add an icon to the menu bar that indicates that there are unread messages in the stock Messages.app?

Is it possible to programmatically or preemptively deny any/all open_channel Lightning messages coming into your node?

If so, that would make it possible for that same node to have 1 very well funded inbound channel with only 1 other node that they also own and price gouge fees to route payment to them through this one connection.

For example, let’s say that the company is a major financial institution, service provider or retailer with a high market demand. The company then creates a Lightning node (call this node A), and node A has only 1 inbound channel for billions of USD in SATs with only 1 other node (node B) on the network, which the company also owns/controls. The company then forcibly denies all incoming open_channel requests to node A, and only allows and/or advertises connections with node B. Users then have to connect to node B to route payments to node A for products or services. The company then jacks up the fees to route through node B forcing all users that send money to them to go through node B and pay this exorbitant price. Since the company is very widely used and popular in the market, demand for their services is high. Thus, consumers would be forced into paying a crazy fee until a competing service enters the market. Given the large amounts of capital available to this company, the cost of closing / opening a channel between the nodes is not a large concern give how cheap that on-chain txn is in comparison to the profit in fees.

Is this scenario possible? If so, is anything being done to mitigate it? If not, why?
What would prevent a company from doing this other than bad publicity?

macos – Hide conversations in Messages

I recently upgraded from High Sierra to Big Sur. Before the upgrade, each conversation in Messages had a little x I could click on to hide it.

I can’t find that option now, and Message is cluttered with lots of conversations I don’t really need to see.

There’s a “Delete Conversation” command, but the prompt makes me think that this deletes the conversation permanently. In some cases this is actually what I want (I don’t need all my old messages with verification codes), but in other cases I just want to hide conversations that are inactive, but not lose all the old messages completely.

Did they remove this option completely, or is there a hidden option to restore it?

iphone – Why do my / sent text messages appear on the right of the dialogue?

enter image description here

When I read another thread why text messages on the iphone aren’t displayed at the full width the following question came to my mind: Why do my text messages appear on the right and not on the left side of the screen?

If I had to design it, it would have been my clear decision to show the messages I’m sending on the left and incoming messages on the right (corresponding to the gestures I would use for sending and receiving). I’d probably have taken this decision without thinking about it at all – just basing on intuition or a gut feeling.

One could argue that the one who started a conversation (or better sent the very first text message), appears on the left. But for the sake of consistency and perceivability, there probably had to be a decision for one of the two options.

Any ideas – or different intuition?

google workspace – Is there a way to filter Gmail messages based on personal level indicator?

I use Personal Level Indicator, so when I receive a message an arrow (if the message is not sent only to me) or a double arrow (if the message is sent only to me) is shown.

Is there a way to filter email by this mechanism? It would be even more useful for me to be able to filter and thus more clearly isolate those messages sent only to me.

[FREE] Forum Mass Private Message Poster Blackhat Software -send millions of messages

Forum Mass Private Message Poster (Blackhat Software) – Legally Deliver Your Sales Message and URL to Millions of Inboxes

Do you know why email spamming is so prolific? The answer is simple: because it’s hugely profitable. But what if there was a free and legal way to deliver your sales letter and URL to millions of peoples’ inboxes? I’ve got good news for you, there is now such a way; we have developed unique highly innovative blackhat software (in the form of a easy-to-use Google Chrome extension) that can automatically private message *all* the members of tens of thousands of online forums (with an accumulative user count that is probably in the billions), for almost all of these forums the private messages you send are sent to the user’s email inbox. This is 100% unique, legit, blackhat software that can deliver you millions of sales prospects. The software works on about 20% of forums (that might seem like a low amount, but it still accounts for millions of users to deliver your offer to).

We’ve already raked in over six million US dollars from using our software in-house (something I swear on my significant other’s life and may karma burn the hell out of me if I’m lying) – and that profit is from relatively light use of the extension (we only leveraged a fraction of the potential forums to mass post private messages to). You can make millions with our software too (yes, honestly). Don’t believe me? OK, let’s look at the numbers – say you use the software to inbox one million forum users – and you pitch the URL of a sales page with a $50 profit margin, you only need 2% to convert to make one million USD (((1,000,000 divide by 100) times 2) time 50 equals 1 million). It’s not just do-able, it’s easy. Sounds to good to be true? Surely there has to be a catch? Yes, there is a catch, this is a time-limited opportunity because forums will start closing the loop-holes that allow mass PM posting once our software becomes too popular, if you order now (or download the free version) you are liable to make a lot of money, but if you wait and waste time thinking about it you might be too late when you come back (we’ll stop selling the software once the software doesn’t work with circa 20% of forums, so you can rest assured if you’re reading this, the opportunity is still wide-open).

This is your unique once-in-a-lifetime opportunity to own super-elite blackhat software that makes online money making as easy as pie. Remember, this software could make you millions. Don’t believe us? Think it’s BS? Try the free version of our software and we guarantee the results you receive will bring you back here to buy the gold, silver or platinum (recommended) version.

Download link: http://blackhat2018.unaux.com/

email – Does gmail use SPF or DMARC when sending messages outside of gmail?

I can’t seem to find any record of SPF or DMARC in the original messages coming from gmail to my mail server.

And yet they suggest that others use them.

Does gmail use SPF or DMARC when sending messages outside of gmail?

If not, what is going on exactly?

Do as I say, not as I do?