VSFTPD Backdoored

Read:

• http://www.h-online.com/open/news/item/Vsftpd-backdoor-discovered-in-source-code-1272310.html
• http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html

This is a very bad security mismanagement on the source code part. How did a backdoor slip into the master branch of the source codes ? No clues were given for now.

The main lesson for the day, always check the GPG signature file. ALWAYS !!!

Sending sensitive emails

Read:

• http://lifehacker.com/#!5784478/how-can-i-securely-send-sensitive-tax-docs-to-my-tax-preparer

For all that has been mentioned in the article above, HTTPS, encrypted archives and files... encrypted file sharing services... there's one thing that's so famous and so well known and common it has forgotten and put to the back burner... PGP/GPG email encryption.

Yup, that's it.

You could sign your PGP/GPG email, encrypt it and voila.... it's secure. If your attachments need to be doubly secured, PGP/GPG could allow you to encrypt your files on your computer Desktop for you and then attach it to your email and encrypt your entire email, sign with a signature and send it out to your lawyer.

There are front ends and email plugins for your PGP/GPG tool and even standalone clients where you paste in a message and it encrypts the message for you and you paste it back into your email editor which does not have PGP/GPG capabilities.