cross-posted from: https://lemmy.world/post/25408170
from @MidnightMan
If you have been wondering what you can do make a meaningful difference, then I may have an answer for you. Urgent action is required to prepare the people of the United States for a fascist government to come into power, and by extension the increasingly likely prospect of a genocide, but I canāt do it alone.
If you are a knowledge addict, data miner, proficient writer, or an otherwise gifted individual, then this may be your calling. Weāre going to be doing and learning a lot of cool stuff, but the work is tedious, and it will aid you immensely to be driven either out of passion for learning and personal growth, love of labor, or sheer love for your fellow compatriots. Several self-maintained application servers are being run to assist with operations and collaboration.
If youāre curious or want to learn more, you can contact me at midnightman1234@yahoo.com with a new email for increased compartmentaliation, after which you will receive a reply from my primary email. Our activities are strictly legal, but anonymity on your part is strongly encouraged as a precaution to retaliatory action. Interested parties should not respond to this message over Lemmy.
#####################################################################################
The above message is likely an attempt to collect email addresses of people who might be well meaning. I would strongly advise against communicating with this person for the below reasons.
You cannot encrypt email End to End. It has to be stored in plaintext somewhere.
Yahoo does not offer encrypted email.
You have no idea of who will be emailing you back so there will be no way in which to validate your comms.
If youāre looking to organize you can follow the advice below
For those interested in building networks and organizing folks to get together thatās even better. However it carries some risk so if youāre organizing use E2E comms and if youāre researching use Tor Browser. Better yet use a Tails USB on a coffee shop wifi.
https://www.tomsguide.com/how-to/how-to-use-signal
https://www.torproject.org/download/
https://tails.net/doc/first_steps/index.en.html
And donāt communicate over email, even encrypted email. Email needs to be stored and archived for it to work, often in plaintext so itās never going to be a secure way to communicate.
For a place to start looking for aid and assistance. If thereās a fridge or book or tool share thatās not there, notify them please so they can update the site.
If youāre looking for a place to help, look up Food Not Bombs plus whatever city is closest to you.
http://foodnotbombs.net/new_site/volunteer.php
I understand itās an http site. Donāt sign up for anything that doesnāt pass your vibe check.
If youād like to help undo all these info purges thereās
https://wiki.archiveteam.org/index.php/ArchiveTeam_Warrior
Most of all, talk to loved ones, build community. We keep us safe. If youāre interested you could start a patrol and disrupt ICE stakeouts.
https://www.immigrantdefenseproject.org/raids/
Itās a marathon not a sprint. Sometimes itās as easy as doing the dishes. Mutual aid helps your neighbors and helps you.
https://afsc.org/news/how-create-mutual-aid-network
Self care and avoiding burnout is most important. They want us harried and worried and feeling like thereās nothing we can do. Fuck that
PGP is a thing. Stillā¦ Trust no one.
Agreed, youāre right, they could share the public key and verify the user on their end. However, itās on par with sharing notes on paper. Also they verify you with PGP how do you verify them?
You exchange public keys and then email using your recipientās key to encrypt it. Only they would then be able to decrypt it, using their private key.
https://www.infoworld.com/article/2334365/understand-diffie-hellman-key-exchange.html
Yes, thank for the context. However I know what a DF key exchange is. Iām more worried about the link below.
https://www.csoonline.com/article/566783/i-can-get-and-crack-your-password-hashes-from-email.html
And that a day old account is contacting me about sending me emails.
Sorry if that sounded snarky.
Thatās wildā¦ howād he get the email client to send the NTLM hash? Thatās the real story, there. If you can remotely pull sensitive files like that, you already own that computer. Thatās an email client vuln, not an issue with the method of encryption.
Ohā¦ thatās not good. Iām guessing the client was Outlook. In which case, Outlook had a vuln and that was the issue, not the encryption. Or maybe it was windows itself which was vulnerable.
I skimmed kind of quick, but it sounds like Kevin used html email to embed something that loaded from a server he owned. That gave him the target IP, he then did some kind of NetBIOS request where windows sent the NTLM challenge response. That was apparently vulnerable to cracking in such a way that revealed the actual NTLM hash of the windows user being emailed. Then THAT hash was crackable to reveal the actual password of the user.
Not totally sure I read that right, but wow, that is an old ass vuln for windows to still have as late as 2017.
I would guess NTLMv1