We all remember την Lavabit, την "ασφαλή" υπηρεσία ηλεκτρονικού ταχυδρομείου που έκλεισε πριν δύο μήνες από τον ιδιοκτήτη της companyς Ladar Levinson.
Υπάρχουν σοβαροί λόγοι για τους οποίους θα πρέπει να αναθεωρήσουμε τον τίτλο της εταιρείας που την ήθελε "safe υπηρεσία ηλεκτρονικού ταχυδρομείου." Ο ερευνητής ασφαλείας Marlinspike Moxie εξηγεί γιατί οι υπηρεσίες της Lavabit δεν ήταν και τόσο ασφαλείς και αναφέρει characteristics that the service was not built on sound security practices.
Lavabit boasted of offering an encrypted e-mail service, so secure that even company employees could not access stored e-mails. This is technically true, but it gives the false impression that Lavabit did not have access to plain text messages, which is not true.
The encryption offered by the company was server-side. The emails arrived in plain text and the encryption was done on the spot with a key before being stored on the server. This means that you understand that the messages were delivered to the servers in plain text, albeit via an encrypted HTTPS connection.
Such systems are vulnerable to potential attacks. Anyone who manages the server, legal administrator or hacker, could access the files that were not encrypted.
