Evidence of document theft (edited screenshot)

Evidence of document theft (edited screenshot)

Evidence of document theft (unedited screenshot)

Evidence of document theft (unedited screenshot)

Of course, with a stolen password, the same attacker might also fabricate an entire email from scratch in the Riseup user´s name, but since that would self-evidently stand out as manipulation, the user would probably file a print of the forgery to the barrister the other day, and the attack would blow up. This is why a stealth attack is much more attractive to a too big to fail brute force (tbtfbf) attacker than an openly visible attack, because it can be prolonged to a theoretically infinite duration, depending only on the awareness, self-confidence and technical understanding of the respective user. This is also why the multiple login capability is so dangerous, because it allows for attacks not only against truth and authenticity, but also against trust and awareness. And it becomes even more dangerous in combination with the Riseup policy of complete abstinence from logging, because without logfiles it leaves no evidence. Riseup abstains from logfiles to protect its users from gathering evidence that might get abused against them, but when there is an open loophole this policy also protects attackers, which means that awareness for closing loopholes ought to be accordingly higher to justify the otherwise well-meant policy. Classical example, when a door is deliberately being left without a surveillance camera, the significance of using door seals to exclude attacks with illicit key copies increases.

Riseup Management was notified of the Multiple Login Loophole on Tuesday Sept 25th, 2018 20:00 GMT, and confirmed it the same day, but so far has done nothing to fix the problem. Instead, an apparently helpless and mostly clueless Riseup manager asked me to do its work for it. When I replied that I did not have the necessary tools at hand for that, it got muzzled, and showed no further interest to solve the problem. The loophole came on the table when I obtained expert advice how to secure Riseup accounts without changing the no-logging policy in response to above-shown evidence of tampering with document appendices. Technically, it is possible even without logging to see from a seal code that no illegitimate login has taken place between two legitimate sessions. Detailed technical description how to implement an account seal using cryptographic standard functionality was provided for free to the Riseup management thanks to expert support, but to no avail. Since Riseup policy does not tolerate forgotten passwords, change of password is no suitable solution either against a tbtfbf attacker with the capability to steal the new password as well.


Riseup users see full debate with all technical details here:  https://support.riseup.net/en/ticket/9515-imap-access-log-file-availability

* * *

Further reading:  https://www.microsofttranslator.com/bv.aspx?from=de&to=en&a=https://bxl.indymedia.org/spip.php?article20641 ( https://tinyurl.com/problem-der-nachrichtendienste)

Thanks for expert advice to Chaos Computer Club [ https://www.ccc.de/en/]

See also: Riseup Translation Collective: Uncensored Version Of Latest Riseup Newsletter [ https://nyc.indymedia.org/en/2018/09/127422.html]