Update: Petya aimed at destroying data

Created on 27. June 2017, 18:15 | Category: Blog

Update: July 3, 2017, 12:45:

Leading security firms now consider that Petya (also known as “PetrWrap” and “NotPetya”) was aimed at destroying data. Petya apparently disguised itself as ransomware but its aim was not to extort money. Analyses by IT security companies Kaspersky and Comae Technologies show that the malware did not encrypt data on the affected systems but instead deleted it. It appears that Petya overwrites data irreversibly, rendering restoration impossible. For the parties concerned, paying the ransom or contacting the attackers would have been useless.

The Posteo address specified in connection with the attack was immediately blocked by Posteo on Tuesday at midday, before the attack spread. The attackers did not replace the blocked address with another one.

June 27, 2017, 18:15:

Info on the PetrWrap/Petya ransomware: Email account in question already blocked since midday

Midway through today (CEST) we became aware that ransomware blackmailers are currently using a Posteo address as a means of contact. Our anti-abuse team checked this immediately – and blocked the account straight away. There was no press coverage at that time. We do not tolerate the misuse of our platform: The immediate blocking of misused email accounts is the necessary approach by providers in such cases.

During the afternoon it emerged that the “PetrWrap/Petya” malware is currently spreading quickly in many places, including Ukraine.

Here are the facts that we can contribute to “PetrWrap/Petya”:
– Since midday it is no longer possible for the blackmailers to access the email account or send emails.
– Sending emails to the account is no longer possible either.

We are in contact with the Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik).

What is ransomware?
“Ransomware” denotes malicious software, which becomes installed on a device, for example, by clicking a bad link or attachment. This primarily occurs when the device is poorly protected – when software installed there has not been updated for an extended time, for example. The malicious software prevents access to data and systems – and the user affected is requested to pay a ransom for the release of their data. Payment often does not lead to the data being released, however.

Best regards,

The Posteo team

New: Posteo migration service now for calendars too

Created on 12. June 2017, 18:00 | Category: Info

Dear Posteo users,

We have extended the Posteo migration service. From now on, you can transfer not only your existing email accounts and address books to Posteo, but also your calendars.

The extended migration service allows calendar transfer from providers such as gmx, web.de, Gmail, Aol or iCloud.

Here’s how it works: You can find the new, extended migration service in the settings of your Posteo account under “My account”. When you undertake a new migration service there, not only the email folders and address book will now be shown to you, but also the calendars from your previous account. With a click of the mouse you can conveniently select which items you wish to transfer to Posteo. You can decide yourself whether to delete the data from your previous provider after the transfer.

Special characteristics of the Posteo migration service:
It is free of charge, you do not require any special technical knowledge for the transfer – and you retain control of your data. We do not use transfer service providers. For this reason, your sensitive emails, address book and calendar data are never transferred over a third-party service at any point. We developed our migration service ourselves, so that it conforms to our high requirements in terms of security and data economy: Your data is collected by us directly from your previous provider and transferred to your Posteo account over encrypted connections.

For reasons of data economy, we also do not save the email addresses from which you have transferred data to your Posteo account, for example.

If you have any questions on transferring your calendar data or the Posteo migration service in general, please feel free to contact Posteo support.

Best regards,

The Posteo team

Security warning for users of Mailvelope in Firefox

Created on 04. May 2017, 12:00 | Category: Blog

Dear Mailvelope users,

We have a security notice for anyone who uses the encryption add-on Mailvelope with Firefox.

We have had a current security audit of Mailvelope undertaken, in which a critical vulnerability was found in the interaction between Mailvelope and Firefox. Under certain circumstances, Firefox’s security architecture allows attackers to access users’ private keys via compromised add-ons. We therefore ask all users of Mailvelope in Firefox to carefully read our security recommendations found in this article, below.

This also affects Mailvelope users with all other providers such as Gmail, Outlook.com, Yahoo!Mail, etc.

Firefox’s architecture does not sufficiently compartmentalise add-ons from each other – this has been known for years. The fact that a Mailvelope user’s private keys could be compromised via targeted attacks in Firefox was not proven until now, however. The security engineers that we engaged from Cure53 have now proved this. In the past, Cure53 had already audited Mailvelope for Chrome – on our assignment the engineers have now also investigated the plug-in’s interaction with Firefox. In their investigative report, they conclude that Firefox does not currently constitute a suitable environment for Mailvelope. They write,

“At the end of the day, the Cure53 testing team cannot in good conscience recommend the use of Mailvelope on Firefox.”

Weakness expected to last until November 2017

We informed Thomas Oberndörfer, the developer of Mailvelope, after the security audit. He is unable to fix the weakness, however, as it has to do with Firefox’s architecture. New architecture is already being developed at Firefox. Mozilla is planning to conclude this work with the release of Firefox 57 in November 2017. Oberndörfer is also working on a version of Mailvelope for the new and improved Firefox architecture. We would like to thank him for his development work.

Until Mozilla has updated the architecture, the following security recommendations apply:

Option 1.) In the interim, switch to different software. Either use Mailvelope in a different browser, or use PGP with a local email program. You can find various instructions for these options in the Posteo help section.

Option 2.) Alternatively, using an independent Firefox profile for Mailvelope minimises the risk in the interim. In the Posteo help section, we have published step-by-step instructions for the creation of Firefox profiles on Mac and on Windows. Mailvelope users with other providers can also follow these instructions. Please be sure to note the following security recommendations in order to effectively minimise the risk of a fruitful attack:

Do not install any further add-ons in the newly-created browser profile
Use the Firefox profile exclusively for your encrypted Mailvelope communication. Only access your provider’s webmail interface and never visit other websites using this profile.
In addition, use a password for your PGP key that is as secure as possible
Be careful not to accidentally install any add-ons via phishing, through which you could be attacked

Due to the problems with the Firefox architecture, we additionally recommend:

Restrict the use of add-ons in the Firefox browser to a minimum, until Mozilla has updated the architecture
You can further protect yourself from potential attackers by setting up an additional user on your operating system for end-to-end encrypted communication

Here are the recommendations from the Cure53 report once again, for transparency reasons:

“Two paths can be recommended for the users who rely on Mailvelope for encryption and decryption of highly sensitive data. First, they could use Mailvelope on a browser profile that hosts only and exclusively Mailvelope with no other extensions. Secondly, they would need to rely on a different software solution, for instance Thunderbird with Enigmail.”

“At present, any users working with Mailvelope on Firefox are encouraged to export their settings, delete the extension and migrate their setup to a Mailvelope installation running on Google Chrome. Alternatively, a separate browser profile running Mailvelope only could be used, with the caveat that one must not have any other extensions installed in order to minimize the risk of key material leakage.”

Security engineers engaged by Posteo found the weakness

In their daily activities, our customers use various devices, browsers and add-ons in their local environments. Our users’ communication security is very important to us – we therefore also continually have external standard components checked for weaknesses. Among others, we work together to this end with independent IT security experts at Cure53. They have now made a find with Mailvelope in Firefox.

Dr Mario Heiderich from Cure53 explains,

“the problem is currently located in the architecture. There is therefore no easy fix. Mozilla knows this, but also has to keep a difficult balance between radical changes and ones that are prudent but are often decisions that are slow to take effect. Things are going in the right direction, however, which is definitely something positive for more complex software.”

Thomas Oberndörfer of Mailvelope states,

“Mailvelope is naturally dependent on the security of the underlying browser. Weaknesses in Firefox’s add-on system have been known of for some time, so Mozilla’s improvement should be welcomed. Security audits such as the one undertaken by Posteo are important indicators for us to see how we can further improve Mailvelope.”

Report to be published after weakness is overcome

The weakness outlined above is expected to be overcome by Mozilla in November 2017. Out of consideration for security, we will therefore first publish the report at a later point. In it, the method of attack will be described in detail. The report is already available to Mailvelope and the BSI (German Federal Office for Information Security).

The security audit has also yielded some positive results for Mailvelope, which we would like to outline here: There was a check made as to whether email providers for which Mailvelope is used could access a Mailvelope user’s private keys saved in the browser – this was not possible. All other attempts made by the security engineers to access private keys saved in Mailvelope, such as operating third party websites or man-in-the-middle attacks, were also unsuccessful.

Weakness shows that open source increases security

For security reasons, we exclusively support open source components with transparent code – such as the encryption plug-in Mailvelope. In our view, transparent code is essential for the security and democratic control of the internet: Independent experts can at any time identify weaknesses or backdoors via code analysis, as happened here. A provider or developer’s security claims do not need to be trusted. With the security audits that we commission, we want to contribute to further increasing the security of established open source components and genuine end-to-end encryption.

Best regards,

The Posteo team

Transparency report: Requests from authorities to Posteo have markedly decreased

Created on 03. February 2017, 16:30 | Category: Info

Dear Posteo users,

We would like you to know how often authorities request user information from us. We have therefore released our transparency report for the year 2016. In the report, we detail how often investigative authorities reached out to us in the year 2016 – and how often we actually had to release data. The report contains all requests from authorities that we received in the year 2016. In addition, we also list the number of illegal requests in our statistics, because in practice, grievances exist, which we have for a while now been documenting with blacked-out examples.

Number of requests from authorities to Posteo markedly decreased

The number of email accounts operated by Posteo increased during 2016 by about 40%, while the number of requests from authorities markedly decreased. Altogether we received 35 requests from authorities in 2016 – in 2015 there were 48.

For content data, the number of requests decreased by 50%. In 2015, authorities requested content data from us on eight occasions, while in 2016 only four requests reached us. The number of accounts affected by releases also decreased from five to three.

For traffic data, the number of requests decreased even more. There were six such requests in 2015 and two in 2016.

Only the number of requests for user information increased slightly, from 27 in 2015 to 28 in 2016. As we do not collect any user or traffic information for email accounts for reasons of data economy, this data does not exist at Posteo – and therefore can not be released. We always quickly inform the authorities making these requests of this fact. All requests that arrived came from German authorities. Among them – as was the case last year – there was one request from an intelligence service.

Number of illegal requests unchanged

Unfortunately, numerous requests continue to arrive with us that are not formally correct. In 2016, this was the case for half of all requests for user information. The proportion of illegal requests for user information has therefore remained practically the same in comparison to last year. In all these cases we made complaints to the respective privacy offers responsible.

A new format for our transparency report in 2017

Until now, we always published our transparency reports in the summer. The reason that the publication date occurred later in the year was that we added emphases to the content of the reports, which often involved intensive research. Many of you desired publication of the numbers at the beginning of the year. For this reason, our transparency report for 2017 takes a different form. We now want to always publish numbers on the requests from authorities at the beginning of the year.

A second change is that we will in future publish thematic emphases spread between our transparency report site and this blog, during the year. These could, for example, be legal opinions that we have obtained, grievances that we identify in practice, or successes that we would like to report.

We have decided on this new, more flexible format for transparency because it fits better with our practical work. In addition, we are more often experiencing that the particularly privacy-oriented nature of our service is new to some authorities and leads to discussion about content or decisions that set a precedent. We would like to inform you about this outside of pre-specified times.

Transparency reports should become more comparable

Posteo was in 2014 the first German telecommunications provider to publish a transparency report. In the meantime, numerous other providers also publish similar reports.

We believe that transparency reports strengthen the informational self-determination of users. We are therefore pleased about this development. We would like to note that for users, these reports only have real value if they take a form that is as comparable as possible – and when the numbers provided are complete.

We therefore insist that two pieces of information are provided in reports on all requests from authorities for different types of data. First, how many requests there were for specific data, e.g. user information or traffic data. And second, how often the data was released in response to the request. In our view, transparency will only be obtained by providing both of these.

You can find our transparency report here.

Best regards,

The Posteo team

New security certificates

Created on 17. January 2017, 10:00 | Category: Info

Dear Posteo users,

In the coming days we will be updating our security certificates. Security certificates are only valid for a specified time period and need to be renewed from time to time. We will therefore be changing them by 22.01.2017. We continue to use certificates from Geotrust and the Bundesdruckerei (D-Trust).

In most cases you will not notice anything when the certificates are changed over. All programs such as Thunderbird or Outlook will find the new certificate automatically. You do not need to do anything. If your program displays a certificate error during the changeover process, please simply restart the program, which should overcome the error.

If you check the trustworthiness of certificates manually, you can find the fingerprints for the new certificates that we will shortly begin using, below. You can also find the fingerprints in our legal notice.

New fingerprints for TLS security certificates

Geotrust:
SHA256: 30:2A:06:B8:CF:A8:5B:93:66:5A:44:66:E2:BB:84:05:FE:80:95:3F:5A:FE:D1:08:DB:3B:B0:0D:7C:42:B4:39
SHA1: BD:16:71:84:B0:B1:40:D9:0A:65:99:8C:E6:7B:01:D6:AA:5B:8B:67
MD5: 55:F5:81:51:91:CD:88:64:14:D5:AA:E2:D5:2E:2C:AB

D-Trust:
SHA256: 06:48:D6:E4:D3:79:42:79:81:77:0F:49:88:43:D7:65:EE:A8:6F:1F:12:6F:72:11:8F:A9:4C:A9:66:34:FE:B5
SHA1: 79:DB:A0:A9:57:D9:30:FA:EF:5F:72:69:FB:1B:EA:06:90:27:9F:4D
MD5: DA:59:74:62:7C:D1:12:4E:15:41:25:37:9B:56:D0:58

Best regards,

The Posteo team