ProtonMail BTFO

>Then they synchronised those fake login portals with real ProtonMail login process for simultaneous login and tricked the users.
Wouldn't enabling 2FA via Yubikey or TOTP fuck up that operation?

Attached: serveimage (2).png (1449x905, 34K)

What proxy do you use? I tried HAProxy but I'm too dumb to get that working

Good luck spoofing SPF and DKIM, tard

2FA doesn't really protect from MitM attacks since you enter the additional information into the same portal. it only projects against password being compromised.

nobody uses them in real world

Imagine using email instead of an encrypted messenger for correspondence amongst colleagues.

Email is for correspondence between strangers and automated messages. Wire is good for correspondence between teams, and Signal is good for correspondence between known individuals.

If you absolutely MUST use something like Protonmail for overly sensitive subjects, then you should NEVER use a browser-based program to log in, and stick to something like the Android/iOS app, which should mitigate the vulnerabilities described here.

No, but FIDO2 U2F is still something everyone should implement.

My headers disagree with you. EG: Digital ocean:

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandrillapp.com;
[email protected]; q=dns/txt; s=mandrill; t=1564111182; h=From :
Subject : Reply-To : To : Message-Id : Date : MIME-Version :
Content-Type : Content-Transfer-Encoding : From : Subject : Date :
X-Mandrill-User : List-Unsubscribe;
bh=TAIB3GBjwiP3Fi4vLZC0NQP4FXNlo/cTF9u6U3dE2ik=;
b=XIQjlEryfm1sqdf5d7jaF1eFJT4zq1SK7OXprRGgGFVaIugtTW4LP8KC7oZ5izba8AglKP
+hiwGjtL5ew6EAh7k52dYwv3tJims/nXOq3lpT7ELih9IRDnx5hS+I9x2y4keTX0ZtY6gWAL
B2UGnMCKNfwzYkms/JH2Ktr9Dxris=
From: DigitalOcean

>android/ios apps are safe
Riseup + Thunderbird

>Signal
>(((moxie marlinkike)))

>cherry-picking, the argument

companies do use them, sometimes ineffectively but to claim /NOBODY/ uses them is retarded
do some dns lookups, you giant imbecile.

kek

Where is the BTFO? there was no damage and no data stolen. They attackers failed. Isn't this when you say "wtf i love protonmail now"?

>BTFO
>"This was not a hack of ProtonMail itself but a targeted phishing attack against specific users. The attack failed. No data was breached, no accounts were compromised, and ProtonMail's systems remain secure," it said in an email.

Attached: 1554367942256.jpg (600x673, 51K)

not if you're a shill no

>world's most secure
nope, my email server is more secure. It's receive only, fuck you

/thread

And that's why you use PGP+Enigmail+Armored text + encryption + signatures + local storage of private keys on any sane email system.

I'm glad I have my Russian tracker accounts tied to ProtonMail.

>"This was not a hack of ProtonMail itself but a targeted phishing attack against specific users. The attack failed. No data was breached, no accounts were compromised, and ProtonMail's systems remain secure," it said in an email.
how will they ever recover?

Russian troll thread won't have it. They must secure their gay monkey puting images.

Been researching and trying it out. Probably the best choice, shy of setting up your own server and PGP (which is a total pain in the ass, and still doesn't mask who/from and subject line).

Thanks for the tip.

FOR THE LOVE OF GOD LET ME SAVE THE COOKIE TO AVOID LOGIN EVERY SINGLE TIME, STUPID SWISS FUCKS
INB4 UGLY SCRIPTS

U2F cannot be fooled by MitM attacks, if you're not logging yourself in the authentic site, the signatures won't match.

Uh, ProtonMail wasn't hacked. It was a lame phishing attempt at some emails. Nothing to do with lost data. Irritable Bowel Times is a waste of time.

Ya I'm just testing it as well, it looks like they will eventually have a paid structure and I'm curious how that will look before I migrate to it completely.

>the Mossad
have sex