Recent content by milex

Are you sure? Blood testing will obviously show positive, but using a gel capsule avoids any contact with saliva. The meds are metabolised in the stomache and liver, but do the saliva glands produce traces of the metabolised meds, or does the test simply check for traces of medication that have...

Will putting benzo pills in gel capsules give negative results for saliva swab drug testing?

There's no legal requirement for companies operating under a MLAT to comply with a government agency to create a backdoor in an end-to-end encrypted service. Rumours of open source platforms (which both ProtonMail and Tutanota are) installing secret backdoor's are just that, rumours.

With any end-to-end encrypted email service you have to accept that security can't be as robust as commercial email services. For example, Gmail logs the shit out of everything you do, including every IP address you use plus every device and browser. This way they can warn you if your account is...

So just to summaries (and I hope we all agree); ProtonMail is safe and secure and absolutely fine to use. The issue was with a small number of vendors having their ProtonMail accounts compromised by falling victim to a phishing scam. The logistics of how the scammer was able to interject an...

Here’s my theory as to what may have been happening: A hacker most probably phished a DBG vendor. Once they had the vendors ProtonMail password they used an API to access their account, extract their contact list and send out phishing emails to everyone in it. The hope being that a DBG customer...

That is completely bizarre. iPhones can’t be infected with malware. The vendors account must have been compromised, but assuming the scammer had control of the vendors account, why send the false btc address from a different email? And how? I can’t wrap my head around it, but it seems like...

@Ruger2506 were you using the mobile app to contact the vendor?

@2earls if someone created a new account on a different computer and still had the same issues then it must be the vendors protonmail account that is compromised. Do you have a count on how many vendors this is happening with?

With a man-in-the-browser exploit it would be the customer who is compromised. The MITB exploit is basically the same as an XSS exploit but executed via malware on the customer computer rather than a security flaw in the protonmail platform. It could allow the scammer to change the dashboard...

I could well be an elaborate Man-in-the-browser attack (MITB) setup by someone in the DBG community. First phishing a vendor account to obtain a contact list of DBG users, then sending out phishing emails which install the MITB malware. I don't understand exactly how it would work, but MITB...

@GungHo That seems pretty conclusive. It might be best to PM an admin to let them know which vendor it was. If this leak of DBG users is down to one vendor it could save a lot of time and hassle.

I think it's best to wait for the admins to contact all vendors with protonmail accounts to confirm which vendor(s) have had their accounts compromised. But instructing all vendors with protonmail accounts to change their email seems unnecessary in my opinion though. Protonmail is still a very...

If the scammer is using protonmail contact lists to try and phish customers, I've emailed several high profile vendors using their protonmail accounts in the past (most vendors from the email sources thread) and I haven't received any phishing emails to my protonmail account. So I think it's...

Hi, I'm just wondering if the admin who posted the warning message about protonmail being unsafe to use could elaborate more please? As a web developer, the issue outlined in the warning makes very little sense. I have a feeling that the admin who issued the message may be the victim of a...