Though I cannot ever condone hacking, or even journalistic release of such material unless it's literally directly damning in a criminal sense...
If the truth of what you do is politically embarrassing to you, maybe you shouldn't be doing that?
A major offshore law firm admitted it had been hacked on Tuesday, prompting fears of a Panama Papers-style exposé into the tax affairs of the super rich. Jersey-based Appleby only admitted it had suffered the breach – which actually happened last year – after a group of journos from the International Consortium of …
Pfft.
There is no transport security in SMTP whether or not you use TLS.
Internal emails, possibly, but that's about it.
The reason? Any mail server en-route can read the email and forward it on to any other mail server unencrypted without you ever becoming aware of it. The chances of a customer of this place sending potentially embarrassing email to this place without - at some point - there being a non-TLS SMTP connection involved is very high. But the fact is, you can never know because you will never find out.
That's not counting anything they email internally via their personal accounts "because the attachment is blocked" or "I have no VPN access here" or whatever.
SMTP is security-less, to all intents and purposes. Even things like SPF etc. don't work to guarantee that the mail SERVER you are sending TO is legitimate. It only ever works the other way around (i.e. that that mail from fredbloggs.com did come from a fredbloggs.com-authorised server). And even THAT is dependent on unencrypted basic DNS being authoritative.
Please stop spouting nonsense. You either encrypt the whole message with something and that lets the transport metadata completely open, or nothing. The TLS around SMTP is entirely optional, strippable, unverifiable and useless. It's to protect your SMTP password details, not your email.
There is if you use Exchange of Office365.
Same for most MTAs. However, for a long list of reasons most production mail installations are configured to accept self-signed certificates and most have no support for certificate caching. This should have gone away with DANE, but that has not quite happened.
This post has been deleted by its author
Little changed last time for the rich, but a journalist was killed recently for digging into the Panama papers, so perhaps we should hope for even less to change?
Rich folk often do things which their lawyers tell them are legal, but not to tell HMRC (for UK residents) as HMRC may take a different view.
Make no mistake this will result in a flurry of activity unless the breach is seriously limited.
Whilst I'm not sure I'd set the bar at 'politically embarrassing' as Lee D does, there is a good point that if you're not prepared to justify your behaviour to the relevant authority (which may be the court of public opinion) think hard before acting, as we now live in a world where if you're high profile it's probably going to be public knowledge eventually.
This and other leaks like it may change the 'rich and powerful' to become slightly less psychopathic, which will be no bad thing.
...with Drupal and Wordpress ? E-mazing!
Drupal is generally pretty secure, but anyone using Wordpress gets zero sympathy from me if they get hacked. It's a diabolically awful platform.
Of course in either case, as with any software you happen to be using, you've got to apply the patches.
If you fail to patch or use unsupported versions, then you are leaving yourself wide open to mischief, no matter what the software is.
Please let us poor peasants know what framework is without fault?
Would I trust one that had large exposure more than your script-kiddie one? Probably.
I started coding CGI in perl back in the 1950s (kidding, 1990s). There is nothing worse than home-grown or something that is using undocumented/unverifiable plug-ins.
Anyone know a full-on framework that accepts a ton of plug-ins, is secure, is not based on MS, is not PHP, is provably secure? Please?
...they exist to pay the gambling debts of your betters. It would defeat the purpose if the rich and powerful had to pay them.
Now, who would like to purchase some extremely high quality mortgage backed securities? Oops, they seem to have turned into dog shit. Luckily your government will be more than happy to purchase them.
Pardon me, I'm going to take my helicopter to my boat (which has a helicopter pad). Both the helicopter and the boat were purchased with your pension money. But don't worry, I'm sure the millennials will pay your pension when it's time to collect it. Surely they will be done working through their 6-figure college debt by serving coffee by the time you are due to retire.
"But don't worry, I'm sure the millennials will pay your pension when it's time to collect it. Surely they will be done working through their 6-figure college debt by serving coffee by the time you are due to retire."
Amusing Nolveys, you seem to assume the Millenials will actually work in a coffee shop. I'd doubt it, they'll probably be protesting that, because they have a media studies qualification, they're entitled to expect anyone with a pension to pay it all out in taxes and grants so they don't have to sully themselves with little issues such as 'earning a living' and 'capitalism' and instead spend their time debating the 'Sociological relevance of Hollyoaks episode 14,000'.
Appleby's leaked horrendous recipes?
Nope, different Appleby. Whew! would want that crap food getting into the mainstream.
/humour
That said - a Law Firm leaking -- notably a law firm that refers to its customers as "High net worth individuals", effectively hot on the heels of MosFon's leak, tells me that there is somewhere in this cistern of corruption we call the world some few individuals who are serious about chlorinating the cistern. Am I going to laud them for dumping this stuff in the open? Perhaps not, it may run over some folks that don't truly deserve to have their laundry waved about in the open, but I'm *fairly* sure that the intent is to get the dirty laundry of those who use their position to take advantage of the rest of the population in less than fair methods out into the open so that those methods can be removed. Will that happen? who the hell knows, I can hope the changes come, but I doubt it. I'm sure there are still quite a few large pools of financial wealth that will be stolen from the general populace by the 3 card monte global stage acts.
<sorry - my cynicism is showing in force today. Mostly due to having to do things that were outsourced to another entity ages ago myself to close projects.>