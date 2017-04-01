Stories
MrPlow writes:

Submitted via IRC for TheMightyBuzzard

With slick marketing, catchy taglines and some pretty bold claims about their security, nomx claim to have cracked email security.

This thorough article tells all about the device, and it doesn't measure up at all to its marketing.

It would be very easy to conclude that this is a scam. The device is running standard mail server software running on a Raspberry Pi, most of which is outdated. They have presented at countless tech shows and can be constantly found making bold statements of 'absolute security' yet didn't pick up a CSRF vulnerability in their web interface.

Source: https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

Fnord666 [soylentnews.org] adds:

Nomx has issued a reply on their main page in a post titled 'nomx Passes Security Tests After Blogger Claims to Have Penetrated nomx'. In that reply nomx states the following results:

No nomx user was affected by this threat. No nomx user could be affected by this threat in the future. No nomx data was compromised, and the blogger has (finally) reluctantly verified this. He still has not publicly shared these statements, except via an email response to the BBC when directly asked on April 25 the response was:

From the BBC to nomx: "I understand from your replies that you state categorically that no nomx accounts have been affected by this hack. I have put your questions to [blogger] who has confirmed to me that he cannot say that any have."

While nomx is no longer based on Raspberry devices, we still maintain that the users' data is secured as we've demonstrated to the blogger, the media and our customers.

Also at Ars Technica

Also at Ars Technica


    I never talk to anyone anymore. It's ironic that my entire career has been concerned with communication in general and computer networks specifically. I built a makeshift email server in grammar school before I even knew what email was. All of my authored software is socket code of some form or other. I've written and debugged kernel level network drivers. My wires are constantly swimming with sharks. I implement protocols for fun. Hardware that can't be networked is worth less to me than a brick. And yet I never use email and I don't blog and I avoid social media like a plague. My life's work has been to facilitate communication between people who aren't me. Nobody ever communicates with me. I am a loser nerd and I live for binary code. I have the world's most secure communication protocol inside my head and it's called thinking to myself.

