Stories
Slash Boxes
Comments

SoylentNews is people

Nomx: The World's Most Secure Communications Protocol

posted by on Sunday April 30 2017, @04:18AM   Printer-friendly
from the or-not dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

With slick marketing, catchy taglines and some pretty bold claims about their security, nomx claim to have cracked email security.

This thorough article tells all about the device, and it doesn't measure up at all to its marketing.

It would be very easy to conclude that this is a scam. The device is running standard mail server software running on a Raspberry Pi, most of which is outdated. They have presented at countless tech shows and can be constantly found making bold statements of 'absolute security' yet didn't pick up a CSRF vulnerability in their web interface.

Source: https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/

Fnord666 [soylentnews.org] adds:

Nomx has issued a reply on their main page in a post titled 'nomx Passes Security Tests After Blogger Claims to Have Penetrated nomx'. In that reply nomx states the following results:

No nomx user was affected by this threat. No nomx user could be affected by this threat in the future. No nomx data was compromised, and the blogger has (finally) reluctantly verified this. He still has not publicly shared these statements, except via an email response to the BBC when directly asked on April 25 the response was:

From the BBC to nomx: "I understand from your replies that you state categorically that no nomx accounts have been affected by this hack. I have put your questions to [blogger] who has confirmed to me that he cannot say that any have."

While nomx is no longer based on Raspberry devices, we still maintain that the users' data is secured as we've demonstrated to the blogger, the media and our customers.

Also at Ars Technica

Original Submission #1  Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Nomx: The World's Most Secure Communications Protocol | Log In/Create an Account | Top | 17 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Sunday April 30 2017, @08:21AM (3 children)

    by Anonymous Coward on Sunday April 30 2017, @08:21AM (#501807)

    Here I came to think it would be about some new secure open source protocol... yet, it is a about an obscured hardware/software solution. That's at least 2 things to not trust their security for: 1) outdated software (even if there are no security issues there yet, how is their update policy?) and 2) Raspberries use closed blobs and even the hardware could contain unknown backdoors in various chips inside the device.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1  

  • (Score: 2) by The Mighty Buzzard on Sunday April 30 2017, @10:29AM

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Sunday April 30 2017, @10:29AM (#501816) Homepage Journal

    Yeah, me and everyone else who can sudo -i on production systems had a huge laugh reading it so it had to go in the sub queue.

    --
    My rights don't end where your fear begins.

  • (Score: 1, Offtopic) by TheB on Sunday April 30 2017, @11:55AM (1 child)

    by TheB (1538) on Sunday April 30 2017, @11:55AM (#501829)

    https://github.com/raspberrypi/firmware/issues/791 [github.com]

    When they take a month and still have no answer to a serious question like this, I loose faith in raspberry pi developers.