The RIDL and Fallout speculative execution attacks allow attackers to leak private data across arbitrary security boundaries on a victim system, for instance compromising data held in the cloud or leaking your data to malicious websites. Our attacks leak data by exploiting the 4 newly disclosed Microarchitectural Data Sampling (or MDS) side-channel vulnerabilities in Intel CPUs. Unlike existing attacks, our attacks can leak arbitrary in-flight data from CPU-internal buffers (Line Fill Buffers, Load Ports, Store Buffers), including data never stored in CPU caches. We show that existing defenses against speculative execution attacks are inadequate, and in some cases actually make things worse. Attackers can use our attacks to leak sensitive data despite mitigations, due to vulnerabilities deep inside Intel CPUs.
You can read more and check if your system is vulnerable by using the toolklit available at https://mdsattacks.com/
These days, free mail services are plenty: Google Mail, Hotmail/Microsoft, Yandex, … But how is it possible that these services are free? In the case of major players such as Google or Microsoft, these companies scan your email for its contents. This metadata is then used to deliver you personalized advertisements, or sell your profile to possible advertisers. Notwithstanding that there already serious privacy issues with these kind of practices, if the mail service is located in countries with weak privacy laws or jurisdiction, intelligence services can acquire access to your emails.
There are great alternatives available though such as ProtonMail, but these offer limited packages for free (right now, 500Mb storage and 250 messages a day). To get the most functionality, you would have to pay around 4 euro a month.
Restore Privacy promotion banner. This organisation informs internet users about the threats to their privacy when using free email providers. See https://restoreprivacy.com/secure-email/
Self-hosted email server
Hosting your own email server these days is tricky. You need to have the hardware and knowledge to have a server and set it up, install the required software such as mail transfer agents and mail delivery agents to route the email. Even though you could technically send emails with this setup, pretty much the first email you will send will end up in the spam inbox. Why? Because today there are a lot of technologies and techniques to verify where emails come from, if the source is legit, if the sender is registered and so on. It is quite a hassle to get the DNS records right, set up DKIM and more.
Hello, Mail-In-A-Box!
Now with Mail-In-A-Box these things can pretty much be done automatically. The package will install all the required software and set up all the required services and configuration on its own (except DNS which has to be done manually)
