Dear Paul,My recommendation generally is to fetch it at least via tor/tails and another network and compare both .pukey files as described under
http://www.elstel.org/software/GnuPG-usage.html.en. That should be ok.Concerning the strange https configuration it is just about me not having been willing to pay for a correct configuration (so the certificate issued for alfahosting-server.de should be the right one.). Well, I must confess it is an issue of time too as I have already considered moving to dotplex ... Likely however this mailing list is hosted more correctly so that you may like to compare against the key from this list that follows here (keyservers should also host that key by its fingerprint: 4D9849BF06D85D11CF34 6A90E4B931909981E39D).
Cheers, Elmar estellnb.pubkey.asc: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1 mQINBFSxg6cBEADRMOBDzF2u0MDV1QeHzFy3DU21/xX8F0mWFDLwZ16ZV0+oFJZW N2TQD5ED0yJZ0A4uWwDKli64vgMFHMSvU1evBedeQj4WhKHD6zNjA2/BVKJPPr6C m7Vbo0Vp/DqoLVvZKIs7FwCiWbd1Psejb/h5HbOI8s3rUBNS5lzdBfhZAOQgjItE O2l+SfI1xG2foi8q8bRnWbLx+Qa9w8blyMqRFzpwtIqQak0ehNiQeSDvWCVAZ6DT YpnzR0RY92uOesAI1bappfNqf0Hi28FsCQ6ujl1yK7WwaPDV8Q4Oj8S4d9eyFttQ 0K3SyIQ3o9YfIS6CJ0VXuy7S45ENZLGcwi9P9SkeACYA5ZUNFUS0juT44otHTid3 saN8LDZ0bqOAU8sjwHVh2GoTZ6eydMBp2oxinJFhdvUzBcPtNz4jHnqTh2f2NEBl dh53BuVkhPha8SflAjAPxQnN2p/6mlQKWaBe8W4HJ8A2bX41pIZQDlxqKUTov1kr haQXaA+6m0SK4AaotnGtZzQfQBL+ed4X2itKbMalCwpSdpiuAAsyXxA17Qf+7U02 ZR/5fVXx4OuESOeSLIKBmzEMLxnakE69lYPX37l5RwqU5w/rm8OfPERo56V/raId atjrKpjA1eKFUDdDpZ3qZpVtU0HGWTTYu8FbP/vtzZE7Y9yBJCO3wKc2aQARAQAB tJ9FbG1hciBTdGVsbG5iZXJnZXIgKHVzZSB0aGlzIGtleSB0byBjcmVhdGUgYW5k IGVuY3J5cHQgbWVzc2FnZXMgb2ZmbGluZSBvbiBhIGNvbXB1dGVyIHdoaWNoIGlz IGtub3duIHRvIGJlIGNsZWFuOyBhdCBiZXN0IGluIHBsYWluIHRleHQuKSA8ZXN0 ZWxsbmJAZWxzdGVsLm9yZz6JAjgEEwECACIFAlSxg6cCGwMGCwkIBwMCBhUIAgkK CwQWAgMBAh4BAheAAAoJEOS5MZCZgeOdxmcQALrI6ghXuyzMv584EJ/uv9/iFl5K GqljSL26TjchanRXZA7jVKmxpQ1YL4RjJYdP/gtU0SELi+5noy5glQbpi3sgkth1 D1/fqhnkY5xd2pvxowX7IPxAh5NxBoxe+rMizQifCM4XmxY947WPuCUAtDLJLk1h pYgmume/SWRpraZzANZnxbQ+Gyl638gWE70LvWB4nLpaNKkNm/C3g6Kug41VPVTb oKikaInib7yMLTUr52oK38Mr1uanErNmFIZmUtqdItIiAalKTG1aVNHMViQnnAwh a4KGSLDjJgWgyrZS87BNcTm8YHYeEePdRVu8tpwq3oGLImsQAdSZOz9XnrdUHhML RaZJJG5bVsHWxc04i3rH+YQnvqYZJPUFOf2sYvwa2PpSzsENiE7AJn27YltYKC43 uORQINJYMuCBLsg4iishG7RT/Kq6IXuXPyuH0SeoXSWaRXTWa9mqC1YmKyb1dt/O c5joFhVfBfjhyO/f0BV46to/s37PPI6BEz6nneDceXTE3NBaSKcZXrEsroTRiSTS vAhvOhvkysJKHpFUzbY7dZNhlYh1w6Cu+tRydGA/rvGLPO7lBZRpcFgG02C5grId CBXNFqTzM75eQkuW9ZaxljVBELD2G4FKstkGnGhb1H4WG+IS5ArHAMUg9NEJ4aTW hAi2DB9KX01leC0IuQINBFSxg6cBEAC0zARZPKBXF+BTwwkijA0+TF7NVE5LUJyn Ss9OPHGLkf/CecmM9+tiGytkbEpMUhG3JmzcSkSjKcRaxFCLp0J80ZLdJ4U+TviQ ixARs8fKGRphpvOmTH5EWWlrqiZHW/2vXCMsIS8CF8pUc8YCfqrOoyQiCBXfY7RP VTIinItnlzwqHIcbDymEWOYiCwE4fIf/uxPrCo85yNpmsoOVgQyG/PmfRa2OCbXi Mn7FjbJQg1gIepcapElIzh3DKy3N6HRc4hLPx9deVN5N8XWZ0uISNHMLd4ehIgEL qK8S2sVxPkpHYGl192JGzDXR1V56gYR4dxl3yQzZgsbsfRlz3JZGmM/4bgcQDuMY PjPaRPLwEw/HFUK1PaRL2/pTQYw8u0XWVd4pOhLHRWL5Tut5qC+WB5SaIOGk9L60 Jm0RwVL0c6mIPh1viVlirQfx/znq9xZBIQu3d8kLHcWuP/hygdaWZnxqOEuk437F mkXyczVOKHAOn2qL7YVgF+9/gXaOGDPs+l0SpS/xpCyy2tPg2qcuvRHfwAGuR9nW nzJhQNUbQh/kRiDhI2niC9T8CIVXgK+v+RMPe8nx/GiZrrchlQ1b3Rirdriwegg9 IpHdbTrUxtW0osb9AG9CZDxCjf9ZmbKlj71PtmG4Mh4fmf718ego99UMVBj2Kp5t FjtlL4A8uQARAQABiQIfBBgBAgAJBQJUsYOnAhsMAAoJEOS5MZCZgeOd2eoP/1f5 NaHPbO7rTyAfE2t97tdUAM1i47sDVEjb1cAlnvxMzAPRo2sLKNMi8InRlfuA6+c+ moJPi9szeOf8GAqXgAZy5WYXADrv4ci5lCzGeNigggGSgrCkvyr03GHgmqyX4MKE 4Eda04UUp529hY729l3+MXjuomIgU6fyjmcU+B/+oR4kSAy6aRN/UM44J4Uu3QNt ZGgvvR2p+/6tjlQk+4ulMOD9l/SI5D4euX3dcySNFaMIprTIdmKz8SF3CnmFKotM hWjXsLiIT66FbFbbUzRPJ/cIQSbn1SLfxef1wOcHe2i6dbCAhtSi7tlOZSvPfE/H HWlO01C793RDvRyakLymnQkN7buyrOdOwxmjtdrKZgzMF/LiV1z3hI909JVjbsc5 JL6FuW1yVOaWWWn/532SeWbUhbnDF6gCihDbpZAcjmaLGIyypeFV4b/OL59/a8KR +8Xh4eNU7b7vAOJzpinVO1WOsCyMfajd5DAjZeViKJpyWvOsn6B6uYfbmBkqBaaM aOKu70UkbwNGVxDAScI6EVVnj/hDlhrlwukJ+p2xiLMgo5yxn6WfOH3Q4W3NTAIi MfgUprZZeFV1phtUz8szJV8UW/oO3V76LS3rqxKpgm7xLwRd0uib7Ua6tWJjLe68 ZQLowWS8lmS2vBqgaL+sXRcsrRzfcB7gjfmkFMQm =C7Up -----END PGP PUBLIC KEY BLOCK----- On 27.10.2015 18:11, Paul Tagliamonte wrote:
Hey there, Your HTTPS is configured funny - it's issued for *.alfahosting-server.de <http://alfahosting-server.de>, not elstel.org <http://elstel.org>. You might consider fixing that -- after all, OpenPGP won't help secure communications if you don't have a secure way of ensuring the right key is distributed to users. Cheers, Paul On Tue, Oct 27, 2015 at 1:02 PM, Elmar Stellnberger <estellnb@gmail.com <mailto:estellnb@gmail.com>> wrote: Dear Jason Fergus, Dear Subscribers of the Debian Security List, I am ready to share some more data about the incident and its circumstances as soon as you would contact me via gpg-mail as described under https://www.elstel.org/Contact.html. Anyone who is interested and reading this mail is welcome! Just email-me gpg-ed including your public key for response describing or giving me reference to who your are / what you are doing in the community (if not exuberantly returned by Google). As any gpg-key may either be lost or get in touch with an infected computer any time I would highly prefer if you were ready to incur the work of generating an own throw-away key for the communication. Best Regards, Elmar Stellnberger On 27.10.2015 17:36, Jason Fergus wrote: I'm curious about how you were infected by a rootkit, which one it was, and what you did to discover it? Using a Sandbox is a great idea for those two, except of course those are generally the applications with the most sensitive data as well. I always try to disable html email, but people insist on using it... On Tue, 2015-10-27 at 16:25 +0100, Elmar Stellnberger wrote: I would believe that it will heavily depend on how you configure your desktop environment: * One feature I do always turn off is desktop auto indexing because otherwise even storing an email attachement just for invoking it with an online view-as-jpeg service could cause an infection. Note that you may have to do this twice (once for Gnome and once for KDE) if you have installed according programs of both environments. * select starting a new session on every bootup (the session restoration can be used as a hook for ephemeral and home directory rootkits) * under KDE there is a list of background services that always run; you may reduce it to what you really need (invokable via systemsettings) * likely there are other important configuration options (ask for your env.) * get some understanding of what your X-server does (f.i. http://www.elstel.org/xchroot : problems with a pure chroot, trying to resolve these problems by hand) * double check the security of the underlying system (netstat -atupn) * note that your email program and your browser are the two most vulnerable parts of your desktop environment; consider running them under qemu in a virtual machine Once you would comply with all these hints you may likely discover a rootkit inside the virtual machine for emailing or browsing as I did lately. The KDE environment of the host system did not appear to have compromised the security of the whole system so far at me. Elmar On 27.10.2015 12:29, Mateusz Kozłowski wrote: Hi, Could You tell me which debian desktop environment is the most security and the best privacy and which You recommned for debian users? (KDE, XFCE, GNOME etc.)? -- :wq