all-in-one privacy solution":["Proton Unlimited es una solución de privacidad todo en uno"],"Black Friday":["Black Friday"],"No ads. Privacy by default.":["Sin anuncios. Privacidad por defecto."],"People before profits":["Primero las personas, luego los beneficios"],"Security through transparency":["Seguridad con transparencia"],"The best Proton Mail ${ BLACK_FRIDAY } deals":["Las mejores ofertas de Proton Mail en el ${ BLACK_FRIDAY }"],"The world’s only community- supported email service":["El único servicio de correo electrónico del mundo respaldado por la comunidad"]},"specialoffer:limited":{"${ hours } hour":["${ hours } hora","${ hours } horas"],"${ hoursLeft }, ${ minutesLeft } and ${ secondsLeft } left":["Tiempo restante: ${ hoursLeft }, ${ minutesLeft } y ${ secondsLeft }"],"${ minutes } minute":["${ minutes } minuto","${ minutes } minutos"],"${ seconds } second":["${ seconds } segundo","${ seconds } segundos"],"Limited time offer":["Oferta por tiempo limitado"]},"specialoffer:listitem":{"Create multiple addresses":["Cree múltiples direcciones"],"Hide-my-email aliases":["Seudónimos de hide-my-email"],"Quickly unsubscribe from newsletters":["Cancele suscripciones a boletines rápidamente"],"Use your own domain name":["Use su propio dominio"]},"specialoffer:logos":{"As featured in":["Tal como aparece en"]},"specialoffer:metadescription":{"Get an encrypted email that protects your privacy":["Obtenga un correo electrónico cifrado que protege su privacidad"]},"specialoffer:metatitle":{"Proton Mail Black Friday Sale - Up to 40% off":["Oferta de Black Friday de Proton Mail: hasta un 40% de descuento"]},"specialoffer:newmetadescription":{"Get up to 40% off Proton Mail subscriptions this Black Friday. Find great deals on our secure end-to-end encrypted email plans.":["Aproveche las rebajas de Black Friday y obtenga suscripciones de Proton Mail con hasta un 40 % de descuento. Encontrará las mejores ofertas en planes de correo electrónico seguro cifrado de extremo a extremo."]},"specialoffer:newmetatitle":{"Proton Mail Black Friday sale | Up to 40% off secure email":["Rebajas de Black Friday en Proton Mail | Hasta un 40 % de descuento en correo electrónico seguro"]},"specialoffer:note":{"* Billed at ${ TOTAL_SUM } for the first year":["*Con un costo de ${ TOTAL_SUM } durante el primer año"],"*Billed at ${ TOTAL_SUM } for the first 2 years":["*Con un costo de ${ TOTAL_SUM } durante los primeros 2 años"],"30-day money-back guarantee":["Garantía de devolución de dinero de 30 días"],"Billed at ${ TOTAL_SUM } for the first 2 years":["Con un costo de ${ TOTAL_SUM } durante los primeros 2 años"],"Billed at ${ TOTAL_SUM } for the first year":["Con un costo de ${ TOTAL_SUM } durante el primer año"],"You save ${ SAVE_SUM }":["Ahorre ${ SAVE_SUM }"]},"specialoffer:off":{"${ DISCOUNT } off":["-${ DISCOUNT }"],"${ PERCENT_OFF } off":["-${ PERCENT_OFF }"]},"specialoffer:testimonial":{"I love my ProtonMail":["Amo mi Proton Mail"],"My favorite email service":["Mi servicio de correo electrónico favorito"],"Thanks Proton for keeping us all safe in the complicated internet universe.":["Gracias Proton por mantenernos a salvo en el complicado universo de Internet."],"You get what you pay for. In the case of big tech, if you pay nothing, you get used. I quit using Gmail and switched to @ProtonMail":["Obtiene aquello por lo que paga. En el caso de la gran tecnología, cuando uno no paga nada, se acostumbra. Dejé de usar Gmail y cambié a @ProtonMail"]},"specialoffer:time":{"Days":["Días"],"Hours":["Horas"],"Min":["min"]},"specialoffer:title":{"And much more":["Y mucho más"],"Make your inbox yours":["Personalice su bandeja de entrada"],"Safe from trackers":["A salvo de rastreadores"],"Stay organized":["Mantenga el orden"],"Black Friday email deals":["Ofertas en correo electrónico del Black Friday"],"Don’t just take our word for it":["No confíe solo en nuestra palabra"],"Our story":["Nuestra historia"],"Transfer your data from Google in one click":["Transfiera sus datos de Google con un solo clic"]},"specialoffer:tooltip":{"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, connect up to 10 devices, access worldwide streaming services, malware and ad-blocker, and more.":["Acceda a contenido bloqueado y navegue de forma privada. Incluye ${ TOTAL_SERVERS } servidores en más de ${ TOTAL_COUNTRIES } países, conecta hasta 10 dispositivos, acceda a servicios de transmisión en todo el mundo, malware y bloqueador de anuncios, y más."],"Easily share your calendar with your family, friends or colleagues, and view external calendars.":["Comparta su calendario con familiares, amigos y compañeros fácilmente y consulte calendarios externos."],"Includes support for 1 custom email domain, 10 email addresses, 10 hide-my-email aliases, calendar sharing, and more.":["Incluye compatibilidad con 1 dominio de correo electrónico personalizado, 10 direcciones de correo electrónico, 10 seudónimos de hide-my-email, posibilidad de compartir calendario, etc."],"Includes support for 3 custom email domains, 15 email addresses, unlimited hide-my-email aliases, calendar sharing, and more.":["Incluye compatibilidad con 3 dominios de correo electrónico personalizado, 15 direcciones de correo electrónico, seudónimos ilimitados de hide-my-email, posibilidad de compartir calendario, etc."],"Manage up to 25 calendars, mobile apps, secured with end-to-end encryption, 1-click calendar import from Google, and more.":["Administre hasta 25 calendarios, apps móviles, protegido con cifrado de extremo a extremo, importación de calendario con 1 clic desde Google y más."]},"Status Banner":{"At the moment we are experiencing issues with the Proton VPN service":["En este momento, tenemos problemas con el servicio Proton VPN."],"Learn more":["Más información"]},"Status banner":{"Learn more":["Más información"],"Please note that at the moment we are experiencing issues with the ${ issues[0] } service.":["Tenga en cuenta que, en este momento, estamos experimentando problemas con el servicio ${ issues[0] }."],"We are experiencing issues with one or more services at the moment.":["En este momento, tenemos problemas con uno o más servicios."]},"suggestions":{"Suggestions":["Sugerencias"]},"Support":{"Sub category":["Subacategoria","Subcategorías"]},"Support article":{"${ readingTime } min":["${ readingTime } minuto","${ readingTime } minutos"],"Category":["Categoría","Categorías"],"Didn’t find what you were looking for?":["¿No encontró lo que buscaba?"],"General contact":["Contacto general"],"Get help":["Obtener ayuda"],"Legal contact":["Contacto legal"],"Media contact":["Contacto para medios"],"Partnerships contact":["Contacto para colaboradores"],"Reading":["Lectura"]},"Support categories":{"Browse Proton product support":["Explore el soporte de productos de Proton"]},"Support category":{"There is no article in this category yet.":["Todavía no hay ningún artículo en esta categoría."]},"Support troubleshooting":{"--- Select ---":["--- Seleccionar ---"],"App version":["Versión de la app"],"Browser":["Navegador"],"Check if this helps":["Compruebe si le sirve"],"Choose a category for your question":["Elija la categoría de su pregunta"],"Choose a product":["Elija un producto"],"Did this solve your issue ?":["¿Resolvió su problema?"],"Faster assistance is just a few clicks away — please make your selections":["Obtenga ayuda más rápidamente con tan solo unos clics. Haga su selección."],"No, contact support":["No, contactar a soporte"],"Proton account":["Cuenta de Proton"],"Proton Bridge":["Proton Bridge"],"Proton Calendar":["Calendario de Proton"],"Proton Drive":["Proton Drive"],"Proton for Business":["Proton for Business"],"Proton Mail":["Correo de Proton"],"Proton Pass":["Proton Pass"],"Proton VPN":["VPN de Proton"],"Thank you for your feedback":["Gracias por sus comentarios"],"Troubleshooting":["Solución de problemas"],"What can we help with ?":["¿En qué podemos ayudar?"],"Yes":["Sí"]},"support_modal_search_query":{"Search query":["Consulta"]},"support_search_button":{"Search":["Buscar"]},"support_search_i_am_looking_for":{"I'm looking for":["Busco"]},"SupportForm":{"For a faster resolution, please report the issue from the Bridge app: Help > Report a problem.":["Para una resolución más rápida, reporte el problema desde la app Bridge: Ayuda > Reportar un problema."],"Information":["Información"]},"SupportForm:option":{"Account Security":["Seguridad de la cuenta"],"Contacts":["Contactos"],"Custom email domain":["Dominio de correo electrónico personalizado"],"Email delivery and Spam":["Entrega de correo electrónico y spam"],"Encryption":["Cifrado"],"Login and password":["Inicio de sesión y contraseña"],"Merge aliases and accounts":["Combinar alias y cuentas"],"Migrate to Proton":["Migrar a Proton"],"Notifications":["Notificaciones"],"Other":["Otros"],"Plans and billing":["Planes y facturación"],"Proton for Business":["Proton for Business"],"Sign up":["Regístrese"],"Storage":["Almacenamiento"],"Users, addresses, and identities":["Usuarios, direcciones e identidades"]},"SupportForm:optionIntro":{"Select a topic":["Seleccione un tema"]},"swiss_baseed_feature":{"Swiss based":["Con sede en Suiza"]},"Testimonial":{"Awards":["Premios"],"Customers":["Clientes"],"Featured":["Destacados"],"Go to testimonial source":["Ir a la fuente testimonial"],"Reviews":["Reseñas"],"Videos":["Videos"]},"Text":{"Find the plan that's right for you":["Encuentre el plan adecuado para usted"],"If you need help, check out our ${ supportLink }.":["Si necesita ayuda, consulte nuestra ${ supportLink }."],"The page you’re looking for might have been removed, or it could be an\nold link.":["Es posible que la página que busca haya sido eliminada o que sea un\nenlace antiguo."]},"Title":{"On this page":["En esta página"],"Related articles":["Artículos relacionados"],"Share ${ thisPage }":["Compartir ${ thisPage }"],"Thank you!":["¡Gracias!"],"this page":["esta página"]},"Tooltip":{"More information":["Más información"]},"tooltip_calendar":{"Create up to 20 custom & shareable encrypted calendars. On top of that, add up to 5 calendars from friends, family, colleagues, and organizations.":["Cree hasta 20 calendarios personalizados, compartibles y cifrados. Agregue hasta 5 calendarios de amigos, familiares, colegas y organizaciones."]},"tooltip_vpn":{"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, highest VPN speed, ${ TOTAL_VPN_CONNECTIONS } VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Acceda a contenido bloqueado y navegue en privado. Tendrá a su disposición más de ${ TOTAL_SERVERS } servidores en más de ${ TOTAL_COUNTRIES } países, VPN de máxima velocidad, ${ TOTAL_VPN_CONNECTIONS } conexiones VPN, servicios de streaming en todo el mundo, bloqueadores de malware y de anuncios, y mucho más."],"Access blocked content and browse privately. Includes ${ TOTAL_SERVERS }+ servers in ${ TOTAL_COUNTRIES }+ countries, highest VPN speed, 10 VPN connections, worldwide streaming services, malware and ad-blocker, and more.":["Acceda a contenido bloqueado y navegue en privado. Tendrá a su disposición más de ${ TOTAL_SERVERS } servidores en más de ${ TOTAL_COUNTRIES } países, VPN de máxima velocidad, 10 conexiones VPN, servicios de streaming en todo el mundo, bloqueadores de malware y de anuncios, y mucho más."]},"version_history_label":{"Version history":["Historial de versiones"]},"version_history_tooltip":{"Store up to ${ versionHistoryNumber } versions of each file for up to ${ years } years":["Comparta hasta ${ versionHistoryNumber } versiones de cada archivo hasta durante ${ years } años"]},"vpn_features_link":{"View VPN plans":["Ver planes de VPN"]},"vpn_features_useCase":{"Access blocked content and browse privately":["Acceda a contenido bloqueado y navegue de forma privada"]}}},"unleashApi":"https://account.proton.me/api"};
// We need to import data (the framework context) from the server
// This Astro feature with define:vars works well but creates an inline script
// So we can't directly import the initFramework helper, we have to store the context
window.frameworkContext = frameworkContext;
})();
The Microsoft Exchange hack might be one of the worst breaches of all time – We need a new approach to email security | Proton
Over the past two weeks, Microsoft clients using its Exchange servers, which includes tens of thousands of government agencies and private corporations around the world, have fallen victim to a series of hacks that have compromised their data. The breach started with a group of state-sponsored hackers attributed to China known as Hafnium, but more and more actors jumped into the fray after some of the exploits became public.
This is a serious breach that has exposed private user data as well as corporate and state secrets, materially damaging many small and medium-sized businesses and undermining trust in many government agencies. It is also a prime example of how the current approach to user privacy and security is failing.
A timeline of the Microsoft Exchange Server hack
March 2: Microsoft announced that hackers, dubbed Hafnium, were using multiple 0-day exploits (i.e., previously undiscovered vulnerabilities) to remotely access its Exchange servers and steal data from its corporate and government users.
Essentially, these hackers took three steps and exploited four separate vulnerabilities:
Hafnium gained access to Microsoft Exchange servers by taking advantage of stolen passwords and a previously undiscovered server-side request vulnerability to make itself appear to the Exchange server as someone who should have access.
The attackers then created a web shell, or a backdoor that allows browser-based access to the server to anyone that knows the web shell’s URL.
Hafnium then used the web shells to execute malicious code on the server remotely. Once in, the attackers could steal data, escalate privileges, or hold data ransom.
Microsoft responded by releasing emergency security patches for the affected systems (Exchange Server 2019-2013) and sent out a free patch to cover Exchange Server 2010, suggesting these vulnerabilities may have existed for the past 10 years.
Two weeks after Microsoft’s initial announcement, experts estimated there were still tens of thousands of Microsoft Exchange Servers that needed to be patched. Furthermore, state-sponsored hackers had already begun exploiting sensitive systems well before Microsoft became aware of the problem.
March 11: Microsoft detected that some of the servers compromised by Hafnium were being infected by a new type of ransomware known as DearCry.
Multiple attackers began exploiting the same vulnerabilities as Hafnium to gain access to Microsoft Exchange Servers. They committed various attacks, including DearCry, which makes copies of target files, encrypts those copies, and then deletes the originals.
March 11 to March 15: The daily attacks attempted on Microsoft Exchange Servers increased 10 times, from roughly 700 to over 7200(new window).
Experts estimate that almost 60,000 organizations(new window) (and maybe even more) could have been affected, ranging from small and medium-sized businesses up to the European Banking Authority. The majority of the DearCry attacks have focused on government and military organizations, followed by manufacturing and financial services, while the most attacked country has been the US, followed by Germany and the UK.
Security is hard
Almost every major technology company has had significant security incidents in the past. Microsoft itself also has a long history of security vulnerabilities in its products. The lesson to take away from these attacks’ success is not that these organizations are negligent or incompetent, but that security is hard.
In this incident, Microsoft was not attacked directly, but rather, hackers went after tens of thousands of organizations that run Microsoft Exchange software for their email. Regardless of whether it is Google, Microsoft, or their customers, cybersecurity is a form of asymmetric warfare.
Defenders must protect all possible entry points, while attackers only need to find a single weakness to get in.
A successful defense therefore needs to have multiple layers of security so that if one layer is breached, successive layers can keep attackers away from sensitive business data. When it comes to email, Proton Mail achieves this by utilizing zero-access encryption(new window).
Whenever possible, Proton Mail encrypts an organization’s email on the client side. Even emails received from outside of an organization are encrypted before they are saved. The encryption is done in a way that prevents even Proton Mail itself from having the means to independently decrypt user data. This adds an extra layer of security because breaching a Proton Mail server does not necessarily expose user emails. Unlike in the case of Microsoft Exchange (or Gmail or any other regular email service that does not utilize zero-access encryption), a hacker would still need to find a way to decrypt the messages.
You can’t expose data you don’t have access to
Proton Mail’s security model has prepared for a breach by investing in a technology that applies an extra layer of encryption to all messages on our servers.
Our zero-access encryption means we cannot access or read any user’s messages. Hackers cannot steal from us what we do not have access to. So even if Proton Mail ever were to be breached, a successful data exfiltration attack would be far harder to execute.
So why don’t all companies protect their users’ data with end-to-end or zero-access encryption? For one, strong encryption is difficult to do. The technology that underpins Proton Mail required years of research and work and was developed by scientists from CERN under the scrutiny of the open source community and independent security audits.
Then, there is also the issue of the business model a company uses. Corporations like Google make money by exploiting user data to sell ads. This is incompatible with technologies that prevent them from accessing user data, even if they are more secure.
This is not the first major security breach, nor will it be the last. And there is no reason to single out Microsoft. In fact, such an incident would have been exponentially worse if it had happened to Google or Facebook due to the significantly larger amounts of sensitive personal information stored by those companies. Protecting against risks like this is one of the reasons that millions of individuals and small and medium-sized businesses have switched to Proton Mail.
Encrypt all the data you can
Proton relies on user subscriptions for revenue, not leveraging our users’ data or selling access to advertisers. This makes us relatively unique among tech companies in that we do not need to access or abuse our users’ data for our business model to work. It’s not just better for privacy, it is better for security. We believe that this approach leads to a better internet that serves the interest of all people.
Our vision is to make privacy the default on the internet and beyond Proton Mail(new window) with strong encryption. We’re also extending this approach to new services as well, applying similar protection to your schedule and files with the recently released beta versions of Proton Calendar(new window) and Proton Drive(new window).
Sign up now and take a step toward an internet that puts protecting your data first.
Secure, seamless communication is the foundation of every business. As more
organizations secure their data with Proton, we’ve dramatically expanded our
ecosystem with new products and services, from our password manager to Dark Web
Monitoring for cr
On the subject of cybersecurity, one term that often comes up is brute force
attack. A brute force attack is any attack that doesn’t rely on finesse, but
instead uses raw computing power to crack security or even the underlying
encryption.
In this a
Section 702 of the Foreign Intelligence Surveillance Act has become notorious as
the legal justification allowing federal agencies like the NSA, CIA, and FBI to
perform warrantless wiretaps, which sweep up the data of hundreds of thousands
of US citi
In response to the growing number of data breaches, Proton Mail offers a feature
to paid subscribers called Dark Web Monitoring. Our system checks if your
credentials or other data have been leaked to illegal marketplaces and alerts
you if so. Often
Your email address is your online identity, and you share it whenever you create
a new account for an online service. While this offers convenience, it also
leaves your identity exposed if hackers manage to breach the services you use.
Data breaches
Our mission at Proton is to help usher in an internet that protects your privacy
by default, secures your data, and gives you the freedom of choice.
Today we’re taking another step in this direction with the launch of our open
source password manage