As we, the world, become monocultured thanks to this phenomenon called globalization we start noticing how the laws of many countries don't go very well together, we have jurisdiction issues and disagreements everywhere.
Thankfully, as civilized people, we stopped waging wars on each other (ok, there are some exceptions) and decided to unite and give birth to the UN, the WIPO and a tons of other international organizations.
Speaking of WIPO, they made one big document on the field of copyright, the DMCA, Digital Millennium Copyright Act. This is a very important document, still today is used in most copyright issues with hosting services and whatnot.
Let's now introduce "Stupid people", stupid people sometimes play important roles and make important decisions. Italy is the motherland of stupid people that play important roles, so of course as politicians and prosecutors get complaints from the Italian film industry they outright ignore the DMCA, the WIPO and everything that our civilization ever produced and just do the thing a retarded monkey would do (I'm sorry to all the retarded yet literate monkeys that can read and that get offended by this.)
They blocked mega.co.nz. (DNS-level for now, but it might get blocked to the ISP level, just like ThePirateBay did years ago)
If you don't know the website or never really used it, these are some of the PROs and CONs of Mega.co.nz:
I use Mega often, to host files (OpenHorus builds are an example), for mirrors and backup (the InternetAristocrat archive, which was once hosted on this very server) etc. so this could become a problem for me if it ever really gets blocked at ISP level (I use Google DNS, so DNS blocks don't affect me).
For everyone else, if you can (Vodafone doesn't allow DNS change and Fastweb ADSL is just horrible for tunnels and stuff) you probably already changed your DNS, but if you didn't, please do, or you won't be able to access a lot of legit content on the web.. including mine.
As stupid people here are not limited to politicians and prosecutors, I also recommend you to get a IPv6 tunnel working.. as ISP have started filtering stuff.. and we likely won't get IPv6 for another good 3/4 years anyway..
Since we're also talking about crypto, idiots and Italy, let's also talk about..
I don't usually talk about PEC.. because there's hardly anything to say about it!
Long time ago some Italians though that it'd be nice if we could stop having to send faxes and snail mail since we had computers and everything, so they decided to design a variation of emails that could be tracked and validated for legal purposes. So they made the PEC (Posta Elettronica Certificata)
While a nice idea, there are so many things wrong with that, even as I was writing the above paragraph some questions came to mind, such as: "But what if someone steals my PEC?" and "What sort of crypto do they use anyway?"... I don't have complete and certain answers, but I'll say what I think happens and how things are by reading around and stuff!
BUT FIRST: Apparently this is an RFC (RFC6109) which has this paragraph inside it:
IETF review did not result in community consensus. Since this specification describes existing deployment and implementation, the issues identified by the IETF community have not been addressed in this document.
So it's an RFC which wasn't really approved yet exists and is valid (even though it has issues that are not addressed)..
..IETF, what the hell?
If someone gets access to your PEC s/he can send messages pretending to be you and delete all the received messages. This is of course a really big design flaw (the possibility of deleting mail being the most stupid since every email has to be stored forever on the provider's servers anyway.). So of course they make up excuses to justify all these flaws.. by doing analogies with the real world! (I can't find the link anymore but it was genuinely funny and depressing at the same time, so really, hear this)
So, if someone deletes all your documents.. well that's like someone sneaking in your company and burning all the documents! I mean, shit happens, it's exactly the same. Someone sending documents in your name? Well yeah but they might have made a fake sign, fake envelopes and forged the companies registries as well, what's the difference? Burning documents stored in a office and forging signatures and envelopes is just as easy as setting up a phishing page and getting a password which is probably something like "Jessica10.3.1976" (which by the way, passes all those stupid "require at least 16 chars + uppercase/lowercase/numbers/symbol" checks while still being the stupidest password in the world.)
SSL/TLS, over SMTP. This is actually not bad! They also do SHA1 for checksum for some reason, but overall decent.. now here's the funny thing. SMTP is not a "direct" protocol by any means, every message that goes from domain A to domain B MAY or may not pass between any X servers, all of those server initiate SMTP over SSL/TLS.. but the message itself is not encrypted, so every server in the middle gets one nice copy of whatever you're sending around. But hey, until they break SSL, it's fine!
So little quiz, what's the most popular (around 90% of Italy uses it) hosting provider in Italy? Aruba! So how good is Aruba? It's not, in fact, it's pretty shitty! Part of their shittiness is their SSL, they use OpenSSL 0.9.x, unpatched, vulnerable to several exploits found in the last month, plus they use SSLv2 and all sorts of broken extensions. They're so clever they let one of their datacenter catch fire leaving 90% of Italian websites go down because of course they couldn't care less about redundancy.
Hey you, Italian company executive, your company is depending on those guys.
So you choose the old way of using biometric identification methods like signatures and physical office storage to prevent yourself from having important documents destroyed and stolen (accidentally or not)? Well, sucks to be you, the Italian government is sick of that stuff and now requires every Italian company to have and use PEC to do any legal/state document and practice.
Oh by the way, if you plan to bruteforce Aruba PEC passwords, here's a hint: They don't allow symbols.