Lavabit back online for a brief period of time

15. October 2013 Security 0

Today Lavabit, the secure email provider that was forced to shut down in August, resumed service. During the next few days current users are able to change their password and allow data recovery. Here is the press release:

Oct 14, 2013 19:00 ET
Lavabit to Briefly Reinstate Services for Data Recovery

ALEXANDRIA, Va., Oct. 14, 2013 /PRNewswire/ — Beginning today, Ladar Levison, founder of Lavabit LLC, will begin the process that will allow former users of Lavabit to briefly access their account and recover data lost from the initial shutdown.

To begin this process, the user will first be allowed to change their password during a 72 hour period, beginning tonight at 7:00 PM Central. This step was created due to recent events in the news that have lead people to believe that their account information may have been compromised. If users are indeed concerned that their account information has been compromised, this will allow them to change their account password on a website with a newly secured SSL key. Following the 72 hour period, Thursday, October 17th, the website will then allow users to access email archives and their personal account data so that it may be preserved by the user.

This comes in the wake of the abrupt shutdown of Lavabit this past August, wherein many were left without a way to access their sensitive data. For those who used Lavabit’s email service, they were left without a way to access information after the shutdown. When asked about how his users felt about the loss of personal data, Mr. Levison said “I’m in the same boat as them. I used my Lavabit email account for 10 years. It was my only email account.”

Former users are advised to visit the website https://liberty.lavabit.com to begin the process of recovery.

For more information, contact the LLDF at legal@lavabit.com, or (703)291.1999. To support Mr. Levison in his court battle, please visit https://rally.org/lavabit

SOURCE Lavabit LLC

Before visiting and using the website mentioned above (lavabit.com no longer works because it’s certificate was revoked) keep in mind that all eyes are on Lavabit. Governments and agencies are probably doing what they can to monitor and/or intercept all traffic to and from the site hoping to decrypt valuable information again later by forcing Lavabit to hand over the SSL key (again). Before visiting the site I recommend setting up an encrypted VPN and verifying the certificate before typing in any information. The site has the serial number and SHA1 fingerprint listed at the bottom, click the lock icon in your browser’s address bar to compare them. As different browsers display the information differently I won’t describe them all, click on the image below for a larger version that shows how to verify the certificate in Firefox. If the information does not match up, close the page and do not use it. If you are not an existing customer and/or have no important email stored on the server I’d not visit the page at all just to keep your IP or other info ending up in log files you do not want to end up in.
Lavabit


Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.