On 9/01/14 00:38 AM, d...@geer.org wrote:
Keying off of one phrase alone,
This combat is about far more than crypto...
I suggest you immediately familiarize yourself with last month's
changes to the Wassenaar Agreement, perhaps starting here:
Keying off of one phrase alone,
This combat is about far more than crypto...
I suggest you immediately familiarize yourself with last month's
changes to the Wassenaar Agreement, perhaps starting here:
New to the mailing list, sorry if this is formatted improperly.
Does the 'intrusion software' category include open-source stuff like
Metasploit?
Also, how will this affect software security testing by private companies?
Many infosec consulting companies have in-house proprietary software for
Thanks. We posted the Wassenaar changes on Cryptome
on December 19.
http://cryptome.org/2013/12/wassenaar-intrusion.htm
http://cryptome.org/2013/12/wassenaar-list-13-1204.pdf
The intrusion software has received some but not sufficient
attention. And beyond the sections you cite there are many
On 2014-01-05 01:01, John Young wrote:
If your server or ISP generates log files, as all do, you cannot
be secure. If upstream servers generate log files, as all do,
you cannot be secure. If local, regional, national and international
servers generate log files, as all do, you cannot be secure.
Logs needed run the Internet steadily, securely and cheaply
are not what logs files have grown into: Bloated, malicious,
exploitive and very lucrative spying on users. This is why there
are thousands of firms providing log files exploitation programs
and services. Every product manufacturer touts
Hi Jacob,
I just watched your 30c3 presentation on Youtube. About halfway through you
described an exploit on Dell servers that uses the JTAG, and then asked; Why
did Dell leave a JTAG debugging interface on these servers?”
There is nothing nefarious or uncommon about an active JTAG
On Tue, Dec 31, 2013 at 3:13 PM, Jacob Appelbaum ja...@appelbaum.netwrote:
Kevin W. Wall:
On Tue, Dec 31, 2013 at 3:10 PM, John Young j...@pipeline.com wrote:
30c3 slides from Jacob Appelbaum:
http://cryptome.org/2013/12/appelbaum-30c3.pdf (3.8MB)
And you can find his actual prez
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 31/12/13 21:13, Jacob Appelbaum wrote:
I'm also happy to answer questions in discussion form about the
content of the talk and so on. I believe we've now released quite a
lot of useful information that is deeply in the public interest.
All
If your server or ISP generates log files, as all do, you cannot
be secure. If upstream servers generate log files, as all do,
you cannot be secure. If local, regional, national and international
servers generate log files, as all do, you cannot be secure.
So long as log files are ubiquitous on
On 1/4/2014 7:01 PM, John Young wrote:
If your server or ISP generates log files, as all do, you cannot
be secure. If upstream servers generate log files, as all do,
you cannot be secure. If local, regional, national and international
servers generate log files, as all do, you cannot be secure.
Hi Jake,
Ian Grigg just made a point on metzdowd that I think is true: if you
want to change the NSA, you need to address the many corporates that
profit from what they are doing. Because the chain goes like this:
corporate money - election campaigns - representatives - NSA
What do you think?
On Wed, Jan 1, 2014 at 3:56 AM, Ralph Holz h...@net.in.tum.de wrote:
Hi Jake,
Ian Grigg just made a point on metzdowd that I think is true: if you
want to change the NSA, you need to address the [...]
[... money] Because the chain goes like this:
corporate money - election campaigns -
If you'll notice that both political parties have expanded on the NSA's
mission, scope, and probably funding. I doubt there are any business motives
here. In fact, it seems to me there are the exact opposite. Though, since much
of government is now contracted out, I do wonder who this was
Jake's, Assange's and others' emphasis at 30c3 was to pursue
technological offenses rather than futile expectation of political,
financial and legal controls of spying which inevitably confirm
what spies do, for it is in their interest to support spyin and
secrecy to maintain hegemonic,
On Wed, Jan 1, 2014 at 3:56 AM, Ralph Holz h...@net.in.tum.de wrote:
Hi Jake,
Ian Grigg just made a point on metzdowd that I think is true: if you
want to change the NSA, you need to address the many corporates that
profit from what they are doing. Because the chain goes like this:
On Wed, Jan 1, 2014 at 7:22 AM, coderman coder...@gmail.com wrote:
On Wed, Jan 1, 2014 at 3:56 AM, Ralph Holz h...@net.in.tum.de wrote:
Hi Jake,
Ian Grigg just made a point on metzdowd that I think is true: if you
want to change the NSA, you need to address the [...]
[... money] Because the
On Tue, Dec 31, 2013 at 3:10 PM, John Young j...@pipeline.com wrote:
30c3 slides from Jacob Appelbaum:
http://cryptome.org/2013/12/appelbaum-30c3.pdf (3.8MB)
And you can find his actual prez here:
https://www.youtube.com/watch?v=b0w36GAyZIA
Worth the hour, although I'm sure your blood
18 matches
Mail list logo
