Hi.
NPM nodejs package manager doesn't check for https signatures comunicating
with the central repo, which could give an attacker with MITM capabilities
the possibility to execute code.
The issue is here https://github.com/isaacs/npm/issues/1204.
The maintainer considers this to be a bug that
I fail to see what would make what hard, could you please explain?
2013/10/30 Jonathan Spearman j...@jstc.info
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If I am not misunderstanding this. The object is to secure the site so
it won't be hacked. Why is there this need to use TOR?
If I
Also, what is to prevent someone interfering with the creation of the
certificate that will be embedded in the device (or poor pseudo-random
while generating it, etc.), and what would be the cost of replacing the
certificate inside the device once/if compromised?
2013/11/12 Andreas Kuckartz
2014-07-07 12:13 GMT-08:00 Andrea Zwirner and...@linkspirit.org:
Can you proof it?
Or maybe, you can tell the list what the attached image - that is
encrypted with Moritz Muehlenhoff's and Florian Weimer's public keys -
represent?
Cheers (and thanks Mr. Moritz and Mr. Florian - who were
Just something related I happened to stumble across:
http://www.bit-tech.net/news/bits/2014/10/15/google-mozilla-sslv3/1
Sorry about the double email, this is the original source for Mozilla
https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
2014-10-17 9:12 GMT+13:00 Pedro Worcel pe...@worcel.com:
Just something related I happened to stumble across:
http://www.bit-tech.net
Keep in mind that if you use a non-tor browser in order to browse through
Tor you would still be trackable to a degree.
Please see https://panopticlick.eff.org/
2015-05-08 16:18 GMT+12:00 Riley Baird
bm-2cvqnduybau5do2dfjtrn7zbaj246s4...@bitmessage.ch:
I'm not from the iceweasel team, but I
7 matches
Mail list logo
