On 6/9/14, Tom Ritter t...@ritter.vg wrote:
Twitter requires an email. My thought would be that logins via Tor and
other anonymity networks need to use 2FA. Either the Code Generator, SMS,
or email-click-a-link. Either that, or require it on first Tor-login, and
flag the account as not
Hi,
I wanted to write to highlight some important documents that have
recently been released by Der Spiegel about the NSA and GCHQ. We worked
very hard and for quite some time on these stories - I hope that you'll
enjoy them.
Inside TAO: Documents Reveal Top NSA Hacking Unit:
Hi,
I think a lot of people would benefit from reading Mike Perry's latest
blog post. He addresses how The Tor Project is working towards the
problems referenced by Zooko in his latest open letter to Silent Circle:
Ali-Reza Anghaie:
I understand we're talking about verifiable builds and software
distribution but using the Zetas as an example is getting kind of
ridiculous.
The point of using the Zetas is perhaps not clear but I think I
understand well what Zooko means. We've talked about it a few times
Ali-Reza Anghaie:
OK. I still disagree - in these threat models they don't care about effort.
Who doesn't?
They dissuade people by killing a few first.
If someone starts harming say, Ubuntu developers, I think very few
Debian developers will worry. I think very few RHEL developers will
Nadim Kobeissi:
On 2013-08-07, at 12:58 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-07, at 12:44 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Bbrewer:
We're understaffed, so we tend to pick the few things we might
accomplish and writing such advisory
The advisory was about bug being exploited in the wild, so, yes.
That was covered well in Roger's last email.
I'm aware, I did read his email. I was just under the impression that
you publish advisories about *vulnerabilities*, not about *exploits*.
But perhaps you're teaching me (and the
Nadim Kobeissi:
On 2013-08-06, at 3:19 AM, Jacob Appelbaum ja...@appelbaum.net
wrote:
Griffin Boyce:
Al,
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch
without reading firefox's changelog. Two days ago I
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings alb...@openbuddha.com
wrote:
Nadim you seem confused by how this works. Tor doesn't need to
issue advisories for Firefox issues. We, at Mozilla, already issue
them. Perhaps they can link to them clearly but if you want to know
about
Maxim Kammerer:
On Tue, Aug 6, 2013 at 12:30 PM, Jacob Appelbaum ja...@appelbaum.netwrote:
Please feel free to answer the question, we're happy to learn from an
example. Are either of you involved in such an example? Might we learn
from your example? If so, where might we see it?
Tails
Nadim Kobeissi:
On 2013-08-06, at 12:55 PM, Jacob Appelbaum ja...@appelbaum.net
wrote:
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings alb...@openbuddha.com
wrote:
Nadim you seem confused by how this works. Tor doesn't need to
issue advisories for Firefox issues. We
Maxim Kammerer:
On Tue, Aug 6, 2013 at 1:07 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Somewhere there is a line and clearly, we failed to meet
the high standards of a few folks on this list. I'm mostly curious if
that high standard will be expressed in a cohesive manner where we might
Asa Rossoff:
Jacob Appelbaum:
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings alb...@openbuddha.com
wrote:
Nadim you seem confused by how this works. Tor doesn't need to
issue advisories for Firefox issues. We, at Mozilla, already issue
them. Perhaps they can link to them clearly
Joseph Lorenzo Hall:
On 8/6/13 6:41 AM, Jacob Appelbaum wrote:
(2) Even have an RSS feed of them available through the TBB, as well as RSS
of TBB releases, and what security issues are covred including one advised
by Firefox. This could notify of stable, alpha and beta releases, so
Nadim Kobeissi:
On 2013-08-06, at 1:23 PM, Jacob Appelbaum ja...@appelbaum.net
wrote:
Nadim Kobeissi:
On 2013-08-06, at 12:55 PM, Jacob Appelbaum
ja...@appelbaum.net wrote:
Nadim Kobeissi:
On 2013-08-06, at 11:46 AM, Al Billings
alb...@openbuddha.com wrote:
Nadim you seem
intrigeri:
Hi,
Maxim Kammerer wrote (06 Aug 2013 09:52:36 GMT) :
Tails references upstream advisories, or at least did so in the past.
https://tails.boum.org/security/Numerous_security_holes_in_0.18/
Right, and we have no plan to stop doing this. What we've been doing
for years when
konfku...@riseup.net:
Jacob Appelbaum:
I like this idea - though I wonder how users would feel about it? Will
they read it? Should it be our own RSS feed or an RSS feed of Mozilla's
data?
I don't like the idea. You need to worry about the upgrading behavior of
casual users of TBB, who
Griffin Boyce:
Al,
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch without
reading firefox's changelog. Two days ago I presented a talk which
emphasized how useful Tor is -- and I stand by that. Tor is still the
best
A new Spiegel edition is out and it is awesome. It contains leaked
documents that show that the BND, BfV, NSA and CIA worked together to do
domestic spying in Germany. It also covers more information about XKEYSCORE.
The PDF of the article has been leaked too:
Andreas Bader:
Eugen Leitl:
Grimes: How many exploits does your unit have access to?
Cyber warrior: Literally tens of thousands -- it's more than that. We have
tens of thousands of ready-to-use bugs in single applications, single
operating systems.
Grimes: Is most of it zero-days?
Patrick Mylund Nielsen:
If it's so easy, go ahead and produce a more secure alternative that people
will use. Talking about how exceedingly easy it is in Internet forums
doesn't contribute much.
I'm not sure if you're away but Maxim did exactly this many years ago.
He wrote a system called
Patrick Mylund Nielsen:
On Tue, Jul 9, 2013 at 9:22 AM, Eugen Leitl eu...@leitl.org wrote:
On Tue, Jul 09, 2013 at 09:12:21AM -0400, Patrick Mylund Nielsen wrote:
If it's so easy, go ahead and produce a more secure alternative that
people
You mean something like http://dee.su/ ?
And
Nadim Kobeissi:
Hi Jacob,
You've said a lot about Cryptocat's SSL configuration — can you recommend a
better configuration that is similarly compatible?
Hi Nadim,
I mentioned this on the cryptography list - I suggest several things.
First up - either disable all non-forward secure SSL/TLS
Jonathan Wilkes:
On 07/09/2013 10:29 AM, Jacob Appelbaum wrote:
Patrick Mylund Nielsen:
On Tue, Jul 9, 2013 at 9:22 AM, Eugen Leitl eu...@leitl.org wrote:
On Tue, Jul 09, 2013 at 09:12:21AM -0400, Patrick Mylund Nielsen wrote:
If it's so easy, go ahead and produce a more secure alternative
Hi,
What we're seeing in Der Spiegel, The Guardian, Washington Post and
other select publications is the birth of new threat models - not just
for activists but for all of civil society, parliamentarians, companies
and more. This is a threat model that many have known and yet at the
same time,
Nikola Kotur:
On Sun, 30 Jun 2013 02:25:54 -0500
Anthony Papillion anth...@cajuntechie.org wrote:
what exactly is the problem with Pidgin OTR
This page summarizes what might be wrong with Pidgin and OTR:
Eleanor Saitta:
On 2013.07.01 15.15, Julian Oliver wrote:
..on Mon, Jul 01, 2013 at 06:03:01PM +, adrelanos wrote:
In response to the tool doesn't exist...
apt-get install tor torify wget http://path.to/file
And how did you verify the trust path for your initial debian install
It is
Eleanor Saitta:
On 2013.06.29 10.27, Jonathan Wilkes wrote:
It's not a simplistic choice between using modern devices and being
a Luddite. It's about people having a better understanding about
what the threats are, digesting that information (unfortunately,
slowly) and then using tools to
Paul Bernal (LAW):
None of this should be surprising, should it? It's a reasonable
assumption that all intelligence agencies share their data on a
pretty regular basis - certainly with 'friendly' nations, and almost
certainly with others, on a quid pro quo basis. It's always been that
way.
Eleanor Saitta:
On 2013.06.29 12.37, Jacob Appelbaum wrote:
Eleanor Saitta:
None of those tools exist right now, not for locational privacy
and metadata obfuscation.
I disagree about the existence. Perhaps, I think we might be able
to agree on certain values of 'unusable' rather than
Mike Perry:
Nick:
Quoth Mike Perry:
Hidden service circuits require ~4X as many Tor router traversals
as normal Tor exit circuits to set up, and unlike normal Tor exit
circuits, they are often *not* prebuilt. Once they are set up, they
still require 2X as many Tor router traversals
in the installer is translated, btw).
Is there anything I can help?
Best regards,
MH
2013/6/17 Jacob Appelbaum ja...@appelbaum.net
Hi,
I'm really excited to say that Tor Browser has had some really important
changes. Mike Perry has really outdone himself - from deterministic
builds
Jillian C. York:
Minor piece of feedback:
Why StartPage as default search engine? They employ safe search by
default.
That is a good question - I think it is open to discussion. Generally
speaking, I think that a censorship free search engine that requires no
cookies, no javascript, no
Michael Carbone:
DuckDuckGo seems to work well with Tor and without
javascript/cookies/etc. They also run it as a hidden service so you
can keep your search in the Tor cloud -- I don't know of other search
engines that do that: 3g2upl4pq6kufc4m.onion
I generally feel friendly to DuckDuckGo.
micah:
Eleanor Saitta e...@dymaxion.org writes:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2013.06.24 07.19, Douwe Schmidt wrote:
Dear LibTech Readers,
In a little bit over a month OHM2013 is happening in The
Netherlands. There has been a lot of controversy in the run-up to
Jillian C. York:
+1
On Mon, Jun 24, 2013 at 2:38 PM, Cooper Quintin
coo...@radicaldesigns.orgwrote:
Start page also allows you to generate a url that has certain settings,
for example this one (
https://startpage.com/do/mypage.pl?prf=c2a9ee9b20d61e980b6f6cce7026bc91
)has safe search
Griffin Boyce:
Not only am I going to be presenting three talks at OHM, I will be
presenting talks that are (in many ways) totally dead conversations in the
US.
Congratulations. I look forward to seeing them, probably on a remote
stream but also perhaps in person.
It's interesting how
phryk:
On Mon, 24 Jun 2013 21:17:16 +
Jacob Appelbaum ja...@appelbaum.net wrote:
This is a false dichotomy of an argument if ever I've heard one. I
keep hearing it too. It bums me out to no end.
I understand that removing ourselves from specific discussions removes
our voices from
Nadim Kobeissi:
On 2013-06-24, at 6:23 PM, Griffin Boyce griffinbo...@gmail.com
wrote:
Not only am I going to be presenting three talks at OHM, I will be
presenting talks that are (in many ways) totally dead conversations
in the US.
It's interesting how much of the debate centers
Jurre andmore:
Sorry, but why would 30c3 be this place and not any other venue in the
world? Without context this sounds silly.
It was merely a suggestion and it is hardly without context.
Any event or space that is willing to create an explicitly safe space
for an open dialog is probably in
Jurre andmore:
I wish we all spoke out against the police being present 20 years ago and
not in 2013.
Actually, I think a lot of old-school Dutch hackers did just that -
especially against the undercover cops who infiltrated the scene. This
was documented in the hacking zines of that era.
In
From the we-told-you-so-again-gosh-this-is-the-free-west department:
GCHQ taps fibre-optic cables for secret access to world's communications
Exclusive: British spy agency collects and stores vast quantities of
global email messages, Facebook posts, internet histories and calls, and
shares them
Hi,
I encourage all Skype users and security people to read this article
about Silicon Valley and the spying world:
http://www.nytimes.com/2013/06/20/technology/silicon-valley-and-spy-agency-bound-by-strengthening-web.html?pagewanted=all_r=0
This bit about Skype is fantastic:
Skype, the
Rich Kulawiec:
On Sun, Jun 09, 2013 at 10:11:08AM -0400, Nadim Kobeissi wrote:
On 2013-06-09, at 10:08 AM, Rich Kulawiec r...@gsp.org wrote:
Second: stupidity, in all forms, fully deserves to be slapped down --
This is where I stop reading.
I have to admit, even though I've read this half
Hi,
I'm really excited to say that Tor Browser has had some really important
changes. Mike Perry has really outdone himself - from deterministic
builds that allow us to verify that he is honest to actually having
serious usability improvements. I really mean it - the new TBB is
actually awesome.
Maxim Kammerer:
On Mon, Jun 10, 2013 at 12:01 PM, x z xhzh...@gmail.com wrote:
Occam's razor would give us the following is what has actually happened in
the past three days: a semi-clueless whistle blower fed an overzealous
journalist a low-quality powerpoint deck, which met the
x z:
@Jacob, I agree with your points regarding American exceptionalism.
@Eugen, to prepare for the worst scenario is one thing, to advocate some
shady rumor as fact is another.
@Rich, those are good movie scripts :-). But it does not work for 9 firms,
and hundreds of execs all with diverse
x z:
I argue that direct access or not is is substantive, not semantic. We have
the following two versions of the story:
*A: The Guardian story alleges that NSA has direct access to user data from
major internet firms, and these firms are willingly cooperating with NSA
for the capability of
x z:
2013/6/8 Jacob Appelbaum ja...@appelbaum.net
Oh man, Glenn Greenwald is my hero and a hero to us all.
Do you still believe Glenn's reporting that NSA has direct access to
servers of firms including Google, Apple and Facebook?
Yeah, I think it is clearly a FISA interface or API
Nadim Kobeissi:
Jake, I don't agree with x z (and rather agree with you), but I'm
really tired of just how aggressive and rude you always are on
Libtech. And it doesn't appear to just be towards me. I'm not the
only person who feels like this.
Even if you're right, tone your ego knob down
Nadim Kobeissi:
On 2013-06-09, at 1:02 PM, Jacob Appelbaum ja...@appelbaum.net
wrote:
Nadim Kobeissi:
Jake, I don't agree with x z (and rather agree with you), but
I'm really tired of just how aggressive and rude you always are
on Libtech. And it doesn't appear to just be towards me. I'm
Oh man, Glenn Greenwald is my hero and a hero to us all. Everyone on
this list who was looking for 'some evidence' about global surveillance
and previously ignored all other evidence, well, here you go!
Revealed: The NSA's powerful tool for cataloguing data – including
figures on US collection
Hi,
Top secret PRISM program claims direct access to servers of firms
including Google, Facebook and Apple and others.
Some of the world's largest internet brands are claimed to be part of
the information-sharing program since its introduction in 2007.
Microsoft – which is currently running an
Dear Libtech,
We've waited a long time for this kind of FISA court document to leak -
we see clearly evidence that there is still dragnet surveillance that is
ongoing - the current order leaked is still valid as of today, it will
continue to be valid until the middle of July.
This specifically
Sarah Lai Stirland:
http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html
http://www.newyorker.com/online/blogs/backissues/2013/05/strongbox-the-new-yorker-investigates.html
Kevin Poulsen suggested I open issues on Github and I've been doing so
as 'ioerror'
Hi,
I've long heard things about BlackBerry and RIM regarding BBIM. I was
unable to substantiate until this morning when a friend pointed me at this:
http://docs.blackberry.com/en/admin/deliverables/21760/PIN_encryption_keys_for_BBM_1840226_11.jsp
The relevant part is here:
The PIN encryption
Griffin Boyce:
Jacob Appelbaum ja...@appelbaum.net wrote:
When people ask how secure BBIM is - I suppose we can now cite RIM's
official documentation on the topic - without a BES server, it's
encrypted with a key that is embedded in all handsets.
This was critical in the London Riots
, disclosed to LE and intel agencies, specifically
to retain or to enhance their marketshare.
To me, it's disingenuous for companies to promote secure solutions that
they know allow some kind of backdoor access.
Jacob Appelbaum ja...@appelbaum.net wrote:
What an embarrassing joke
Keep
Griffin Boyce:
Jacob Appelbaum ja...@appelbaum.net wrote:
Griffin Boyce:
I disagree. Blackberry isn't openly selling your data or
otherwise gifting it to third parties, but I don't think that's
really enough.
That is exactly what they're doing. They have a key that is static
and from
Griffin Boyce:
Jacob Appelbaum ja...@appelbaum.net wrote:
You already know this, but for the benefit of the list snip
Unless these are on a BES server - it's all insecure - if it is on a BES
server, it may still be insecure depending on a few factors.
Depends on whether they enable
Why is there this rhetoric as if all of the bugs in JS crypto are unique to
JS crypto? These breaks happen in other platforms too, but simply occur in
different forms. However, overwhelmingly, the frequency and severity do
compare.
There are specific bugs in the JS crypto library and as a
Maxim Kammerer:
On Fri, Apr 26, 2013 at 2:12 AM, Richard Brooks r...@clemson.edu
wrote:
I have a student trying to make a modified build of the Liberte
Linux distribution. If anyone would have time and be willing to
give her some pointers, please send me an email and I will forward
to her.
Shava Nerad:
I was fascinated today to see Mother Jones and many others reposting,
entirely without reflection or comment, what seemed to me to be not
crowdsourced images but second story surveillance camera shots of the FBI
suspects. (Who, in addition, are being howled after as guilty until
Maxim Kammerer:
On Fri, Apr 19, 2013 at 10:55 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
I find it telling that the local news papers in Seattle referred to
their photos as 'potential suspects' on the front page. The use of
language is telling - it suggests that to be suspect
Andrés Leopoldo Pacheco Sanfuentes:
Jacob, it's all that and worse, I'm sure. Why wouldn't be any different?
Why indeed?
After all, there has been a terrorist attack in Boston, so one would expect
the state of the art in counter-terrorism in full force here!
Terrorism is not an excuse for
Andrés Leopoldo Pacheco Sanfuentes:
They (FBI, DHS) did call them persons of interest - nbd, it's all the same
To suggest it is all the same is to miss the subtle changes in language
and how the subtle changes in language change us.
We might be OK with these changes and yet it feels dishonest
puscii:
http://www.puscii.nl/blog/content/whats-wrong-kids-these-days
What's wrong with the kids these days?
On the moral decay of the Dutch hacker scene
I'm really happy to see that someone took the time to write this article
and I'm also happy to see that it was related to puscii. For
Yosem Companys:
Dear Liberationtech list subscribers,
Several of you have petitioned to change Liberationtech mailing list's
default reply to option from reply-to-all to reply-to-poster. Given
the debate (see links below), we have decided to put the issue up for a
vote:
- Do you want
Joseph Lorenzo Hall:
Two things seem particularly interesting: apparently zero requests for
content were fulfilled for Skype and the associated FAQ [1] says CALEA
(the US law that mandates intercept capability) does not apply to Skype.
That seems particularly encouraging to me.
The FAQ is
Joseph Lorenzo Hall:
On Thu Mar 21 12:27:47 2013, Jacob Appelbaum wrote:
Joseph Lorenzo Hall:
Two things seem particularly interesting: apparently zero requests for
content were fulfilled for Skype and the associated FAQ [1] says CALEA
(the US law that mandates intercept capability) does
Randolph D.:
http://sourceforge.net/projects/torbrowser/
This is an extremely questionable piece of software. It is not the Tor
Browser provided by the Tor Project.
The developer's user name is 'perrymikey' which is likely a reference to
the main Tor Browser developer 'mikeperry' who did not
Randolph D.:
It is not the Tor Browser provided by the Tor Project.
That is true, it is an alternative. Firefox is not the only Browser
to use with Tor.
You can use nearly any piece of software with Tor and that does not mean
that it is safe to use.
This is an extremely questionable
Dear Heather,
ttscanada:
Hi all,
For those that aren't aware, 800,000 Rohingya people in Burma are being
cut off from communication as the military and government try to drive
them out of the country. Over 100,000 are being starved to death in
concentration camps, the rest are driven into
ttscanada:
Hi Jacob,
Yes, exactly to the security issues, which is why we have tried nothing
to date, any Rohingya caught with anything like a camera or radio is
tortured and killed. Ease of use is also paramount, there is no point
risking lives to get a phone in that no one can use. We are
Hi,
Thanks to the ACLU for working hard on cell phone privacy issues:
http://www.aclu.org/blog/technology-and-liberty-criminal-law-reform-immigrants-rights/new-document-sheds-light
Here's the result of the search warrant which named the cellebrite
company directly:
Rich Kulawiec:
On Tue, Feb 19, 2013 at 04:53:48AM +, Jacob Appelbaum wrote:
Sounds like someone should upload a package that fixes all of the
privacy problems, eh?
I've thought about this for a couple of days and about 20 miles, and
although my initial reaction was yes, they should, I'm
Hamdan Azhar:
Please forward widely!
---
INTERNSHIPS AVAILABLE AT LEADING SILICON VALLEY STARTUP
GraphScience - a Palo Alto based venture-backed startup focusing on
predictive behavioral analytics in social networks - is offering
internships for college students and recent graduates.
Micah Lee:
On 02/22/2013 02:06 PM, Jacob Appelbaum wrote:
The Opt-out strategy is useful. The question is - how does it make
Ubuntu safer or more privacy preserving? For example - what if we were
able to make a privacy preserving version that was also reasonably
secure and everyone was happy
Brian Conley:
hrm, also true for the newest line of google nexus i believe.
In any phone where one might be able to open the case, I assume someone
will also just be able to tap the bus lines. Thus, the easy route
(booting off of a special image) might not be simple but these devices
aren't
Brian Conley:
Always trust Jake to cut right to the bare honest ugly (and depressing!)
truth.
If you really want to be depressed about mobile security, I encourage
you to acquire the cellebrite UFED forensics device:
http://www.cellebrite.com/mobile-forensic-products/ufed-touch-ultimate.html
Rich Kulawiec:
The short version is that Ubuntu is now pre-compromised. (Or if you
prefer Stallman's phrasing, and I agree with him, it's spyware.)
And given the appallingly tone-deaf nature of Shuttleworth/Canonical's
responses, I very much doubt that this will be the end of it --
that is,
Brian Conley:
snip
My point was for something off the shelf, I know of nothing better and as
far as it goes... I'd say it's a step up for a lot people who should be
using more secure IT technologies and methods than they are (such as some
journalists), and they can take that step with
Brian Conley:
On Wed, Feb 6, 2013 at 2:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
Brian Conley:
Micah,
Perhaps you can tell us the secret to convince all family members and
colleagues to become Linux hackers able to be completely self-sufficient
managing their own upgrades
Brian Conley:
Micah,
Perhaps you can tell us the secret to convince all family members and
colleagues to become Linux hackers able to be completely self-sufficient
managing their own upgrades and modifications indefinitely?
Stop supporting the use of non-free software? We're all part of the
T N:
The word Linux doesn't refer to anything, other than maybe the kernel.
Chrome OS is linux. But it's a massively stripped down distribution that
has a radical design, including the fact that it will ONLY run if all of
the cryptographic checks are verified from the root of trust. That
Nadim Kobeissi:
On Wed, Feb 6, 2013 at 5:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
This is hilarious.
I would *never* use a laptop that lacks a way to protect all your
traffic (eg: VPN/Tor/SSH tunnel/etc) in a place with serious
surveillance as an at risk person. Not only because
Griffin Boyce:
On Wed, Feb 6, 2013 at 5:16 PM, Jacob Appelbaum ja...@appelbaum.netwrote:
A persistent backdoor on your Chromebook is not actually impossible.
As Nate (?) pointed out, hardware backdoors wouldn't be all that
difficult to implement, especially for someone who travels a lot
T N:
On Wed, Feb 6, 2013 at 2:16 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
It runs software that is in Debian, the GNU/Linux operating system. I
know, I've written some of it (eg: tlsdate). They do a good job of
locking things down but it is basically just another distribution of Linux
T N:
The other things I meant to add:
Most Linux distro's are not running with their executable code on a
readonly filesystem, and it takes some effort to convert to a RO
configuration.
If someone has root on the machine or physical access, I guess that it
won't matter as much as we'd
Brian Conley:
Apparently Silent Circle is also proposing such a feature now.
Such a feature makes sense when we consider the pervasive world of
targeted attacks. If you compromise say, my email client today, you may
get years of email. If you compromise my Pond client today, you get a
weeks
Daniel Colascione:
On 2/5/2013 11:11 AM, Jacob Appelbaum wrote:
Brian Conley:
Apparently Silent Circle is also proposing such a feature now.
Such a feature makes sense when we consider the pervasive world of
targeted attacks. If you compromise say, my email client today, you may
get years
x z:
This is a great piece Martin! Thanks for the thorough analysis, explanation
and documentation.
I have two comments:
1. It is a bit sad that the petition People who help internet censorship,
builders of Great Firewall in China for example, should be denied entry to
the
micah anderson:
Nadim Kobeissi na...@nadim.cc writes:
Hasn't Retroshare also been under criticism for a lack of audit?
I've always wondered why something like Mega gets a lot of attention and
people audit it pretty much immediately, but something like Retroshare,
which has been around for
Jerzy Łogiewa:
Hm Jake, can you tell more about this? Was this data publish?
It was a talk we gave at the 23rd CCC Congress:
http://code.google.com/p/vilefault/
http://arstechnica.com/apple/2006/12/6436/
All the best,
Jacob
--
Unsubscribe, change to digest, or change password at:
Margaret Silver:
I am trying to unsubscribe. I never wanted to be on this list. Please
unsubscribe me. My email has been hacked.
Thank you
This might be the ideal list for you to read, I guess. Otherwise, at the
bottom of every email there is this URL provided to change subscription
options:
John Adams:
Why don't you just get around the problem entirely and use Dropbox's
storage for encrypted disk images?
If you have data sufficiently encrypted, it doesn't matter how it's stored.
I generally agree that the data should be encrypted, though I think it
should also be authenticated
Hi,
In light of the recent thread on journalism, I wanted to share this link
about Skype:
https://en.greatfire.org/blog/2012/dec/china-listening-skype-microsoft-assumes-you-approve
With 250 million monthly connected users, Skype is one of the most
popular services for making phone calls as
to choose between it and Skype, I guess I'd not have a lot of trouble
making the choice of using Jitsi.
All the best,
Jake
B
On Dec 21, 2012 6:07 AM, Jacob Appelbaum ja...@appelbaum.net wrote:
Hi,
In light of the recent thread on journalism, I wanted to share this link
about Skype
Hi,
fr...@journalistsecurity.net:
But if
you're getting information security advice from a Forbes blog, that
will be the least of your worries.
Where would you suggest we get information security advice from?
This is an interesting question and I admit, I feel like it leaves a bad
ring in
Danny O'Brien:
On Wed, Dec 19, 2012 at 05:26:05AM +, Jacob Appelbaum wrote:
Hi,
fr...@journalistsecurity.net:
But if
you're getting information security advice from a Forbes blog, that
will be the least of your worries.
Where would you suggest we get information security advice from
1 - 100 of 130 matches
Mail list logo