Libtech, I was made aware that dumping data onto Twitter and Pastebin is not always the most useful way of providing public documentation, so I have collected some recent developments into a blogpost. I wanted to share it here because there are more than a few lessons for privacy tool providers, including that if your site or service does not authenticate itself properly to the user, you are demonstrably now much more exposed to having sessions hijacked. There are a number of people, including Amin Sabeti, that deserve all the credit for bringing these changes to light.
Introduction. *As is the historical trend, an eventful month of political and economic instability, not the least reflected in the return of Mehdi Hashemi, the dive of the Toman, Ahmadinejad at the U.N. General Assembly, and the arrest of Ali Akbar Javanfekr, has led to an increase in the aggressiveness of Internet censorship by the state. This was most evident in the filtering of SSL access to Google and Gmail, however, what has received less attention are two development, the filtering of foreign-hosted media files and the fulltime implementation of DNS tampering. Since such moments are the time when the government tips its hand on what it can do, I offer some brief notes.* http://b.averysmallbird.com/entries/an-eventful-month-in-iran Cordially, Collin -- *Collin David Anderson* averysmallbird.com | @cda | Washington, D.C.
-- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech