On 2013-08-15, at 6:14 AM, Nathan of Guardian <nat...@guardianproject.info> wrote:
> Signed PGP part > On 08/15/2013 12:07 AM, Nadim Kobeissi wrote: > > Hot on the heels of last week's Bitcoin wallet for Android heist, > > Google has confirmed that this was due to a critical crypto flaw in > > Android, which could affect security in thousands of apps according > > to Ars Technica: > > The only silver lining from their post was that HTTP/SSL connections > were not affected, so this only really affects apps that are > generating keys at the Java layer, which include apps like Android > Privacy Guard (APG) and our own Gibberbot. I was in fact wondering about Gibberbot when I heard about this bug. Glad you're releasing a fix soon. It would be cool if you could write a blog post detailing how the bug affected Gibberbot, it would definitely be an interesting read as to how such a bug can affect encrypted IM apps. Cryptocat had its own RNG fiasco recently as well, which was documented in this excellent blog post by Sophos Labs: http://nakedsecurity.sophos.com/2013/07/09/anatomy-of-a-pseudorandom-number-generator-visualising-cryptocats-buggy-prng/ > > Gibberbot v12 alpha (now renamed Chat Secure) is available with the > fix, and we'll be pushing a public beta extremely soon to Google Play. I approve of the name change! ChatSecure sounds so much better. See you this weekend, Nathan! NK > > +n > > -- > Liberationtech is a public list whose archives are searchable on Google. > Violations of list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu.
-- Liberationtech is a public list whose archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
