Re: [liberationtech] Spanish woman given jail term for tweeting jokes about Franco-era assassination

2017-03-30 Thread Jorge SoyDelBierzo 
You're right, here in Spain if you don't have prior convictions don't go to 
jail for a sentence under 2 years.

Her sentence include 7 years of disqualification for public employments 

> El 31 mar 2017, a las 0:53, Marc Juul  escribió:
> 
> 
> 
>> On Thu, Mar 30, 2017 at 3:08 PM, F LM  wrote:
>> In the same article: 
>> 
>> "She is unlikely to go to jail because those convicted of non-violent crimes 
>> with a sentence of under two years are not imprisoned."
> 
> Not read up on spanish law and not a lawyer but I believe this is type of 
> thing is common in other European countries. As a Dane it's not surprising 
> that someone is given a jail sentence that they don't end up serving. Just 
> because she gets a pass from serving her prison term now (which is likely 
> dependent on her having no prior convictions) any future convictions may 
> cause her to have to serve the full term. She has technically been given a 
> jail term but may get out of serving it if certain conditions are met in the 
> past and in the future. The fact that she has been sentenced to jail, even if 
> she doesn't end up serving the sentence, will likely limit her access to 
> certain types of jobs and opportunities as well. I agree that this could be 
> more confusing for people from other legal regimes, but I don't believe most 
> northern europeans would find the headline especially misleading.
> 
> -- 
> marc/juul
> -- 
> Liberationtech is public & archives are searchable on Google. Violations of 
> list guidelines will get you moderated: 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
> change to digest, or change password by emailing moderator at 
> compa...@stanford.edu.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Burundi

2015-05-18 Thread Jorge SoydelBierzo 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

That's good news

El 18/05/15 a las 16:24, Brian Conley escribió:

 That may be so, but Burundians are definitely online, as I noted one
whom I know tweeting within the last hour or so.

 On May 18, 2015 7:22 AM, Jorge SoydelBierzo
berci...@soydelbierzo.com mailto:berci...@soydelbierzo.com wrote:


 Blackout, 4 days ago
https://twitter.com/BBCAfrica/status/598458138887585792


 El 18/05/15 a las 16:22, Richard Brooks escribió:
  We have noticed that Burundi bloggers are off-line. No
  doubt related to the President's crack down after the
  failed coup.

  Does anyone have any news as to whether this silence is
  due to:
  -Internet blackout?
  -Physical threat/imprisonment?
  -Fear?


 --
 Liberationtech is public  archives are searchable on Google.
Violations of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech.
Unsubscribe, change to digest, or change password by emailing moderator
at compa...@stanford.edu mailto:compa...@stanford.edu.




-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQGcBAEBAgAGBQJVWfZoAAoJELfobSJASvIhJWEL/RZgTPj6lzIxcz/RhmHpHhh8
PJNcTnRxUizvOUlPMb1ZvtRM0Y4BHtbr2wnujCuBMVx6r4s0dyW+1YHb8Ziczkze
3E1OaoYlq+oPouv8DB/I6ivInIXVOSIHY+TjdC/iiopDKaP3fBmqCxgjyR9PYGlh
NLJqFOYaKIVLUIicyLGoZfFfi9HDjOahNSfzkxo9DhdXwxFn/aQ1g9awoXQpm5+L
oybA7cK8YPw/F/6XuM+Uach2H6knff+nKqDvvzUpMhleTSk/hgmnNzqrvVB6ZRGH
OnY2n9pcizRt03cb4d/P1iHzjSylc85oRIUinF0dMHgeXYtNKLE8pVabZVaGf0kY
mJ8pWvWta3yw1qRn7ahJ1H6priOgbTZeBUa+3BWd95UijD34Lk3DLKHqejxUOdEQ
tl6wj5PRa5wzvaiwgnM787cq17uLuHvxTL74OakARSPY266f+x9ppc+BzSiDSy/U
LDuMEcS1OqLxKMnDyP0yFhtqL71UfxNDEbRPSMy+Gg==
=SByG
-END PGP SIGNATURE-

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Burundi

2015-05-18 Thread Jorge SoydelBierzo 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Blackout, 4 days ago https://twitter.com/BBCAfrica/status/598458138887585792


El 18/05/15 a las 16:22, Richard Brooks escribió:
 We have noticed that Burundi bloggers are off-line. No
 doubt related to the President's crack down after the
 failed coup.

 Does anyone have any news as to whether this silence is
 due to:
 -Internet blackout?
 -Physical threat/imprisonment?
 -Fear?

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQGcBAEBAgAGBQJVWfWoAAoJELfobSJASvIhgvsL/3mNPqaH2Bh/Xhwj+8mFveT0
RN7VVb62gsKS+EB1W5GrxU3UcgHsakjSZzfKZKNjYF0pi+EP3+sreFjUrhWjHtFV
yZBRKEHSKPMqiJsGMhDvoDcgTpCJMwFTl3pb4lUBfaB9UKa64uf06NxrI7gU9PxP
lkD2JoJjlEmGZdgRhRbhk2gAP8dhvi5xlteJSN6FzA27vFd8qInEyyj7HwlRr5Zp
3wro6FPhdkgfKyYZNpigiApuUcPSkbxtkVW5GyrUQVa7dNY+tTq50R1FLamhw8Ku
y/yYYD4KAvzYWzSy7sgKIjcVoikfMj2R0IrWYmEbdir9cN/LfIT9aZZKUqDVf1Vc
cBuzg+NarQ2uLYQplf0XHUHanlY87OgSo6OMEPlLjwR4hDDDNUfrShVCaMvlNEIR
tqo6l2jdhJDbb5tDDSCaEGvd1RkyRW4KTAJIZvQebCSsJV8l4SjSgrpRUU15HFhW
Mv70gFjsnmV2ey5gj3rXRbFXmiK3hS7t8ELH0kmQ6g==
=x4Zp
-END PGP SIGNATURE-

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Free or Cheap VPN for OS X?

2015-05-05 Thread Jorge SoydelBierzo 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Or this https://nordvpn.com/

VPN+Tor

El 05/05/15 a las 16:09, Amin Sabeti escribió:
 Probably, this service will help you: https://www.privateinternetaccess.com/

 On 5 May 2015 at 15:08, anonymous2...@nym.hush.com
mailto:anonymous2...@nym.hush.com wrote:

 Hi,

 Can anyone recommend a free or cheap VPN for OS X (a Psiphon 3
equivalent)?

 Before anyone says it, I'm well aware of the various dangers
related to VPNs and the availability of TOR etc but I'm just looking for
something for low risk stuff when travelling etc.

 Thanks.
 -A

 --
 Liberationtech is public  archives are searchable on Google.
Violations of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech.
Unsubscribe, change to digest, or change password by emailing moderator
at compa...@stanford.edu mailto:compa...@stanford.edu.





-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQGcBAEBAgAGBQJVSM/hAAoJELfobSJASvIh+gkL/0fVe3dR43Z0UpkoM9zs8sTe
QGp6sJkSo0rFHf8n5LuSk9XjVTKKxoWEMvj+wUmi8ly6AYQcPZtsDPo1QubuJCIm
NGPTFDpQ1i+uS7mrQfvgu/iRy8ypHWbXCDehRrej7FxgO4yM3WGNodMnTcREn31r
hIeZfnGJCqxKxOA/JkoqLc8bRnA1cYJItnosghlnc3ukA3RrWxXRLvodiNd7QEAA
zKF0lz6AGgpjRw/OejspOKrX8D17qVtsU8D3FIW/GyqOI0djczA0jhR/ZOwNP7tN
0g2ZLqNDTMHUy4VRWObLByfdkGsHpCV8+vZqpGrE0UxOSmKjlLMZ8V5C7b2PDp75
wD0WreXSKX+8Oun6sDzMnwpG2sYw53+6e6cM4LoCI4PmljbgMhf7YsIlBXmGxk06
71m2jwuFNRw2Ih3C5QyDCOLN8PDIPur02h7XIsDDEQ9uJ7q+KPEyefR77UEAOfPp
U3Vs09BrqVnexHxbBwI+R17g/UtT2dlxIAoo6xPslQ==
=owna
-END PGP SIGNATURE-

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Umbrella App

2015-02-25 Thread Jorge SoydelBierzo 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Please ping the list, more people could be interested.

Thanks in advance

El 25 de febrero de 2015 21:44:25 CET, Security First i...@secfirst.org 
escribió:
Hi Armin,

Thanks for reaching out. We've been beavering away on Umbrella for the
past few months before pushing out the first early version into the
wider community (in the next few weeks hopefully).

I will ping you a mail direct.

Thanks,
Rory
--
Liberationtech is public  archives are searchable on Google.
Violations of list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech.
Unsubscribe, change to digest, or change password by emailing moderator
at compa...@stanford.edu.
-BEGIN PGP SIGNATURE-

iQHGBAEBCAAwKRxTb3lkZWxCaWVyem8gPGJlcmNpYW5vQHNveWRlbGJpZXJ6by5j
b20+BQJU7jUUAAoJELfobSJASvIhQBUL/2mGAfykojwioHTfzFH8FcJ4waQnLlvL
t0GNFfShUKFsmgE2n3f/dYQJ042ifNxnEcgEcWItV2QHAvz4jJdY1XjdFxHbaIx3
EWbbW6Uz7jrLsWrMCefw7niawCZk2LprBQXBlhTaAfKbOHgwZeS33FCBkVehAMUI
0OJF69ja3eY/5lK4nqvL+HipkeQqeYo/JMpnjM6iTUIeWrPa7l9Qz7TGApZf6zsZ
5XAMwcGuYPGIsy2PIldkxTMbmHobxwUxWOlopGfy0rQuRaWz/4KA9REA8ua2YbIG
2upPcMC9wtkQCx7vBVR3rJ5HPJXQzY9hJjKz0mOhj/cIHLniwN3Z/QXsBoVqG+AZ
EUau3F4kOncp5S7XRdrpmm5UWYB/bQUVFzx7MB5MOV3I6TtXfjXxfEoFgIUPkj9f
eUW2jZ/lskpV2j0Eo0UmMhjIRWgH9uwu6/bjCLo+xckaM+eUBwefm7p60dIThxVq
KVEAtISim4yxlRmgfdCuEAOUi7J+XFYOkw==
=aLMo
-END PGP SIGNATURE-

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Google keeps the chat history even you enabled the OTR

2014-05-08 Thread Jorge SoydelBierzo 
Plain text or encrypted?
El 08/05/2014 15:06, Nariman Gharib nariman...@gmail.com escribió:

 Hey all,

 Just I want to remind you, Gmail is keeping your chat history even you
 enable the OTR on your gmail chat.

 how? if you going to plus.google.com and on the top right side of the
 page you click on the Hangout, and then select a person who you talked to
 him recently, you can see your all chat history is come up! you can delete
 manually your chat history from there too, but too sides should do the same
 things. I don't know after these things Google will keep our chat history
 or not!!! but I think this is a bug in Gmail service.


 Thanks
 Nariman

 --
 PGP: 084F 95C0 BD1B B15A 129C 90DB A539 6393 6999 CBB6
 www.NARIMAN.Tel

 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing moderator at
 compa...@stanford.edu.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] About Telegram

2014-03-19 Thread Jorge SoydelBierzo 
Yeah, but there's a bunch of info to take in count:

1.- Telegram claims they don't have any relation with Russia in their FAQ.
This is not true.

Take a look to IP servers they use, from line 309:

https://github.com/DrKLO/Telegram/blob/master/TMessagesProj/src/main/java/org/telegram/messenger/ConnectionsManager.java

They have servers in two U.S. datacenters, another in UK, one in Singapore
(american company owned) and two in Russia, the IP are from VK.com, company
sold to Putin's friend.

https://stat.ripe.net/95.142.192.66#tabId=at-a-glance
https://stat.ripe.net/95.142.192.65#tabId=at-a-glance

2.- Telegram domain is registered using an anonimizer service, no NGO or
company info in Telegram website. But they publish oficial app in Google
Play as Telegram LLC, a company registered in Delaware on May 2013.

Website is in U.S. datacenter

3.- As Brian told, server side software isn't opensource. We didn't really
know how it works, which info is storing and how this info is replicated to
another servers.

If I connect from Spain, the app connect to UK servers by proximity (app
uses a sort of heuristic algorithm to detect better server from your
location based on lag and hops). If I'm talking with a russian user
connected to VK servers, UK server must send messages to russian server.

This is when you use normal chat, not encrypted chat that is supossed to be
one-to-one with no server intervention. Encryption isn't used by default,
just when user ask for it.


4.- App don't check server certificates, so Man-in-the-Middle attack is
possible to intercept files and unencrypted chats.

I'm not whatsapp user and just used Telegram to check this.

If NSA was able to access whatsapp messages, with Telegram NSA also has
access, plus GCHQ in UK and russian FSB.

Chatsecure, Textsecure, Pidgin+OTR... we have enough app with proven
encryption to rely on an obsure organization like Telegram.


2014-03-19 13:45 GMT+01:00 Brian Conley bri...@smallworldnews.tv:

 It violates the primary principle many experts here depend on: the most
 important parts are not open source.

 I'll echo Natanels comments, no obvious reason not to recommend Chatsecure
 or TextSecure. What she's telegram have that these don't?

 Brian
 On Mar 19, 2014 12:36 PM, sam de silva s...@media.com.au wrote:

 Hi there,

 So it's almost a month since this thread died.

 To me, it looks pretty good and while I am not a mathematician, Telegram
 looks like a good solution to help improve digital security.

 But this list has the experts. What's the recommendation? Was there any
 consensus about Telegram.

 Thanks and best, Sam.



 On 22/02/2014, at 1:05 AM, Tony Arcieri basc...@gmail.com wrote:

 On Friday, February 21, 2014, Maxim Kammerer m...@dee.su wrote:

 All I see is snobbishness of people who have typical Western fear of
 steering from authorized engineering approaches. The people are
 quick to judge some unknown foreign developers incompetent


 As far as I can tell, you are the only person speaking on this thread who
 wants to spin it into a discussion of Westerners, xenophobia, etc.

 I'm talking about math.

 Telegram is not IND-CCA2 secure. Period. They have some extra sprinkles
 they claim prevents adaptive chosen ciphertext attacks. They have no formal
 proof of these claims.

 Authenticated encryption schemes are IND-CCA2 secure by design.

 Telegram's scheme is inferior. It's mathematically inferior. Period. It
 has nothing to do with nationalism. It has everything to do with math.

 Telegram is an inferior design as compared to the standard designs being
 used in common practice.


 --
 Tony Arcieri

 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing moderator at
 compa...@stanford.edu.



 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing moderator at
 compa...@stanford.edu.


 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing moderator at
 compa...@stanford.edu.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] nweb + Tor

2014-01-20 Thread Jorge SoydelBierzo 
Nweb is easily exploitable

A simple petition like this crashs server:

GET
/
HTTP/1.0

It's also possible to hack core file using a special crafted petition,
using info gathered and metasploit to inject a shell using one of the linux
reverse payloads, giving access to your server with privileges from user
running the web server.

Nweb is not for a production environment, better use Nginx without access
to cgi, php-fpm, etc. just for static content.



2014/1/20 Jonathan Wilkes jancs...@yahoo.com

 Hi list,
  I'm thinking about setting up a slightly modified version of nweb as
 a Tor hidden service:
 http://www.ibm.com/developerworks/systems/library/es-nweb/index.html?ca=
 dat

 This is for fun, mostly just to learn some more about Tor hidden services
 and webservers.  But it's got me wondering: has anyone done this yet?

 If not, I'm curious what kinds of attacks a security specialist sees with
 this setup if I just want to post something like the text of the Magna
 Carta.  Especially-- are there simple attacks against such a naive
 webserver like this that nginx or other webservers run as a hidden service
 would prevent?

 Best,
 Jonathan
 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated: https://mailman.stanford.edu/
 mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change
 password by emailing moderator at compa...@stanford.edu.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] nweb + Tor

2014-01-20 Thread Jorge SoydelBierzo 
BTW, mod_security it's available for Nginx at beta stage, it's a good deal
install it and add OWASP core rules. For dynamic content, CMS like drupal,
wordpress, joomla, etc, works better Atomicorp (GotRoot) rules for
mod_security.


2014/1/20 Jorge SoydelBierzo berci...@soydelbierzo.com

 Nweb is easily exploitable

 A simple petition like this crashs server:

 GET
 /
 HTTP/1.0

 It's also possible to hack core file using a special crafted petition,
 using info gathered and metasploit to inject a shell using one of the linux
 reverse payloads, giving access to your server with privileges from user
 running the web server.

 Nweb is not for a production environment, better use Nginx without access
 to cgi, php-fpm, etc. just for static content.



 2014/1/20 Jonathan Wilkes jancs...@yahoo.com

 Hi list,
  I'm thinking about setting up a slightly modified version of nweb as
 a Tor hidden service:
 http://www.ibm.com/developerworks/systems/library/es-nweb/index.html?ca=
 dat

 This is for fun, mostly just to learn some more about Tor hidden services
 and webservers.  But it's got me wondering: has anyone done this yet?

 If not, I'm curious what kinds of attacks a security specialist sees with
 this setup if I just want to post something like the text of the Magna
 Carta.  Especially-- are there simple attacks against such a naive
 webserver like this that nginx or other webservers run as a hidden service
 would prevent?

 Best,
 Jonathan
 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated: https://mailman.stanford.edu/
 mailman/listinfo/liberationtech. Unsubscribe, change to digest, or
 change password by emailing moderator at compa...@stanford.edu.



-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] nweb + Tor

2014-01-20 Thread Jorge SoydelBierzo 
I've tested this several years ago, may be the get needs to be bigger for a
buffer overflow (over 1012 bytes, no matters if you use A, U or 5 ;-D)

When buffer overflow works, you can get a core dump file.

With ESP and EIP values in core dump, and patternOffset tool from
Metasploit, you can calculate word alignment, EIP offset, etc.

With ESP value, buffer size, ESP offset and generated shellcode, using
http-esploit.pl can make a payload to sent to nweb.

Nweb is a PoC, hope nobody uses it in the wild.

El martes, 21 de enero de 2014, Andrés Leopoldo Pacheco Sanfuentes 
alps6...@gmail.com javascript:_e({}, 'cvml', 'alps6...@gmail.com');
escribió:

 On Mon, Jan 20, 2014 at 7:06 PM, Jonathan Wilkes jancs...@yahoo.com
 wrote:
  GET
 
 /AAA
  A
 
 
  HTTP/1.0


 would it work the same if one replace the A for U, for example? :D

 Best Regards | Cordiales Saludos | Grato,

 Andrés L. Pacheco Sanfuentes
 a...@acm.org
 +1 (817) 271-9619
 --
 Liberationtech is public  archives are searchable on Google. Violations
 of list guidelines will get you moderated:
 https://mailman.stanford.edu/mailman/listinfo/liberationtech.
 Unsubscribe, change to digest, or change password by emailing moderator at
 compa...@stanford.edu.

-- 
Liberationtech is public  archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.