Re: [liberationtech] Spanish woman given jail term for tweeting jokes about Franco-era assassination
You're right, here in Spain if you don't have prior convictions don't go to jail for a sentence under 2 years. Her sentence include 7 years of disqualification for public employments > El 31 mar 2017, a las 0:53, Marc Juulescribió: > > > >> On Thu, Mar 30, 2017 at 3:08 PM, F LM wrote: >> In the same article: >> >> "She is unlikely to go to jail because those convicted of non-violent crimes >> with a sentence of under two years are not imprisoned." > > Not read up on spanish law and not a lawyer but I believe this is type of > thing is common in other European countries. As a Dane it's not surprising > that someone is given a jail sentence that they don't end up serving. Just > because she gets a pass from serving her prison term now (which is likely > dependent on her having no prior convictions) any future convictions may > cause her to have to serve the full term. She has technically been given a > jail term but may get out of serving it if certain conditions are met in the > past and in the future. The fact that she has been sentenced to jail, even if > she doesn't end up serving the sentence, will likely limit her access to > certain types of jobs and opportunities as well. I agree that this could be > more confusing for people from other legal regimes, but I don't believe most > northern europeans would find the headline especially misleading. > > -- > marc/juul > -- > Liberationtech is public & archives are searchable on Google. Violations of > list guidelines will get you moderated: > https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, > change to digest, or change password by emailing moderator at > compa...@stanford.edu. -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Burundi
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 That's good news El 18/05/15 a las 16:24, Brian Conley escribió: That may be so, but Burundians are definitely online, as I noted one whom I know tweeting within the last hour or so. On May 18, 2015 7:22 AM, Jorge SoydelBierzo berci...@soydelbierzo.com mailto:berci...@soydelbierzo.com wrote: Blackout, 4 days ago https://twitter.com/BBCAfrica/status/598458138887585792 El 18/05/15 a las 16:22, Richard Brooks escribió: We have noticed that Burundi bloggers are off-line. No doubt related to the President's crack down after the failed coup. Does anyone have any news as to whether this silence is due to: -Internet blackout? -Physical threat/imprisonment? -Fear? -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQGcBAEBAgAGBQJVWfZoAAoJELfobSJASvIhJWEL/RZgTPj6lzIxcz/RhmHpHhh8 PJNcTnRxUizvOUlPMb1ZvtRM0Y4BHtbr2wnujCuBMVx6r4s0dyW+1YHb8Ziczkze 3E1OaoYlq+oPouv8DB/I6ivInIXVOSIHY+TjdC/iiopDKaP3fBmqCxgjyR9PYGlh NLJqFOYaKIVLUIicyLGoZfFfi9HDjOahNSfzkxo9DhdXwxFn/aQ1g9awoXQpm5+L oybA7cK8YPw/F/6XuM+Uach2H6knff+nKqDvvzUpMhleTSk/hgmnNzqrvVB6ZRGH OnY2n9pcizRt03cb4d/P1iHzjSylc85oRIUinF0dMHgeXYtNKLE8pVabZVaGf0kY mJ8pWvWta3yw1qRn7ahJ1H6priOgbTZeBUa+3BWd95UijD34Lk3DLKHqejxUOdEQ tl6wj5PRa5wzvaiwgnM787cq17uLuHvxTL74OakARSPY266f+x9ppc+BzSiDSy/U LDuMEcS1OqLxKMnDyP0yFhtqL71UfxNDEbRPSMy+Gg== =SByG -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Burundi
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Blackout, 4 days ago https://twitter.com/BBCAfrica/status/598458138887585792 El 18/05/15 a las 16:22, Richard Brooks escribió: We have noticed that Burundi bloggers are off-line. No doubt related to the President's crack down after the failed coup. Does anyone have any news as to whether this silence is due to: -Internet blackout? -Physical threat/imprisonment? -Fear? -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQGcBAEBAgAGBQJVWfWoAAoJELfobSJASvIhgvsL/3mNPqaH2Bh/Xhwj+8mFveT0 RN7VVb62gsKS+EB1W5GrxU3UcgHsakjSZzfKZKNjYF0pi+EP3+sreFjUrhWjHtFV yZBRKEHSKPMqiJsGMhDvoDcgTpCJMwFTl3pb4lUBfaB9UKa64uf06NxrI7gU9PxP lkD2JoJjlEmGZdgRhRbhk2gAP8dhvi5xlteJSN6FzA27vFd8qInEyyj7HwlRr5Zp 3wro6FPhdkgfKyYZNpigiApuUcPSkbxtkVW5GyrUQVa7dNY+tTq50R1FLamhw8Ku y/yYYD4KAvzYWzSy7sgKIjcVoikfMj2R0IrWYmEbdir9cN/LfIT9aZZKUqDVf1Vc cBuzg+NarQ2uLYQplf0XHUHanlY87OgSo6OMEPlLjwR4hDDDNUfrShVCaMvlNEIR tqo6l2jdhJDbb5tDDSCaEGvd1RkyRW4KTAJIZvQebCSsJV8l4SjSgrpRUU15HFhW Mv70gFjsnmV2ey5gj3rXRbFXmiK3hS7t8ELH0kmQ6g== =x4Zp -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Free or Cheap VPN for OS X?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Or this https://nordvpn.com/ VPN+Tor El 05/05/15 a las 16:09, Amin Sabeti escribió: Probably, this service will help you: https://www.privateinternetaccess.com/ On 5 May 2015 at 15:08, anonymous2...@nym.hush.com mailto:anonymous2...@nym.hush.com wrote: Hi, Can anyone recommend a free or cheap VPN for OS X (a Psiphon 3 equivalent)? Before anyone says it, I'm well aware of the various dangers related to VPNs and the availability of TOR etc but I'm just looking for something for low risk stuff when travelling etc. Thanks. -A -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu mailto:compa...@stanford.edu. -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQGcBAEBAgAGBQJVSM/hAAoJELfobSJASvIh+gkL/0fVe3dR43Z0UpkoM9zs8sTe QGp6sJkSo0rFHf8n5LuSk9XjVTKKxoWEMvj+wUmi8ly6AYQcPZtsDPo1QubuJCIm NGPTFDpQ1i+uS7mrQfvgu/iRy8ypHWbXCDehRrej7FxgO4yM3WGNodMnTcREn31r hIeZfnGJCqxKxOA/JkoqLc8bRnA1cYJItnosghlnc3ukA3RrWxXRLvodiNd7QEAA zKF0lz6AGgpjRw/OejspOKrX8D17qVtsU8D3FIW/GyqOI0djczA0jhR/ZOwNP7tN 0g2ZLqNDTMHUy4VRWObLByfdkGsHpCV8+vZqpGrE0UxOSmKjlLMZ8V5C7b2PDp75 wD0WreXSKX+8Oun6sDzMnwpG2sYw53+6e6cM4LoCI4PmljbgMhf7YsIlBXmGxk06 71m2jwuFNRw2Ih3C5QyDCOLN8PDIPur02h7XIsDDEQ9uJ7q+KPEyefR77UEAOfPp U3Vs09BrqVnexHxbBwI+R17g/UtT2dlxIAoo6xPslQ== =owna -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Umbrella App
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Please ping the list, more people could be interested. Thanks in advance El 25 de febrero de 2015 21:44:25 CET, Security First i...@secfirst.org escribió: Hi Armin, Thanks for reaching out. We've been beavering away on Umbrella for the past few months before pushing out the first early version into the wider community (in the next few weeks hopefully). I will ping you a mail direct. Thanks, Rory -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -BEGIN PGP SIGNATURE- iQHGBAEBCAAwKRxTb3lkZWxCaWVyem8gPGJlcmNpYW5vQHNveWRlbGJpZXJ6by5j b20+BQJU7jUUAAoJELfobSJASvIhQBUL/2mGAfykojwioHTfzFH8FcJ4waQnLlvL t0GNFfShUKFsmgE2n3f/dYQJ042ifNxnEcgEcWItV2QHAvz4jJdY1XjdFxHbaIx3 EWbbW6Uz7jrLsWrMCefw7niawCZk2LprBQXBlhTaAfKbOHgwZeS33FCBkVehAMUI 0OJF69ja3eY/5lK4nqvL+HipkeQqeYo/JMpnjM6iTUIeWrPa7l9Qz7TGApZf6zsZ 5XAMwcGuYPGIsy2PIldkxTMbmHobxwUxWOlopGfy0rQuRaWz/4KA9REA8ua2YbIG 2upPcMC9wtkQCx7vBVR3rJ5HPJXQzY9hJjKz0mOhj/cIHLniwN3Z/QXsBoVqG+AZ EUau3F4kOncp5S7XRdrpmm5UWYB/bQUVFzx7MB5MOV3I6TtXfjXxfEoFgIUPkj9f eUW2jZ/lskpV2j0Eo0UmMhjIRWgH9uwu6/bjCLo+xckaM+eUBwefm7p60dIThxVq KVEAtISim4yxlRmgfdCuEAOUi7J+XFYOkw== =aLMo -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] Google keeps the chat history even you enabled the OTR
Plain text or encrypted? El 08/05/2014 15:06, Nariman Gharib nariman...@gmail.com escribió: Hey all, Just I want to remind you, Gmail is keeping your chat history even you enable the OTR on your gmail chat. how? if you going to plus.google.com and on the top right side of the page you click on the Hangout, and then select a person who you talked to him recently, you can see your all chat history is come up! you can delete manually your chat history from there too, but too sides should do the same things. I don't know after these things Google will keep our chat history or not!!! but I think this is a bug in Gmail service. Thanks Nariman -- PGP: 084F 95C0 BD1B B15A 129C 90DB A539 6393 6999 CBB6 www.NARIMAN.Tel -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] About Telegram
Yeah, but there's a bunch of info to take in count: 1.- Telegram claims they don't have any relation with Russia in their FAQ. This is not true. Take a look to IP servers they use, from line 309: https://github.com/DrKLO/Telegram/blob/master/TMessagesProj/src/main/java/org/telegram/messenger/ConnectionsManager.java They have servers in two U.S. datacenters, another in UK, one in Singapore (american company owned) and two in Russia, the IP are from VK.com, company sold to Putin's friend. https://stat.ripe.net/95.142.192.66#tabId=at-a-glance https://stat.ripe.net/95.142.192.65#tabId=at-a-glance 2.- Telegram domain is registered using an anonimizer service, no NGO or company info in Telegram website. But they publish oficial app in Google Play as Telegram LLC, a company registered in Delaware on May 2013. Website is in U.S. datacenter 3.- As Brian told, server side software isn't opensource. We didn't really know how it works, which info is storing and how this info is replicated to another servers. If I connect from Spain, the app connect to UK servers by proximity (app uses a sort of heuristic algorithm to detect better server from your location based on lag and hops). If I'm talking with a russian user connected to VK servers, UK server must send messages to russian server. This is when you use normal chat, not encrypted chat that is supossed to be one-to-one with no server intervention. Encryption isn't used by default, just when user ask for it. 4.- App don't check server certificates, so Man-in-the-Middle attack is possible to intercept files and unencrypted chats. I'm not whatsapp user and just used Telegram to check this. If NSA was able to access whatsapp messages, with Telegram NSA also has access, plus GCHQ in UK and russian FSB. Chatsecure, Textsecure, Pidgin+OTR... we have enough app with proven encryption to rely on an obsure organization like Telegram. 2014-03-19 13:45 GMT+01:00 Brian Conley bri...@smallworldnews.tv: It violates the primary principle many experts here depend on: the most important parts are not open source. I'll echo Natanels comments, no obvious reason not to recommend Chatsecure or TextSecure. What she's telegram have that these don't? Brian On Mar 19, 2014 12:36 PM, sam de silva s...@media.com.au wrote: Hi there, So it's almost a month since this thread died. To me, it looks pretty good and while I am not a mathematician, Telegram looks like a good solution to help improve digital security. But this list has the experts. What's the recommendation? Was there any consensus about Telegram. Thanks and best, Sam. On 22/02/2014, at 1:05 AM, Tony Arcieri basc...@gmail.com wrote: On Friday, February 21, 2014, Maxim Kammerer m...@dee.su wrote: All I see is snobbishness of people who have typical Western fear of steering from authorized engineering approaches. The people are quick to judge some unknown foreign developers incompetent As far as I can tell, you are the only person speaking on this thread who wants to spin it into a discussion of Westerners, xenophobia, etc. I'm talking about math. Telegram is not IND-CCA2 secure. Period. They have some extra sprinkles they claim prevents adaptive chosen ciphertext attacks. They have no formal proof of these claims. Authenticated encryption schemes are IND-CCA2 secure by design. Telegram's scheme is inferior. It's mathematically inferior. Period. It has nothing to do with nationalism. It has everything to do with math. Telegram is an inferior design as compared to the standard designs being used in common practice. -- Tony Arcieri -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] nweb + Tor
Nweb is easily exploitable A simple petition like this crashs server: GET / HTTP/1.0 It's also possible to hack core file using a special crafted petition, using info gathered and metasploit to inject a shell using one of the linux reverse payloads, giving access to your server with privileges from user running the web server. Nweb is not for a production environment, better use Nginx without access to cgi, php-fpm, etc. just for static content. 2014/1/20 Jonathan Wilkes jancs...@yahoo.com Hi list, I'm thinking about setting up a slightly modified version of nweb as a Tor hidden service: http://www.ibm.com/developerworks/systems/library/es-nweb/index.html?ca= dat This is for fun, mostly just to learn some more about Tor hidden services and webservers. But it's got me wondering: has anyone done this yet? If not, I'm curious what kinds of attacks a security specialist sees with this setup if I just want to post something like the text of the Magna Carta. Especially-- are there simple attacks against such a naive webserver like this that nginx or other webservers run as a hidden service would prevent? Best, Jonathan -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/ mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] nweb + Tor
BTW, mod_security it's available for Nginx at beta stage, it's a good deal install it and add OWASP core rules. For dynamic content, CMS like drupal, wordpress, joomla, etc, works better Atomicorp (GotRoot) rules for mod_security. 2014/1/20 Jorge SoydelBierzo berci...@soydelbierzo.com Nweb is easily exploitable A simple petition like this crashs server: GET / HTTP/1.0 It's also possible to hack core file using a special crafted petition, using info gathered and metasploit to inject a shell using one of the linux reverse payloads, giving access to your server with privileges from user running the web server. Nweb is not for a production environment, better use Nginx without access to cgi, php-fpm, etc. just for static content. 2014/1/20 Jonathan Wilkes jancs...@yahoo.com Hi list, I'm thinking about setting up a slightly modified version of nweb as a Tor hidden service: http://www.ibm.com/developerworks/systems/library/es-nweb/index.html?ca= dat This is for fun, mostly just to learn some more about Tor hidden services and webservers. But it's got me wondering: has anyone done this yet? If not, I'm curious what kinds of attacks a security specialist sees with this setup if I just want to post something like the text of the Magna Carta. Especially-- are there simple attacks against such a naive webserver like this that nginx or other webservers run as a hidden service would prevent? Best, Jonathan -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/ mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] nweb + Tor
I've tested this several years ago, may be the get needs to be bigger for a buffer overflow (over 1012 bytes, no matters if you use A, U or 5 ;-D) When buffer overflow works, you can get a core dump file. With ESP and EIP values in core dump, and patternOffset tool from Metasploit, you can calculate word alignment, EIP offset, etc. With ESP value, buffer size, ESP offset and generated shellcode, using http-esploit.pl can make a payload to sent to nweb. Nweb is a PoC, hope nobody uses it in the wild. El martes, 21 de enero de 2014, Andrés Leopoldo Pacheco Sanfuentes alps6...@gmail.com javascript:_e({}, 'cvml', 'alps6...@gmail.com'); escribió: On Mon, Jan 20, 2014 at 7:06 PM, Jonathan Wilkes jancs...@yahoo.com wrote: GET /AAA A HTTP/1.0 would it work the same if one replace the A for U, for example? :D Best Regards | Cordiales Saludos | Grato, Andrés L. Pacheco Sanfuentes a...@acm.org +1 (817) 271-9619 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.