Bringing Tahoe ideas to HTTP

2009-08-31 Thread Brian Warner
[sent once to tahoe-dev, now copying to cryptography too, sorry for the duplicate] At lunch yesterday, Nathan mentioned that he is interested in seeing how Tahoe's ideas and techniques could trickle outwards and influence the design of other security systems. And I was complaining about how the

Re: [tahoe-dev] a crypto puzzle about digital signatures and future compatibility

2009-08-31 Thread James A. Donald
Zooko Wilcox-O'Hearn wrote: On Wednesday,2009-08-26, at 19:49 , Brian Warner wrote: Attack B is where Alice uploads a file, Bob gets the filecap and downloads it, Carol gets the same filecap and downloads it, and Carol desires to see the same file that Bob saw. ... The attackers (who may

Re: [tahoe-dev] Bringing Tahoe ideas to HTTP

2009-08-31 Thread Michael Walsh
Hi Brian, all; I'm all for including merkle trees with HTTP GETs, two items that spring to mind: - Appending the location of the hash as you suggest in #hashtree=ROOTXYZ;http://otherplace which requires no changes to the webserver. - Adding a HTTP header with this data but requires something

Re: [tahoe-dev] Bringing Tahoe ideas to HTTP

2009-08-31 Thread Brian Warner
Michael Walsh wrote: - Adding a HTTP header with this data but requires something like a server module or output script. It also doesn't ugly up the URL (but then again, we have url shortner services for manual typing). Ah, but see, that loses the security. If the URL doesn't contain the

Practical attack on WPA?

2009-08-31 Thread Jerry Leichter A Practical Message Falsification Attack on WPA Toshihiro Ohigashi and Masakatu Morii Abstract. In 2008, Beck and Tews have proposed a practical attack on WPA. Their attack (called the

Defending Against Sensor-Sniffing Attacks on Mobile Phones

2009-08-31 Thread Jerry Leichter ABSTRACT Modern mobile phones possess three types of capabilities: computing, communication, and sensing. While these capa- bilities enable a variety of novel applications, they also raise serious privacy concerns. We

Fwd: Important Information for PGP® Desktop Use rs Running Mac OS X

2009-08-31 Thread R.A. Hettinga
Heh... So, we gotta pay for the upgrade in order to use PGP on Snow Leopard? Whee. Cheers, RAH Begin forwarded message: From: PGP Corporation Date: August 28, 2009 6:18:09 PM GMT-04:00 To: Subject: Important Information for PGP® Desktop Users Running

Fwd: [Macgpg-users] GPGMail Snow Leopard

2009-08-31 Thread R.A. Hettinga
...and now GPG. So, Snow Leopard is crypto-less? Cheers, RAH What? I shoulda said sans-crypto? --- Begin forwarded message: From: Benjamin Donnachie Date: August 28, 2009 7:44:09 PM GMT-04:00 To:

Source for Skype Trojan released

2009-08-31 Thread Jerry Leichter
It can “...intercept all audio data coming and going to the Skype process.” Proof of concept, but polished versions will surely follow. -- Jerry