Bringing Tahoe ideas to HTTP

[sent once to tahoe-dev, now copying to cryptography too, sorry for the duplicate] At lunch yesterday, Nathan mentioned that he is interested in seeing how Tahoe's ideas and techniques could trickle outwards and influence the design of other security systems. And I was complaining about how the

Re: [tahoe-dev] a crypto puzzle about digital signatures and future compatibility

Zooko Wilcox-O'Hearn wrote: On Wednesday,2009-08-26, at 19:49 , Brian Warner wrote: Attack B is where Alice uploads a file, Bob gets the filecap and downloads it, Carol gets the same filecap and downloads it, and Carol desires to see the same file that Bob saw. ... The attackers (who may

Re: [tahoe-dev] Bringing Tahoe ideas to HTTP

Hi Brian, all; I'm all for including merkle trees with HTTP GETs, two items that spring to mind: - Appending the location of the hash as you suggest in #hashtree=ROOTXYZ;http://otherplace which requires no changes to the webserver. - Adding a HTTP header with this data but requires something

Re: [tahoe-dev] Bringing Tahoe ideas to HTTP

Michael Walsh wrote: - Adding a HTTP header with this data but requires something like a server module or output script. It also doesn't ugly up the URL (but then again, we have url shortner services for manual typing). Ah, but see, that loses the security. If the URL doesn't contain the

Practical attack on WPA?

http://jwis2009.nsysu.edu.tw/location/paper/A%20Practical%20Message%20Falsification%20Attack%20on%20WPA.pdf A Practical Message Falsification Attack on WPA Toshihiro Ohigashi and Masakatu Morii Abstract. In 2008, Beck and Tews have proposed a practical attack on WPA. Their attack (called the

Defending Against Sensor-Sniffing Attacks on Mobile Phones

http://conferences.sigcomm.org/sigcomm/2009/workshops/mobiheld/papers/p31.pdf ABSTRACT Modern mobile phones possess three types of capabilities: computing, communication, and sensing. While these capa- bilities enable a variety of novel applications, they also raise serious privacy concerns. We

Fwd: Important Information for PGP® Desktop Use rs Running Mac OS X

Heh... So, we gotta pay for the upgrade in order to use PGP on Snow Leopard? Whee. Cheers, RAH Begin forwarded message: From: PGP Corporation dataprotect...@pgp.com Date: August 28, 2009 6:18:09 PM GMT-04:00 To: r...@ibuc.com Subject: Important Information for PGP® Desktop Users Running

Fwd: [Macgpg-users] GPGMail Snow Leopard

...and now GPG. So, Snow Leopard is crypto-less? Cheers, RAH What? I shoulda said sans-crypto? --- Begin forwarded message: From: Benjamin Donnachie benja...@py-soft.co.uk Date: August 28, 2009 7:44:09 PM GMT-04:00 To: @lists.sourceforge.net macgpg-us...@lists.sourceforge.net

Source for Skype Trojan released

It can “...intercept all audio data coming and going to the Skype process.” Proof of concept, but polished versions will surely follow. http://www.scmagazineus.com/Skype-snooping-trojan-detected/article/147537/ -- Jerry