On 8/19/14, Tom Ritter t...@ritter.vg wrote:
On 18 August 2014 23:29, Tony Arcieri basc...@gmail.com wrote:
Anyone know why this hasn't gained adoption?
http://tools.ietf.org/html/rfc2817
I've been watching various efforts at widespread opportunistic
encryption,
like TCPINC and STARTTLS in
Hi Tom,
Have you seen the cellebrite gear and their forensics tools?
My understanding is that their UFED gear attempts to exploit various
bugs in phones.
https://wikileaks.org/spyfiles/list/company-name/cellebrite.html
Here is one of their people talking about exploiting 0day bugs to gain
Hi Tom,
On 3/2/14, Tom Ritter t...@ritter.vg wrote:
On Mar 2, 2014 11:47 AM, Kevin kevinsisco61...@gmail.com wrote:
Tom:
Pherhaps I am in the dark about this, but I'm sure attacking android is
quite simple as mobile security is farely new. I have to wonder why you
are asking?
If it's
Nadim Kobeissi:
Sorry, I wasn't meaning to avoid any questions. I simply forgot to
answer them. It's best to assume good will from others on a
discussion list.
Glad to hear it.
I do not know how many users choose forward secret protocols, nor do
I imagine there is a standardized or easy
Nadim Kobeissi:
On 2013-07-05, at 3:15 AM, Jacob Appelbaum ja...@appelbaum.net wrote:
Nadim Kobeissi:
Hello everyone,
I urge you to read our response at the Cryptocat Development Blog, which
strongly clarifies the situation:
https://blog.crypto.cat/2013/07/new-critical-vulnerability
aort...@alu.itba.edu.ar:
The more interesting point is high vs low latency. I really like the
idea of having a high-latency option in Tor. It would still need to
have a lot of users to actually be useful, though. But it seems there
are various protocols that would be ore high-latency-friendly
Ben Laurie:
On 1 July 2013 12:32, Tom Ritter t...@ritter.vg wrote:
On 1 July 2013 05:04, Ben Laurie b...@links.org wrote:
On 1 July 2013 01:55, Jacob Appelbaum ja...@appelbaum.net wrote:
So then - what do you suggest to someone who wants to leak a document to
a press agency that has
Nadim Kobeissi:
On 2013-06-29, at 11:48 PM, Jacob Appelbaum ja...@appelbaum.net
wrote:
Natanael:
I'm not seeing that many options though. The Phantom project died
pretty fast; https://code.google.com/p/phantom/
https://groups.google.com/forum/#!forum/phantom-protocol
http://phantom
Nadim Kobeissi:
Read my email more carefully next time. I specifically encouraged
experimentation in a way that seems reasonably safe:
There's no need to be so patronizing — I'm aware that you recommended TAILS
(which is also a Tor project).
I'm sorry to write with more bad news - it
Michael Rogers:
So who's out there developing any useful protocols for
anonymization today? *Anybody*? Could we try to start a new project
(if needed) to create one?
I'd love to see a revitalisation of remailer research, focussing on
unlinkability (which we know many people would benefit
aort...@alu.itba.edu.ar:
I believe Anonymity is a problem orders of magnitude bigger than privacy.
I agree - though most people think the two terms mean the same thing.
Lots of different terms are a similar set of things for different people.
Tor seems like the only serious project aiming at
Yosem Companys:
Speaking of which...
If you had an extra $2-3K to give to a liberationtech or crypto project,
who do you think would benefit the most?
Tails. They could use support:
https://tails.boum.org
All the best,
Jacob
___
cryptography
hRyan Hurst:
Though it wouldn't necessarily advance anonymity or cryptography knowledge I
think funding of a public repository that had reviewed, stable packages or
for the most popular distributions fnginx, apache and openssl that came with
the most secure stuff enabled; for example today
Ethan Heilman:
The way I read that (and combined with the overall disclosures that they
are basically collecting everything they can get their hands on) the NSA
has now been de-militarised, or civilianised if you prefer that term. In
the sense that, information regarding criminal activity is
Natanael:
I would like to point out that the developers of the anonymizing network
I2P are looking for more external review of the codebase (it's in Java, by
the way). Everybody who knows how to do security reviews of source code and
has time to spare should take a look at it.
I've
Natanael:
I'm not seeing that many options though. The Phantom project died pretty
fast;
https://code.google.com/p/phantom/
https://groups.google.com/forum/#!forum/phantom-protocol
http://phantom-anon.blogspot.se/
So who's out there developing any useful protocols for anonymization today?
Dear Eric,
Eric S Johnson:
Sauer: We answer to this question: We provide a safe communication option
available. I will not tell you whether we can listen to it or not.
In other words, no evidence there, either.
There is also no useful definition of safe. Does that include secure?
Does
This presupposes custom malware written for the specific target.
Not always. It presumes that someone may pack a binary just for a single
target - this is however an automated process for lots of malware packages.
Highly customized spearphish attacks are unlikely to be detected, but
James A. Donald:
Cops just don't put that much work in.
On 2013-05-22 5:41 PM, Jacob Appelbaum wrote:
Yes, yes they do:
http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/
That governments attempt to spy on people is not evidence
Mark Seiden:
i think we are having a misunderstanding here.
any sort of opt-in or opt out doesn't work in the account takeover scenario,
which is
very common these days.
the bad guy will always have a relationship through the buddy list, which is
exactly
why they are using taken over
James A. Donald:
On 2013-05-20 7:49 PM, Mark Seiden wrote:
i think we are having a misunderstanding here.
any sort of opt-in or opt out doesn't work in the account takeover
scenario, which is
very common these days.
No one on my buddy list has been taken over, or if they have, they took
James A. Donald:
James A. Donald:
No one on my buddy list has been taken over, or if they have, they
took care of it before I noticed.
On 2013-05-21 10:55 AM, Jacob Appelbaum wrote:
That is - how would they notice and if they were being logged, how would
*you* notice on your end?
I
Krassimir Tzvetanov:
To the best of my knowledge in Russia (no, I'm not Russian nor have lived
there so I'm not 100% sure) you need to submit a copy of the private key if
you are operating a website providing encryption on their territory to
allow for legal intercept.
They also have other
23 matches
Mail list logo
