On 03.09.2013 14:10, Moon Jones wrote:
I stumbled upon UPR these last days. It does not work on my machines.
But the idea sounds good. Yet I could not find anything like it. Tails
comes close, but the network is enabled.
I discovered that Trisquel can be used on most (not all!) laptops with
I like this concept. I'd particularly love a more basic version of this,
perhaps using openbadges to reward people who make it through a
game-cum-course that lets them use security-related tools.
A perennial problem in security education is getting people enough
practical experience. That's
This sounds a nice idea.
There was a similar idea (in its early stages) presented at SOUPS 2013
(Symposium on Usable Privacy and Security) earlier this year. [1]
It was called Device Dash: An Educational Computer Security Game presented by
Era Vuksani. Unfortunately the Era's thesis is not
On 09/09/2013 11:09 PM, Jonathan Wilkes wrote:
On 09/09/2013 03:40 PM, Case Black wrote:
There's a more subtle variant to this idea...
Regularly state (put up a sign) that you HAVE in fact received an
NSL...with the public understanding that it must be a lie (there's no
law against
A portable distribution on an encrypted stick.
In the end, I think only an USB hard drive can offer that, because of
the way memory locations are handled by flash media.
But is it feasable to have a two device solution? Media1 has the /boot
but Media2 has the strong key. Media1 boots,
http://www.kickstarter.com/projects/1904431672/trsst-a-distributed-secure-blog-platform-for-the-o
-Bill
--
Liberationtech is a public list whose archives are searchable on Google.
Violations of list guidelines will get you moderated:
(Apologies if you get this via a few mailing lists. I've tried to spread
it widely yet thinly. And of course, feel free to forward yourself, if
only so I get less blame for over-forwarding)
The newly created Review Group on Intelligence and Communications
Technologies is seeking public comment on
Let's say major corps like ATT and Chase are doing favors for NSA. Why
would they if not for a quid pro quo?
And if they are getting favors in return, isn't that illegal?
I wonder if there is evidence to show what the payback is.
--
Liberationtech is a public list whose archives are searchable
On 09/10/2013 09:27 PM, Lucas Gonze wrote:
Let's say major corps like ATT and Chase are doing favors for NSA. Why
would they if not for a quid pro quo?
And if they are getting favors in return, isn't that illegal?
I wonder if there is evidence to show what the payback is.
My thought is that the reported payments to compensate big corps aren't
enough to justify the opportunity cost.
For example, Room 641A. No doubt NSA is putting some cash in, but the
actual revenue is probably 1/1000th the cost to ATT. Renting rooms and taps
to governments is not a business ATT
In general, as has been well documented, the telcos and other firms
charge the government for data records. While possibly distasteful
(they're making money off of giving our data to the gov!), it makes
sense from an operational point of view: there are real, concrete
costs associated with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/07/2013 08:14 AM, Moon Jones wrote:
I want to do some microsites. All static. HTML plus a few
optimised graphics. A few megabytes each. But I don't want ads. And
it should be done over Tor. It's not about FBI/NSA, but about
having less data
On Sep 10, 2013, at 2:54 PM, Scott Elcomb pse...@gmail.com wrote:
Starting a new thread - it's related but a slightly different topic.
Despite having several devices with fingerprint scanners, I've never used one.
With the release of iPhone 5S and all the discussion around it, I'm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/10/2013 08:41 AM, Moon Jones wrote:
A portable distribution on an encrypted stick.
In the end, I think only an USB hard drive can offer that, because of
the way memory locations are handled by flash media.
But is it feasable to have a two
begin Moritz Bartl quotation of Tue, Sep 10, 2013 at 11:08:18PM +0200:
On 09/10/2013 09:27 PM, Lucas Gonze wrote:
Let's say major corps like ATT and Chase are doing favors for NSA. Why
would they if not for a quid pro quo?
And if they are getting favors in return, isn't that illegal?
Starting a new thread - it's related but a slightly different topic.
Despite having several devices with fingerprint scanners, I've never used one.
With the release of iPhone 5S and all the discussion around it, I'm
curious if fingerprints on file with various Law Enforcement agencies
could be
Clearly not a battle I'm going to win in any sense with this audience but,
really, the current Internet (for many many reasons) is pretty broken in places
(and I don't just mean Facebook) when you turn off JS. We talk about this at
work a lot and even amongst my peers with NoScript installed,
Has Apple released specs on the operation of the fingerprint system? I.e.
Can it be configured to use both a pin and a fingerprint?
-j
On Tue, Sep 10, 2013 at 2:34 PM, Percy Alpha percyal...@gmail.com wrote:
I know that users can be forced to handover digital card and written down
passcode
Your fingerprints change:
http://blog.erratasec.com/2013/09/fingerprints-can-change.html by @ErrataRob
On Tue, Sep 10, 2013 at 4:25 PM, John Adams j...@retina.net wrote:
Has Apple released specs on the operation of the fingerprint system? I.e.
Can it be configured to use both a pin and a
On Tue, Sep 10, 2013 at 05:54:44PM -0400, Scott Elcomb wrote:
Starting a new thread - it's related but a slightly different topic.
Despite having several devices with fingerprint scanners, I've never used one.
With the release of iPhone 5S and all the discussion around it, I'm
curious if
Interesting suggestion. (Do note that supposedly the device will read
'deep in the epidermis', through various skin layers. This suggests that a
life size image of fingerprint might not actually work.)
R
On Tue, Sep 10, 2013 at 5:54 PM, Scott Elcomb pse...@gmail.com wrote:
Starting a new
I think the most worrisome issue is that, any security vulnerability will
make direct personal information available to hackers. In other words,
password theft has no direct implciaiton to your persona, in contrast to
bodily information of the fingerprint. If hacked, this might be used for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday, September 09, 2013 05:09 PM, Jonathan Wilkes wrote:
On 09/09/2013 03:40 PM, Case Black wrote:
There's a more subtle variant to this idea...
[SNIP]
In short I don't think there's a hack for this one, it just
requires old fashioned
On 9/9/13 2:55 PM, Al Billings wrote:
I suggest your use of the net is well outside the mainstream, even
amongst security folks. Some of us actually use social networking, for
example, or don't want ugly, half broken websites simply because we fear
a JavaScript zero day.
Hi Al, big fan. I
Maybe I just don't have the broken Internets problem very often, or I
don't notice it. I can use important sites such as my email provider's
web interface (when I'm not near my regular email client) and my credit
union's mobile site without enabling scripts, so there really isn't much
I'm going
I know that users can be forced to handover digital card and written down
passcode to decrypt data while memorized passcode is mostly safe from
subpena and court orders.
As iPhone5S uses fingerprint to lock the device, could users be forced to
unlock their iPhone5S?
As police can legally collect
The other pressure you mention is just what I was thinking of.
On the one hand there is a threat. Cooperate with NSA or DOD won't
consider your bids. On the other hand there is an offer. Cooperate with
NSA and DOD will favor your bids.
About the cash payments, operational costs are a small part
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well, you could do it in another way: have a sign somwhere and post a
webcam to it, which renews the picture every now an then... many
things can happen to this offline signs without codings
Hauke
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20
28 matches
Mail list logo
