On Thu, Nov 20, 2014 at 02:02:24PM -0500, AntiTree wrote:
I don't see what this would do that an AV wouldn't. Of the samples
I've reviewed, most (all?) have been detected by AV.
On the contrary, Claudio has documented several RATs and other
surveillance malwares used by repressive governments
On Sun, Aug 24, 2014 at 04:40:26PM -0300, J.M. Porup wrote:
If we really want a permanent archive of humanity's work, we
need to build some kind of distributed Noah's Ark. Archive.org is
no good (book depositories are the first to go when the book-burning
starts), and asking the book-burners
On Mon, Aug 25, 2014 at 04:24:02PM -0300, J.M. Porup wrote:
Folks doing this should be cautious of being completely visible, since
in the hypothesized interregnum the lists of where the knowledge from
the past is will be target lists, both for the opressors to destroy and
for desperate
On Thu, Jul 17, 2014 at 03:14:32PM -0400, Jonathan Wilkes wrote:
We know something about the selectors that could trigger
Foxacid attacks, and we can record the data sent to a machine
running Tor Browser Bundle. So has anyone set up a sitting duck to
trigger and record the payload of the
On Thu, Jul 17, 2014 at 12:32:26PM -0700, coderman wrote:
And once you've patched this bug, FOXACID will update to issue another
0day.
It's worth doing, for sure! Patching bugs makes us all incrementally
safer.
this is exactly why some who have received these payloads are sitting
on
On Tue, Jun 24, 2014 at 11:17:31AM -0700, Lucas Gonze wrote:
If anybody comes up with a such a map for the bay area, I'd love to see it.
You may be interested in the hackathon being held on Sat July 12
at Swissnex:
The Hidden City: From Surveillance to Sousveillance
A hack day and workshop with
Apologies for the long quote, but I wanted to preserve as much context
as possible.
On Fri, Oct 18, 2013 at 05:23:32PM -0400, David Golumbia wrote:
Mr. Snowden said he gave all of the classified documents he had
obtained to journalists he met in Hong Kong, before flying to Moscow,
and did
On Fri, Oct 04, 2013 at 02:05:23PM -0700, d.nix wrote:
Just published by Bart Gellman (Thanks Bart!):
http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-tor-encryption-program/501/
This is the output of a student Summer Program project, as advertised
here:
On Wed, Oct 02, 2013 at 11:57:24PM -0500, Paul Elliott wrote:
What is the quality of the Hardware RNG in the Raspberry Pi?
Fairly unknown. The current driver used in Raspbian and so on, which
exposes the RNG directly at /dev/hwrng is definitely *not* safe to use
raw -- it needs a mixing pool at
On Sat, Sep 21, 2013 at 09:24:43PM +0300, jd.cypherpu...@gmail.com wrote:
Cypherpunk Eric Hughes: Der Überwachungsalptraum ist wahr geworden -
http://t.co/hZAWMTEKWZ (DE only) Die Zeit
Why on earth do you route through t.co.
http://www.zeit.de/digital/internet/2013-09/cypherpunks-eric-hughes
On Mon, Sep 16, 2013 at 08:47:09AM -0700, Joe Szilagyi wrote:
I thought they hyped at one point their encryption and not
accessing your files. I guess I was mistaken.
They used to claim that dropbox cannot access your files, but after
Chris Soghoian and others pointed out that this was not
On Mon, Sep 16, 2013 at 02:47:48PM -0500, Jon Lebkowsky wrote:
I followed your links, which said that someone filed a complaint with
the FTC. Nothing about the FTC suing Dropbox. Got a link for that?
Indeed, seems I was mistaken about how far the issue went. (And I don't
understand the
On Tue, Sep 10, 2013 at 05:54:44PM -0400, Scott Elcomb wrote:
Starting a new thread - it's related but a slightly different topic.
Despite having several devices with fingerprint scanners, I've never used one.
With the release of iPhone 5S and all the discussion around it, I'm
curious if
On Fri, Sep 06, 2013 at 10:45:46AM -0700, Joe Szilagyi wrote:
Does anyone put any stock into the rumors floating lately that the
government may have influenced Intel and/or AMD into altering in
subtle ways that CPUs handle random number generation? I keep seeing
this possible FUD floating
On Fri, Sep 06, 2013 at 08:59:26PM -0700, cont...@ansamb.com wrote:
I contact you as the co-founder of ]ansamb[.
]ansamb[ is a Reunion Island (France) based startup that designed a
massively distributed architecture for content sharing from computer
to computer in a full encrypted, unlimited
On Fri, Sep 06, 2013 at 12:48:52AM +0300, Maxim Kammerer wrote:
On Wed, Sep 4, 2013 at 11:03 PM, Travis McCrea m...@travismccrea.com wrote:
http://falkvinge.net/2013/09/04/open-letter-to-us-border-patrol-cbp/
My understanding of the relevant laws is clearly lacking, but the
common theme of
On Thu, Aug 29, 2013 at 12:15:17PM -0700, Michael Hicks wrote:
ok so I guess I just send u guys the links and u check out my software
and Vet it? This was made for people to be able to protect their
privacy and the NSA can't hack it No One can it's impossible. all the
information is at
On Wed, Aug 28, 2013 at 10:47:16PM -0400, Sandy Harris wrote:
It gets worse. The US has a Communications
Assistance to Law Enforcement Act (CALEA)
that basically makes it illegal for anyone to sell
phone switches without wiretap capability in the
US. As a result nearly all such switches have
On Mon, Aug 12, 2013 at 11:10:39AM +0200, Guido Witmond wrote:
There is another problem. You rely on HTTPS. Here is the 64000 dollar
question:
Q._What is the CA-certificate for your banks' website?_
I ask that question to anyone who claims to be security conscious. No
one has given me
On Tue, Aug 06, 2013 at 01:50:31PM +0300, Nadim Kobeissi wrote:
Yes, to be absolutely clear, I think Tor should issue advisories for
confirmed security issues in Tor Browser, since Tor Browser is a fork
of Firefox and is independently maintained. This is exactly what Tor
did this time, except
On Mon, Aug 05, 2013 at 09:19:01AM -0400, liberationt...@lewman.us wrote:
Please cite first person sources on this. It's not clear the FBI did
anything or is involved at all. There is a reddit thread implying this,
but no statement (as of yet) from the FBI or anyone claiming
responsibility for
On Tue, Aug 06, 2013 at 12:09:48AM +0200, Griffin Boyce wrote:
We may have to disagree as to the way forward. I hate to be
contentious, but it seems unlikely that Tor applied a patch without
reading firefox's changelog.
I'm still not clear on what you want Tor to have done. Should they do a
On Wed, Jul 31, 2013 at 02:29:20PM -0700, Steve Weis wrote:
I don't really see a practical use case for one-time pads. You have to
assume that you can securely deliver the pad to someone in advance of
any other communications.
This is the key management problem. If I want to secure a 10MB/day
On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote:
Since a OTP depends critically on never using the same pad to encrypt
multiple plaintexts, it conversely also depends on the same pad only
decrypting a single ciphertext. If a onetime implementation implements
a decryption oracle
On Thu, Aug 01, 2013 at 05:22:48PM +0200, Alexander Kjeldaas wrote:
On Thu, Aug 1, 2013 at 5:01 PM, Andy Isaacson a...@hexapodia.org wrote:
On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote:
Since a OTP depends critically on never using the same pad to encrypt
multiple
On Tue, Jul 30, 2013 at 01:15:15PM -0500, Karl Fogel wrote:
Andy Isaacson a...@hexapodia.org writes:
OneTime 2.0-beta is ready for review and testing, as threatened [1]. See
http://red-bean.com/onetime/
At a quick glance, it appears you have not added any message
authenticity
On Thu, Jul 25, 2013 at 04:41:43AM -0700, Owen Barton wrote:
If a government
secretly aquired the SSL private keys for a site, and the site
continued using them, then no convergence notary would know any
cause not to vouch for the key.
What helps here is perfect forward secrecy.
On Sun, Jul 21, 2013 at 03:26:36AM +0200, KheOps wrote:
Having to play a little bit with a couple of Amazon EC2 virtual
machines, I noticed that I wasn't able to access thepiratebay.sx from
them. The DNS entry is correct, but an HTTP request simply times out.
They are located in the US West
On Fri, Jul 19, 2013 at 01:17:51PM +0100, Michael Rogers wrote:
On 19/07/13 13:03, KheOps wrote:
Just came accross this article, apparently showing the bad quality
of the hardware RNG in Raspberri Pi devices.
from my iPhone
On Jul 11, 2013, at 8:36 PM, Andy Isaacson a...@hexapodia.org wrote:
On Thu, Jul 11, 2013 at 08:12:32PM -0500, Paul Elliott wrote:
Are there any practical one time pad management systems out there,
GPLed for GNU/Linux?
I don't know of any but would be interested
On Thu, Jul 11, 2013 at 12:23:25PM -0700, Mitar wrote:
BTW. Even Tor has centralized directory servers.
It's incredibly misleading to imply that the Tor DA design provides a
similar threat to a server-hosted-crypto proprietary privacy app. (I'm
not accusing you of intentionally misleading, but
On Thu, Jul 11, 2013 at 08:44:24AM -0700, Steve Weis wrote:
It's not true that all widely used crypto implementations are open.
Even open source projects themselves depend on closed implementations.
For example, Linux, OpenSSL, GnuTLS, libgcrypt, and dm-crypt may all use
AESNI on x86,
On Wed, Jul 10, 2013 at 08:00:03PM -0400, Tom Ritter wrote:
On 10 July 2013 09:43, Jacob Appelbaum ja...@appelbaum.net wrote:
Andreas Bader:
Tens of thousands zero-days; that sounds like totally shit. That
guy seems to be a script kiddie poser, nothing more.
Are there any real hackers
On Thu, Jul 11, 2013 at 08:12:32PM -0500, Paul Elliott wrote:
Are there any practical one time pad management systems out there,
GPLed for GNU/Linux?
I don't know of any but would be interested to learn of one.
Is anyone working on one?
I started sketching some design ideas a few months ago,
On Mon, Jun 17, 2013 at 10:09:00AM -0400, Richard Brooks wrote:
[re looking for hardware trojans]
You can't defend against this. There is a lot of research
going into detecting hardware trojans. In general, verifying
that either hardware or software is (or is not) malicious
in undecidable. We
Apologies for replying out of thread and the wide CC list.
On Fri, Jun 07, 2013 at 06:41:32PM +0200, Eugen Leitl wrote:
- Forwarded message from Matthew Petach mpet...@netflight.com -
Date: Fri, 7 Jun 2013 09:32:53 -0700
From: Matthew Petach mpet...@netflight.com
Cc: NANOG
On Wed, Jun 05, 2013 at 06:33:16PM -0400, Rich Kulawiec wrote:
One more point: operations that are this incompetent and negligent
cannot possibly provide any real assurance of security and privacy
to their users, because their putative operators are no longer in
full control of them. Not
On Thu, May 30, 2013 at 12:12:15AM +0200, KheOps wrote:
This is not the first time such a claim is made, but I just came accross
what looks like to be a serious scientific publication claiming that
they prove that P=NP.
In simple words, this would mean that problems that are considered as
On Thu, Apr 25, 2013 at 10:12:11PM -0500, Gregory Foster wrote:
The WSJ's Jennifer Valentino-DeVries broke this story yesterday,
unfortunately behind the WSJ's paywall:
https://twitter.com/jenvalentino/status/327172745332916225
For what it's worth, WSJ often serves real content when you're
.
If you have any other insights, I would be glad to hear them. I would
love to speak with anyone else that can come forward as an NSL victim.
On Wed, Mar 20, 2013 at 5:10 PM, Andy Isaacson adi at hexapodia.org wrote:
Did you receive one of the few NSLs without a confidentiality
Unpaid internships are not universally illegal, but are often misused to
avoid minimum wage laws.
http://www.nytimes.com/2010/04/03/business/03intern.html
http://www.good.is/posts/unpaid-internship-unfair-likely-illegal-and-not-going-away-anytime-soon
On Wed, Feb 06, 2013 at 10:52:23AM -0500, micah anderson wrote:
- ChromeOS's update mechanism is automatic, transparent, and basically
foolproof. Having bricked Ubuntu and Gentoo systems, the same is not
true of Linux.
I would be surprised if you actually 'bricked' these systems, since
On Mon, Dec 10, 2012 at 10:07:23PM +, StealthMonger wrote:
Fabio Pietrosanti (naif) li...@infosecurity.ch writes:
for whose who has still not see that project, i wanted to send a notice
about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
It's a client-side,
On Sun, Nov 11, 2012 at 06:38:11PM -0800, Micah Lee wrote:
That's great that they're releasing the source code.
I'm confused about whether or not it's actually free software though,
Definitely not DFSG-free.
and if people are allowed to release derivative works or not. It looks
like it's
On Tue, Oct 30, 2012 at 07:32:18PM -0400, Nadim Kobeissi wrote:
This mailing list has a spam problem (I'm receiving nude photo attachments
now.) Admins: Please address!
Hmmm, I'm not seeing this problem; I'm subscribed to liberationtech on a
bog-standard linux + postfix installation and I save
On Fri, Oct 05, 2012 at 05:43:46AM +0200, Maxim Kammerer wrote:
Did anyone try this with devices that are supposed to be resistant to
file shredding due to wear leveling? I tried the following on two USB
keys, one ~12 years old, another ~6 years old, both formatted as
FAT32:
echo
46 matches
Mail list logo