On Mon, 2015-06-01 at 18:26 -0400, Thomas Delrue wrote:
On 06/01/2015 06:19 PM, z...@manian.org wrote:
For their notification system, FB is leveraging GPG as an identity
provider to say only a person who has a certain private key
should be able to reset access credentials for this account.
On Thu, 2015-01-15 at 11:44 -0800, Al Billings wrote:
You’re avoiding the question. Please name a nation state in which
software can be produced which isn’t subject to the kind of legal
pressures or potential requirements as the USA when it comes to
national security, spying, and the like.
On Fri, 2014-10-31 at 10:12 -0600, Robert W. Gehl wrote:
I tried to login (with a fake account I maintain for just such a
purpose). Your account is temporarily locked, it says. I get that; it
appears I'm trying to login from a strange location.
I've asked some people connected to the project
On Tue, 2014-09-30 at 14:55 -0700, Huned Botee wrote:
Eleanor, maybe you can help shed some light on this lack of awareness.
How do you think developers should be analyzing risk here? Do you have
specific suggestions and/or can you point to sources where that information
can be found?
The
This paper outlines simple changes that can be made to insert
vulnerabilities into silicon that are invisible to current
reverse-engineering techniques:
http://people.umass.edu/gbecker/BeckerChes13.pdf
It uses Intel's random number generator as an example, detailing
precisely how it can be
On Wed, 2013-09-11 at 08:42 -0700, Peat Bakke wrote:
Are there any reasons why fingerprint data couldn't be treated with the
same concern as passwords? That is, subject to a one-way hash before being
stored, transmitted in signed payloads, etc?
I'm not sure how securing this data would be
On Fri, 2013-07-19 at 10:42 -0700, Andy Isaacson wrote:
On Fri, Jul 19, 2013 at 01:17:51PM +0100, Michael Rogers wrote:
On 19/07/13 13:03, KheOps wrote:
Just came accross this article, apparently showing the bad quality
of the hardware RNG in Raspberri Pi devices.
On Thu, 2013-07-11 at 13:47 -0700, Andy Isaacson wrote:
Linux now also uses a closed RdRand [2] RNG if available.
There was a bunch of churn when this code went in, so I could be wrong,
but I believe that RdRand is only used to stir the same entropy pool as
all of the other inputs which are
On Sun, 2013-06-16 at 11:54 +0200, Guido Witmond wrote:
On 16-06-13 04:12, Waitman Gobble wrote:
On Sat, 15 Jun 2013 17:19:14 -0500, Anthony Papillion
anth...@cajuntechie.org wrote:
But how do we handle hardware attacks? For example, what happens when a
chip maker, say Intel,
On Wed, 2013-03-20 at 18:02 +0200, Maxim Kammerer wrote:
Isn't that a valid point?
No, it's a useless imaginary construct. A valid point would be an
example (preferably, more than one) of such an email on this list,
where it would be possible to debate whether the person actually
deserved
On Tue, 2013-03-19 at 19:08 -0400, Joseph Lorenzo Hall wrote:
Has the possibility of reconfiguring libtech to not reply-all by
default been broached?
Reply-to-list poses a significant usability risk that can escalate into
a security issue, so it's unfortunate that it's being used here of all
On Wed, 2013-01-30 at 13:15 -0600, Matt Mackall wrote:
On Wed, 2013-01-30 at 09:55 -0800, x z wrote:
@Nadim, I think breaking in a CA is a rather serious crime that GFW would
refrain from committing;
Unlike, say, breaking into the Tibetan government-in-exile, Google and
hundreds of other
On Wed, 2013-01-30 at 23:30 -0800, x z wrote:
2013/1/30 Matt Mackall m...@selenic.com
On Wed, 2013-01-30 at 13:15 -0600, Matt Mackall wrote:
On Wed, 2013-01-30 at 09:55 -0800, x z wrote:
@Nadim, I think breaking in a CA is a rather serious crime that GFW
would
refrain from
On Thu, 2012-12-27 at 23:56 +0100, Radek Pilar wrote:
Full HDD encryption (including swap space and hibernate file) and
powered down or hibernated (s2disk) machine is the only way to go.
Expect that if you're a target of state oppression that your laptop WILL
be taken away from you for hours at
On Wed, 2012-10-31 at 18:39 -0400, Andrew Lewis wrote:
Maybe someone is simply scrapping the archives for the sender address?
Scraping archives is passe. Most likely scenario:
- random subscriber's Windows box got owned by botnet malware
- malware scraped their disk for address books and credit
15 matches
Mail list logo
