[liberationtech] A Mobilization Story: Patterns for the Impending Emergency

[Doug Schuler]

On the occasion of Inauguration Day 2017, I've written a kind of an op-ed / story of the future / manifesto that was developed with the help of some patterns from Liberating Voices: A Pattern Language for Communication Revolution, the book I wrote with 85 other contributors. Please take a look! (And please also forward to people who might be interested—after all, that's why I wrote it!)The piece is called "A Mobilization Story: Patterns for the Impending Emergency." It is intended to help in some way in resisting the Trump agenda. I believe that is extremely relevant as we contemplate what people can and should do in a world that seems to be showing increasingly ominous indications.blog: http://civic-intelligence.blogspot.com/2017/01/a-mobilization-story-patterns-for.htmlpdf: http://www.publicsphereproject.org/content/patterns-impending-emergencyThanks!!!
Douglas Schulerdoug...@publicsphereproject.orgTwitter: @doug_schulerPublic Sphere Project     Collective Intelligence for the Common Good Mailing listCreating the World Citizen Parliament     Liberating Voices!  A Pattern Language for Communication Revolution (Project / Book) Three patterns:   Collective Decision-Making   Memory and Responsibility   Working Class Consciousness   

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] Fwd: [WhatsApp backdoor allows snooping on encrypted messages]

[Rich Kulawiec]

On Sun, Jan 15, 2017 at 03:52:57PM -0200, Daniel Arnaudo wrote:
> Also anyone using Yahoo Mail on this thread might want to reconsider if
> they're concerned with privacy.

The same can be said of AOL, Hotmail/Outlook, and Gmail.  (Even though
I think very highly of Google's security people.)  The combined attacker
budget for compromising these is enormous and it seems overly optimistic
to me to assume that nobody's managed to pull it off yet.  (Maybe not in
full, but at least in part.)  I hope I'm wrong.  I'd *like* to be wrong.
I don't think I'm wrong.

---rsk

-- 
As democracy is perfected, the office of president represents, more and more
closely, the inner soul of the people.  On some great and glorious day the
plain folks of the land will reach their heart's desire at last and the
White House will be adorned by a downright moron. -- H.L. Mencken 7/26/1920

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

Re: [liberationtech] At Stanford, Pegasus Exploits Hack Workshop

[Diana Fernández]

Hi

There will be a live transmission of this workshop? I am really
interested in participate but I am not able to attend to the event (I am
in Costa Rica).

Please let me know if there will be an online streaming session of this
workshop, it sound quite interesting.

Thanks and regards,

Diana

On 20/01/2017 08:40, Yosem Companys wrote:
> Want to learn about the Pegasus iOS spyware that targeted human rights
> activist Ahmed Mansoor last August? Join us at our hack workshop next
> Tuesday! We will be discussing the Pegasus kernel exploits in detail,
> including a live demo of the exploits in action on OS X.
>
>
>
> Date: Tuesday, January 24, 5:00-6:00 pm
> Location: Shriram 262
>
> The Pegasus spyware (as featured in the New York Times
> ,
> The Guardian
> ,
> Wired
> ,
> and more
> )
> was written by an Israeli company called the NSO Group, and used to
> target Ahmed Mansoor, an internationally recognized human rights
> activist from the United Arab Emirates. Pegasus exploited several iOS
> vulnerabilities, including three zero-day vulnerabilities not known to
> Apple, worth an estimated one million dollars on the black market.
>
> We will be analyzing a use-after-free vulnerability that was used to
> take control of the kernel. The content will be technical, so
> experience at least at the level of CS107 is preferred. The demo will
> be done on OS X Yosemite version 10.10.5.
>
>
>

-- 
Diana Fernández Sánchez
Security Incident Handler
Access Now Costa Rica | accessnow.org
PGP Fingerprint: 46F2 8351 F17D 674C 467F ED57 904F C8BF 9A96 74D3

* *Get* your tickets for RightsCon Brussels
, March 29-31, 2017

* *Protect* digital rights around the world? Support Access Now with a
donation today.


-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Tor Browser 6.5 is ready for testing

[Yosem Companys]

From: Georg Koppen 

Hi all!

We are pleased to accounce that Tor Browser 6.5 is ready for testing.
Bundles can be found on:

https://people.torproject.org/~gk/builds/6.5-build3/

This is a major release and the first one in the 6.5 series. First of
all it fixes the usual critical bugs in Firefox by updating to ESR
45.7.0. It contains version updates to other bundle components as well:
Tor to 0.2.9.8, OpenSSL to 1.0.2j, HTTPS-Everywhere to 5.2.9, and
NoScript to 2.9.5.3.

Besides those updates Tor Browser 6.5 ships with a lot of the
improvements we have been working on in the past couple of months.

On the security side we always block remote JAR files now and remove the
support for SHA-1 HPKP pins. Additionally we backported a patch to mark
JIT pages as non-writable and backported other crash fixes that could
disrupt a Tor Browser session quite reliably.

With respect to user tracking and fingerprinting we now isolate
SharedWorker script requests to the first party domain. We improved our
timer resolution spoofing and reduced the timing precision for
AudioContext, HTMLMediaElement, and Mediastream elements. We stopped
user fingerprinting via internal resource:// URLs, and for Windows users
we fixed a regression introduced in Tor Browser 6.0 which could leak the
local timezone if JavaScript were enabled.

A great deal of our time was spent on improving the usability of Tor
Browser. We redesigned the security slider and improved its labels. We
moved a lot of Torbutton's privacy settings directly into the respective
Firefox menu making it cleaner and more straightforward to use. Finally,
we moved as many Torbutton features as possible into Firefox to make it
easier for upstreaming them. This allowed us to resolve a couple of
window resizing bugs that piled on over the course of the past years.

The features menationed above were only some of the highlights in Tor
Browser 6.5. The full changelog since 6.0.8 is:

Tor Browser 6.5 -- January 24 2017
 * All Platforms
   * Update Firefox to 45.7.0esr
   * Tor to 0.2.9.8
   * OpenSSL to 1.0.2j
   * Update Torbutton to 1.9.6.12
 * Bug 16622: Timezone spoofing moved to tor-browser.git
 * Bug 17334: Move referrer spoofing for .onion domains into
tor-browser.git
 * Bug 8725: Block addon resource and url fingerprinting with
nsIContentPolicy
 * Bug 20701: Allow the directory listing stylesheet in the content
policy
 * Bug 19837: Whitelist internal URLs that Firefox requires for media
 * Bug 19206: Avoid SOCKS auth and NEWNYM collisions when sharing a
tor client
 * Bug 19273: Improve external app launch handling and associated
warnings
 * Bug 15852: Remove/synchronize Torbutton SOCKS pref logic
 * Bug 19733: GETINFO response parser doesn't handle AF_UNIX entries
+ IPv6
 * Bug 17767: Make "JavaScript disabled" more visible in Security Slider
 * Bug 20556: Use pt-BR strings from now on
 * Bug 20614: Add links to Tor Browser User Manual
 * Bug 20414: Fix non-rendering arrow on OS X
 * Bug 20728: Fix bad preferences.xul dimensions
 * Bug 19898: Use DuckDuckGo on about:tor
 * Bug 21091: Hide the update check menu entry when running under
the sandbox
 * Bug 19459: Move resizing code to tor-browser.git
 * Bug 20264: Change security slider to 3 options
 * Bug 20347: Enhance security slider's custom mode
 * Bug 20123: Disable remote jar on all security levels
 * Bug 20244: Move privacy checkboxes to about:preferences#privacy
 * Bug 17546: Add tooltips to explain our privacy checkboxes
 * Bug 17904: Allow security settings dialog to resize
 * Bug 18093: Remove 'Restore Defaults' button
 * Bug 20373: Prevent redundant dialogs opening
 * Bug 20318: Remove helpdesk link from about:tor
 * Bug 21243: Add links for pt, es, and fr Tor Browser manuals
 * Bug 20753: Remove obsolete StartPage locale strings
 * Bug 21131: Remove 2016 donation banner
 * Bug 18980: Remove obsolete toolbar button code
 * Bug 18238: Remove unused Torbutton code and strings
 * Bug 20388+20399+20394: Code clean-up
 * Translation updates
   * Update Tor Launcher to 0.2.10.3
 * Bug 19568: Set CurProcD for Thunderbird/Instantbird
 * Bug 19432: Remove special handling for Instantbird/Thunderbird
 * Translation updates
   * Update HTTPS-Everywhere to 5.2.9
   * Update NoScript to 2.9.5.3
   * Bug 16622: Spoof timezone with Firefox patch
   * Bug 17334: Spoof referrer when leaving a .onion domain
   * Bug 19273: Write C++ patch for external app launch handling
   * Bug 19459: Size new windows to 1000x1000 or nearest 200x100
(Firefox patch)
   * Bug 12523: Mark JIT pages as non-writable
   * Bug 20123: Always block remote jar files
   * Bug 19193: Reduce timing precision for AudioContext,
HTMLMediaElement, and MediaStream
   * Bug 19164: Remove support for SHA-1 HPKP pins
   * Bug 19186: KeyboardEvents are only rounding to 100ms
   * Bug 16998: Isolate 

Re: [liberationtech] Tor Browser 6.5 is ready for testing

[Roger Dingledine]

On Fri, Jan 20, 2017 at 07:01:03AM -0800, Yosem Companys wrote:
> We are pleased to accounce that Tor Browser 6.5 is ready for testing.
> Bundles can be found on:

Hi Yosem, Libtech people,

This is a testing release, not a release.

If people here want to help with testing, I encourage you to sign
up to the tor-qa mailing list:
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-qa
https://lists.torproject.org/pipermail/tor-qa/2017-January/thread.html

But please don't mistake Georg's mail to tor-qa as an actual release
announcement. That will come on the Tor blog, and to the tor-announce
list, as it usually does.

--Roger

-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.

[liberationtech] Frankfurt School Critical Theory - Donald Trump, authoritarian capitalism/populism & Twitter

[Christian Fuchs]

Read how Donald Trump is prototypical for a new form of authoritarian 
capitalism. What is authoritarian capitalism? How does Trump practice 
authoritarian capitalism? These questions are discussed in C. Fuchs' new 
study "Donald Trump: A Critical Theory-Perspective on Authoritarian 
Capitalism" that uses critical theory for the analysis of Trump:


http://www.triple-c.at/index.php/tripleC/article/view/835

What does Trump's Twitter use tell us about how politics works in 
authoritarian capitalism? The following piece analyses how Twitter's 
me-centredness is the ideal tool for Trump's narcissistic and 
authoritarian politics:


http://www.huffingtonpost.co.uk/christian-fuchs1/how-the-frankfurt-school-_b_14156190.html

Critical theory is urgently needed today...

The journal tripleC: Communication, Capitalism & Critique will 
throughout 2017 operate the special section "Critical Theory 
Interventions on Authoritarianism and Right-Wing Extremist Ideology in 
Contemporary Capitalism" and invites submission of interventionist 
contributions to this section - Submission details:


http://www.triple-c.at/index.php/tripleC/about/submissions#onlineSubmissions 



Please make sure to use the template and to apply the guidelines
http://www.triple-c.at/index.php/tripleC/abou/submissions#authorGuidelines
--
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change 
to digest, or change password by emailing moderator at compa...@stanford.edu.

[liberationtech] At Stanford, Pegasus Exploits Hack Workshop

[Yosem Companys]

Want to learn about the Pegasus iOS spyware that targeted human rights
activist Ahmed Mansoor last August? Join us at our hack workshop next
Tuesday! We will be discussing the Pegasus kernel exploits in detail,
including a live demo of the exploits in action on OS X.



Date: Tuesday, January 24, 5:00-6:00 pm
Location: Shriram 262

The Pegasus spyware (as featured in the New York Times
,
The Guardian
,
Wired
,
and more
)
was written by an Israeli company called the NSO Group, and used to target
Ahmed Mansoor, an internationally recognized human rights activist from the
United Arab Emirates. Pegasus exploited several iOS vulnerabilities,
including three zero-day vulnerabilities not known to Apple, worth an
estimated one million dollars on the black market.

We will be analyzing a use-after-free vulnerability that was used to take
control of the kernel. The content will be technical, so experience at
least at the level of CS107 is preferred. The demo will be done on OS X
Yosemite version 10.10.5.
-- 
Liberationtech is public & archives are searchable on Google. Violations of 
list guidelines will get you moderated: 
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, 
change to digest, or change password by emailing moderator at 
compa...@stanford.edu.