On Sun, Jan 28, 2018 at 04:59:02AM -0500, Thomas Delrue wrote:
[ a lot of things I thoroughly agree with, plus he quoted me, so of course
I agree with that, too ;) ]
Let me reiterate: Facebook, Twitter, Linkedin, etc. are NOT your friends.
They are NOT your allies.
And let me add something that
[ This was sent to NANOG, but many of you are also in the target groups.
Please note that the deadline is today. ---rsk ]
- Forwarded message from Peter Eckersley -
> Date: Sun, 26 Mar 2017 16:05:34 -0700
> From: Peter Eckersley
> To: na...@nanog.org
>
On Mon, Mar 06, 2017 at 12:50:45PM -0500, Bruce G. Potter wrote:
> For example, Get a dropbox account [...]
No. Not Dropbox. Never Dropbox. A partial list of reasons why:
Dropbox Authentication: Insecure By Design
On Sat, Feb 18, 2017 at 02:23:18PM -0800, Yosem Companys wrote:
> To protect your privacy and security, stay off Facebook.
>
> But, to build movements, create an account on Facebook (or Twitter or any
> other dominant centralized social network) and try to get as many people to
> join.
[
On Thu, Feb 02, 2017 at 07:30:15PM -0500, Jos? Mar?a Mateos wrote:
> I think what you are describing is better accomplished by software like
> Discourse (https://www.discourse.org/), which is the discussion engine
> behind popular sites such as BoingBoing.net. This, however, presents the
> danger
On Mon, Jan 30, 2017 at 05:49:08PM -0500, Zak Rogoff wrote:
> Is anyone who's knowledgeable about disclosure policies able to take a
> look at it and share your thoughts?
>
> To me, it looks like it's not much of a protection for the researchers,
> because it's totally voluntary and apparently
I'm attempting to assist with this off-list.
---rsk
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe,
change to digest, or change password by
On Mon, Jan 30, 2017 at 07:35:40PM +0100, ernesto ortiz wrote:
> Really? Are you sure that Republicans here -all of them- are so bad that
> undoubtedly do not hesitate to demonize the others?
I am quite certain that Trump's supporters (which is the set of people
I'm talking about and is clearly
> I've tried to avoid commenting too much on Trump's election to avoid
> demonizing Republicans and people in my network who support him.
And that's fine, and noble, and nice of you. But understand very,
VERY clearly: they will not hesitate to do that to you.
If you're not a (a) white (b)
[ Yes, I know I'm following up my own message. There's a reason. ]
Here's what Facebook Live did this week:
Facebook Live 'broadcasts gang rape' of woman in Sweden
http://www.bbc.com/news/world-europe-38717186
Police in Uppsala were contacted in the morning by a woman
On Fri, Jan 20, 2017 at 08:01:56AM -0500, Deborah Elizabeth Finn wrote:
> Tech Networks of Boston (TNB) and TNB Labs (TNBL) are pleased to invite you
> to a Roundtable session on how nonprofits can use Facebook to broadcast
I can see that I'm going to have to post some basic security/privacy
On Sun, Jan 15, 2017 at 03:52:57PM -0200, Daniel Arnaudo wrote:
> Also anyone using Yahoo Mail on this thread might want to reconsider if
> they're concerned with privacy.
The same can be said of AOL, Hotmail/Outlook, and Gmail. (Even though
I think very highly of Google's security people.) The
On Sun, Jan 15, 2017 at 08:47:51AM -0600, Andr??s Leopoldo Pacheco Sanfuentes
wrote:
> Anybody serious about decryption cannot use standard social networks,
> which are predicated on access to private data for marketing and
> "development" (eg, as test data for new features, debugging, etc)
>
Who owns WhatsApp? Facebook.
What is the purpose of Facebook? Surveillance and data acquisition.
They've spent billions building the infrastructure for it. They have
expanded the nature and scope of it at every possible opportunity.
They have been caught -- over and over and over again --
It is long *past* time for everyone involved in the kinds of activities
discussed here to completely and permanently excise Facebook's
services/products from their computing environment. No excuses.
---rsk
- Forwarded message from Richard Forno -
> To:
On Sat, Dec 31, 2016 at 12:16:41AM -0800, Stephen D. Williams wrote:
> If we all find a way to solve the anti-terrorism problem, or at least
> carve out space for it to be solved, we'd be less at odds for protecting
> privacy etc. There are some promising ideas I think, but all solutions
> so far
On Thu, Dec 15, 2016 at 11:31:20AM -0500, Thomas Delrue wrote:
> A great start to fixing the internet would be to stop using closed sites
> (of which LinkedIn is one). This would go a ways to bringing us back to
> a truly _distributed_ system, as the internet was intended to be,
> instead of an
On Sun, Dec 11, 2016 at 10:08:18PM +0300, Zacharia Gichiriri wrote:
> I still believe e-voting could substantially improve election outcomes [...]
You may, of course, believe whatever you wish. But you are completely
wrong on this point: e-voting is a disaster for election outcomes.
I suggest
On Sat, Dec 10, 2016 at 12:39:39PM +0300, Zacharia Gichiriri wrote:
> I think the subject of the discussion should be: How can we make e-voting
> more secure and credible?
Answer: don't use it. Period, full stop, end of discussion.
Any suggestion that e-voting can be made secure is delusional.
On Fri, Dec 02, 2016 at 02:26:49PM -0500, Andres wrote:
> Rich, the article you link to talks about the risk of one individual voting
> machine being tampered with.
I think you missed the point Schneier was making. It's NOT about one
individual voting machine, it's about attacker budgets. Look
On Thu, Nov 17, 2016 at 06:02:36PM +0200, Andres wrote:
> Could Intel and AMD team up and hide a backdoor on the vote counting
> server's CPU? It certainly is in the realm of possibilities. However,
> it's extremely cost prohibitive, risky and as a result unlikely.
It's not cost-prohibitive for
On Mon, Nov 02, 2015 at 09:13:08PM +0100, carlo von lynX wrote:
[ a bunch of good points and one thing I'd like to expand/elaborate on ]
> Correct. Still it makes no sense for benevolent nodes to fabricate
> false warnings about insecure TLS usage. Question is if it makes
> sense for malevolent
On Sun, Nov 01, 2015 at 06:42:23PM +0100, carlo von lynX wrote:
> Let's frame the threat models. Bulk collection probably does
> not include using OS backdoors so the suggestion to use mutt
> on BSD isn't wrong, but not necessary to move a step forward.
And why not? If the endpoints aren't
On Sun, Nov 01, 2015 at 12:32:37PM -0300, fauno wrote:
> there's a thunderbird addon called "paranoia" that does this
Correction: there's a Thunderbird addon called "Paranoia" that pretends
to do this. Everyone should know by now that you can't trust any
"Received" headers other than those
On Thu, Oct 16, 2014 at 04:54:35PM +0100, Yishay Mor wrote:
Revealed: how Whisper app tracks 'anonymous' users
http://gu.com/p/42bqn
It's apparently much, MUCH worse than that:
a confederacy of 'privacy' dunces: what we found under the hood of
an 'anonymous' chat app used
I think there's a more fundamental problem here. We're all talking
about add-ons that perform various security/privacy functions.
Why are these add-ons? Why are they not designed-in and built-in
to the browser?
Those are only quasi-rhetorical questions, because I'm pretty sure
we all know at
This came in via Dave Farber's excellent IP mailing list. The attached
PDF (which I hope makes it through) is the letter that Jennifer's
referring to. Note that tonight at 8 PM EDT is the deadline if you
intend to sign onto this -- see instructions in the message below.
---rsk
- Forwarded
On Tue, Feb 17, 2015 at 07:17:18PM +0100, Christian Huldt wrote:
Who are mailchimps.com and why should I trust them?
Spammers for hire, and no, you shouldn't -- doubly so since (like many
such operations) they embed unique-per-recipient tracking links in every
message they send. Last time I
On Wed, Jan 28, 2015 at 01:19:05PM -0500, Joe Hall wrote:
Mailing lists like this often include a header element like this that
you can use to unsubscribe yourself:
List-Unsubscribe:
https://mailman.stanford.edu/mailman/options/liberationtech,
On Fri, Jan 16, 2015 at 10:19:22AM -0800, Al Billings wrote:
The problem is that I am a practical person who lives in the real world.
The largest, most successful project in the history of computing has
been built entirely on open standards, open protocols, open formats,
and open source: you're
On Thu, Jan 15, 2015 at 02:46:56PM -0800, Al Billings wrote:
I thought software freedom and access to the source code was considered
a requirement for considering a system secure.
According to whom? I think open source (I???ll leave aside whether ???open
source??? is ???free software???)
On Fri, Oct 03, 2014 at 10:23:09PM +, Jonathan Wilkes wrote:
Hi Rich, Your footnote #1 is dubious at best. The cost of
aiming peoples eyes at bugs is _not_ $0. Until it is, the free software
community has a problem with too few resources chasing too many bugs.
I'm not sure why you're
This is dragging out, so I'm going to try to be brief.
On Fri, Oct 03, 2014 at 06:07:36PM -0700, Greg wrote:
You may also be misunderstanding our NDA.
I'm not misunderstanding it. I didn't bother to read it, because the
mere fact that it exists is the problem. People who are serious about
On Thu, Oct 02, 2014 at 05:50:08PM -0700, Greg wrote:
K, thanks for the read (I read it but nothing there seems to apply,
perhaps some of its points will be addressed below).
I'm sorry that you feel that way; I included that link because I think
the entire message applies, particularly this
1. Well, this has certainly been an interesting discussion, but until
Espionage is FULLY open-source, it's moot, because it hasn't (yet) been
exposed to unlimited peer review by arbitrary, independent third parties.
Please see:
[ Forwarded from Dave Farber's most excellent IP mailing list. ---rsk ]
- Forwarded message from David Farber via ip i...@listbox.com -
Date: Wed, 1 Oct 2014 12:15:09 -0400
From: David Farber via ip i...@listbox.com
To: ip i...@listbox.com
Subject: [IP] Sophisticated iPhone and
This is (unsurprisingly) spam from one of the many fake conference scams
currently polluting the Internet. I recommend permanently blacklisting the
sender and the referenced domain.
---rsk
--
Liberationtech is public archives are searchable on Google. Violations of
list guidelines will get
I think this list is a pretty good starting point. Of course,
having said that, now I want to edit it. ;)
On Fri, Aug 01, 2014 at 02:21:12PM -0700, Bill Woodcock wrote:
BIND
NSD
add unbound, I think
Sendmail
add postfix, exim, courier
add
Recommended reading:
http://files.cloudprivacy.net/bundestag-testimony-csoghoian-june-26-final.pdf
---rsk
--
Liberationtech is public archives are searchable on Google. Violations of
list guidelines will get you moderated:
I skimmed this earlier today and plan to read it in depth later: it looks
like superb work.
The most disturbing thing about it is the realization that this can't
possibly be the only such project. Surely there are others. Many others.
And since there are others, it's necessary to ask: are any
On Mon, Jun 09, 2014 at 07:52:51PM -0700, Seth wrote:
I'm in agreement with pretty much all the points made, but how do
you feel this approach?
1) ALWAYS publish the original source information via
freedom/privacy/dignity respecting services using a name-space (a
DNS
On Tue, Jun 10, 2014 at 10:08:26AM -0700, Yosem Companys wrote:
The mention of NDAs by the Wickr founder makes it a non-starter. Their web
site doesn't have any download link for the source files, nor mention of
open source, but they do mention patent pending technology. How do they
expect
On Sat, Jun 07, 2014 at 10:39:06AM +0100, Nariman Gharib wrote:
what solution do you have for solve this problem?
Don't use Twitter.
Yes, I'm quite serious. Twitter has clearly stated that they're delighted
to provide censorship-on-demand for any country that asks nicely:
On Mon, Jun 09, 2014 at 11:36:01AM +0100, Amin Sabeti wrote:
Rick, I think you delete the problem instead of solving it!
I suspect that's because I have a different definition of the problem. ;)
Outsourcing your communications to a so-called social network whose
interests (a) diverge markedly
On Wed, May 28, 2014 at 07:42:02PM -0400, Griffin Boyce wrote:
My suspicion is that either they were hacked (and had their key
stolen), or that they were ordered to shutdown and recommend
Microsoft's (presumably backdoored) BitLocker as a replacement.
BitLocker's enterprise documentation
It's probably just been hacked. Since the principals haven't commented
yet, I suspect they're probably busy diagnosing and fixing it. I suggest
ignoring the yapping on Twitter, having a nice microbrew, and awaiting
further developments.
And if those further developments amount to it's true,
On Mon, May 19, 2014 at 07:24:39PM -0700, Tony Arcieri wrote:
If you really want secure updates, depending on your threat model doing it
correctly is a very difficult problem.
First, thanks for the pointer to the web site/paper/etc.: that's going to
make for some interesting reading later
On Thu, May 15, 2014 at 07:36:07AM +0200, Fabio Pietrosanti (naif) wrote:
i think that would be very important to organize a project to Audit the
functionalities of Auto-Update of software commonly used by human rights
defenders.
Yes, but I'll go one step further: auto-update is a horrible
On Mon, Feb 03, 2014 at 03:09:24PM -0800, John Adams wrote:
Reality: You don't understand business nor threat modeling.
Reality: I understand both *painfully* well, having worked for/consulted
to a number of Fortune 100 companies and several major universities as well
as a few ISPs and
On Thu, Jan 30, 2014 at 12:17:00PM +, Amin Sabeti wrote:
The main point is Coursera has done something that it's not legitimate.
They were (apparently) forced to do this. It's not like Coursera
staff woke up one day and suddenly decided to block those countries
because they had nothing
On Sun, Jan 26, 2014 at 01:20:20AM -0800, Tomer Altman wrote:
To Liberation Tech:
Stanford is implementing a new security policy detailed here:
http://ucomm.stanford.edu/computersecurity/
First, if they were serious about security, they wouldn't be using
Microsoft products.
Second,
On Fri, Sep 13, 2013 at 09:14:27AM +1000, Erik de Castro Lopo wrote:
No such agency and the like are almost certainly able (with the
help of carriers and manufacturers) backdoor and exploit all
the major smartphone brands and models [0].
Smartphones are horrendously complex, rely heavily on
That's a valid concern.
But I think you should probably be more concerned that it's only a matter
of time until malware is released which grabs the fingerprint and quietly
uploads it to someone's database. I'm sure they'll find uses for it,
doubly so if it happens to unlock something other than
On Wed, Sep 04, 2013 at 06:19:35PM -0400, Dave Karpf wrote:
One distinction that I think is worth pondering though: it seems like the
standard of serious about email is in conflict with the goal of
frequently communicating with 20M supporters.
That's a good point. Two responses:
1. At this
This is a fraudulent/fake conference being promoted via spam. I recommend
permanently blacklisting the sender.
---rsk
--
Liberationtech is a public list whose archives are searchable on Google.
Violations of list guidelines will get you moderated:
On Wed, Sep 04, 2013 at 10:27:54PM -0700, Jillian C. York wrote:
Is this spam?
No, it is not. Spam is UBE (unsolicited bulk email) and there is no
evidence whatsoever that this is bulk. It may be against list policies
(that is for the list-owners to decide) but that determination is
orthogonal
On Tue, Aug 20, 2013 at 12:27:24PM -0400, Matt Holland wrote:
Rich: We actually do run our email lists in-house, sent from our own MTA's,
with appropriate SPF records, DKIM signature, list-precedence headers, etc.
etc. Our message to members was focused on getting into a particular tab
at
On Mon, Aug 19, 2013 at 12:32:59AM +0200, Moritz Bartl wrote:
Subject: Avaaz in grave danger due to GMail spam filters
This should be retitled Avaaz allegedly in grave danger due to their
own extremely stupid decisions as regards running their mailing list,
and oh, by the way, Gmail's anti-spam
On Wed, Jun 05, 2013 at 10:16:23PM -0700, Andy Isaacson wrote:
This is a really deeply interesting assertion. You seem to imagine a
bright line of abuse that is agreed on by all parties, with a policy
that can be implemented by thoughtful operators to make the abuse
stop. I submit that that
[ Sorry. Just saw this now. ]
On Tue, Apr 09, 2013 at 07:54:23AM +0100, David Miller wrote:
On 9 April 2013 01:29, Steven Clift cl...@e-democracy.org wrote:
Part of the problem maybe yahoo mail hacked accounts which are an ongoing
disaster.
What's the deal with that - I seem to get
On Thu, Jun 20, 2013 at 01:17:18AM -0700, Raven Jiang CX wrote:
My own concern lies with the fact that the a great deal of academia and
knowledge creation is currently being funded by the inefficient tuition
system. If the transition to MOOC is too sudden, then we might irreversibly
damage our
On Tue, Jun 18, 2013 at 08:54:30PM -0700, Mike Perry wrote:
[ one the most insightful, thoughtful messages I've ever read here ]
There's very little I can add to that, except to say that I look
forward to reading the future, longer writeup you mentioned.
Now get to work. ;-)
---rsk
--
Too many
On Tue, Jun 18, 2013 at 11:30:00AM +0200, Julian Oliver wrote:
It'd be also good to add GNU/Linux however. [...[
And the BSD family, notably OpenBSD -- whose development is led in
large part by one of my favorite curmudgeons. (As I've said elsewhere,
some of the people working on OpenBSD are
On Fri, Jun 14, 2013 at 06:41:12PM +0200, Ernad Halilovic wrote:
First of all, thank you for all your valuable input on this list.
You're very kind, but my contributions are minor and unimportant. Others
have done far more.
I wanted to ask you if you have any good resources on getting the
On Fri, Jun 14, 2013 at 06:34:42PM +0200, Eleanor Saitta wrote:
The issue with this approach is that maintaining infrastructure like
this takes an ongoing time commitment by someone who is clueful (and
thus at least moderately expensive for broke organizations where
everyone's constantly
On Sun, Jun 09, 2013 at 10:11:08AM -0400, Nadim Kobeissi wrote:
On 2013-06-09, at 10:08 AM, Rich Kulawiec r...@gsp.org wrote:
Second: stupidity, in all forms, fully deserves to be slapped down --
This is where I stop reading.
I have to admit, even though I've read this half a dozen times,
I
On Thu, Jun 13, 2013 at 04:27:17PM -0700, Seth David Schoen wrote:
These properties are really awesome. One thing that I'm concerned
about is that classic Usenet doesn't really do authenticity. It
was easy for people to spoof articles, although there would be
_some_ genuine path information
On Fri, Jun 14, 2013 at 02:14:16PM +0300, Maxim Kammerer wrote:
An interesting article, showing why ?responsible disclosure? of
exploitable bugs is a bad idea.
I concur. I've often argued that there is no such thing as responsible
disclosure -- it's a self-serving fiction concocted to satisfy
On Tue, Jun 11, 2013 at 05:44:38PM -0400, Richard Brooks wrote:
This lead me to start thinking about the possibility
of deploying something like Fidonet as a tool for
getting around Internet blackouts. Has anyone tried
something like that?
Usenet has long since demonstrated the ability to
On Mon, Jun 10, 2013 at 01:48:23PM -0700, x z wrote:
@Rich, those are good movie scripts :-). But it does not work for 9 firms,
and hundreds of execs all with diverse values and objectives.
Two responses.
hundreds? Not necessary. Not desirable, from the NSA's point of view,
either. One
http://www.theatlanticwire.com/national/2013/06/where-is-edward-snowden/66072/
I'm reminded of this exchange, which I presume everyone on this
list is familiar with:
I'd like to go back to New York.
You have not much future there. It will happen this way: you
On Mon, Jun 10, 2013 at 01:30:19AM -0700, x z wrote:
First of all, I don't feel offended by Jacob's reply to my email at all,
probably because I know and expect his style of wording. So far I think the
discussion is still pretty civil.
I concur. This is what spirited discussion looks like.
On Sun, Jun 09, 2013 at 09:45:31AM -0400, Nadim Kobeissi wrote:
I don't agree with x z (and rather agree with you), but I'm really tired of
just how aggressive and rude you always are on Libtech.
First: you've got to be kidding. I've never seen a single message on
this list that goes past
(Quoting myself from something I just sent to NANOG in re the
same question: are the Cxx people at Google and elsewhere telling
the truth?)
*puts on evil hat, adjusts for snug fit*
Targeting the technical people who actually have their hands on the
gear might be the best choice. They don't
It's not open-source, therefore it not only *can* be discarded without
any further discussion, it MUST be.
---rsk
--
Too many emails? Unsubscribe, change to digest, or change password by emailing
moderator at compa...@stanford.edu or changing your settings at
These revelations constitute an existence proof that the number
of backdoors in various services is nonzero.
There's no reason to believe that this nonzero value is 1.
After, if the NSA could backdoor them (with or without their cooperation)
then why couldn't MI6? Or Mossad? Or some other
On Fri, Jun 07, 2013 at 02:48:58PM +0200, Eugen Leitl wrote:
On Fri, Jun 07, 2013 at 08:32:36AM -0400, Rich Kulawiec wrote:
These revelations constitute an existence proof that the number
of backdoors in various services is nonzero.
There's no reason to believe that this nonzero value
On Tue, Jun 04, 2013 at 06:44:37PM +0100, Bernard Tyers - ei8fdb wrote:
I wonder if there is any connection between these merchants and botnets?
Botnet owners or spammers would seem like a great source of valid IDs.
Let me introduce a term you might/might not have heard before in other
On Sun, Jun 02, 2013 at 10:16:20PM -0400, Nathan of Guardian wrote:
In summary, if the focused threat you need to address is location
tracking by carriers/operators, and you live in an area with a decent
saturation of open wifi hotspots, I feel there is something you can do
about it. Now your
On Wed, May 29, 2013 at 03:21:45PM -0700, fr...@journalistsecurity.net wrote:
I appreciate your feedback and your bluntness, Rich.
But you are providing far more guidance about what to avoid than what to
use. If journalists and other users should avoid all commercial based
operating systems
On Tue, May 14, 2013 at 09:14:19PM +0530, Pranesh Prakash wrote:
Heise Security is reporting that Microsoft accesses links sent over
Skype chat.[1]
Everyone who thinks that's the *only* thing that Microsoft is quietly
doing behind everyone's back, raise your hand.
And incidentally, the
On Fri, Apr 05, 2013 at 10:29:12AM +0100, Dan Lin wrote:
World Congress on Internet Security (WorldCIS-2013)
Technically Co-Sponsored by IEEE Tokyo Section
August 5-7, 2013
Venue: Tokyo University of Information Sciences, Japan
www.worldcis.org
I'm throwing the bullshit flag. I think this
On Sun, Mar 31, 2013 at 11:47:31AM +0200, M. Fioretti wrote:
How could that happen? In the same, totally unsurprising ways in which
always happen to everybody who takes the same measures as you (no
offense meant, really, just a technical explanation!). It happened in
one of these two ways
I think remote wipe software is a scam. There is no way to know that
the system will ever be remotely accessible[1]; there is no way to know that
it will be booted into the operating system that was installed; there is
no way to know that the storage media will even be in the same system
when
I don't think it's a huge leap to suggest that someone may be trying
to hobble telecommunications in/out of the Middle East, that they're
doing so for a reason, and that they'll try again.
---rsk
- Forwarded message from Randy Bush ra...@psg.com -
From: Randy Bush ra...@psg.com
Date:
On Thu, Mar 28, 2013 at 10:48:17AM +0100, Simon Rothe wrote:
- fast and secure hosted by Amazon-Web-Service
I wouldn't.
(a) Nobody with any clue accepts SMTP traffic from Amazon's cloud,
as it's proven itself to be a massive source of spam and other forms of
SMTP-borne abuse. Attempts to get
On Wed, Mar 27, 2013 at 07:45:45PM -0400, Carol Waters wrote:
At the risk of igniting an inbox-exploding smackdown thread [...]
You say that like it's a bad thing. ;-)
I'll quote Marcus Ranum on the subject of educating users, from his essay:
The Six Dumbest Ideas in Computer Security
On Tue, Mar 26, 2013 at 04:24:33PM -0700, Brian Conley wrote:
I generally read most of your comments on this list as I find
them insightful, however in this case, I was struck by your
entirely hostile attitude.
You're misreading exasperation and frustration as anger, and you're
still focused
On Mon, Mar 25, 2013 at 10:57:10AM -0700, Brian Conley wrote:
Mostly I'm taking issue with your nonconstructive demeanor.
Clearly you have no idea how I write when I'm being nonconstructive. ;-)
Think equal proportions Kingsfield[1], Vader, Snape. Season to taste with
HST and Mencken, serve at
On Fri, Mar 22, 2013 at 04:29:38PM -0700, Brian Conley wrote:
Nose to the grindstone Andrew. Use Rich's email to remind you this is hard,
but its still worth doing.
I've read this multiple times and I still have no idea how your remarks
relate to what I wrote in re the (in)security of
On Fri, Mar 22, 2013 at 09:58:17AM -0500, Andrew Haeg wrote:
We're in the late prototype phase for Groundsourcehttp://groundsourcing.com,
a mobile data collection and engagement platform -- designed for
journalists, researchers, NGO's and others to use to gather first-hand
knowledge. We've
On Wed, Mar 20, 2013 at 05:48:20AM -0400, Michael Allan wrote:
Pardon me, but that's not true. GNU Mailman is a decent list server
and it ships with reply-to-sender. You must go out of your way to
munge the Reply-to header. They recommend against it:
On Tue, Mar 12, 2013 at 06:31:56PM -0500, Kyle Maxwell wrote:
A. This doesn't eliminate phishing because users will still enter
their credentials at a site that doesn't actually match the one where
the cert was previously signed. Otherwise, existing HTTPS controls
would already protect them.
On Wed, Mar 20, 2013 at 11:17:03PM -0400, Louis Su?rez-Potts wrote:
One is tempted to suggest using other than Skype. Alternatives exist,
and these are secure, at least according to their claims. As well,
Skype's code is not transparent, in the way that other, open source,
applications' are.
On Mon, Mar 18, 2013 at 12:59:48PM +0100, Giuseppe Calamita wrote:
Hello, I wonder if application such as Spotflux: http://www.spotflux.com/ in
security general terms and agency proof strength.
At first glance it appears to be a closed-source app which allegedly solves
certain security/privacy
On Tue, Mar 19, 2013 at 07:08:48PM -0400, Joseph Lorenzo Hall wrote:
Has the possibility of reconfiguring libtech to not reply-all by default been
broached? Maybe I'm the only one that trips over it so often. best, Joe
This is something that has been debated numerous, and I do mean *numerous*,
On Sun, Mar 10, 2013 at 10:29:44AM +0700, Nathan of Guardian wrote:
Glad to see such a great level of academic investigation and discourse
coming out of this esteemed university.
I'll give him a pass on rigor, as this is an informal article and not
intended to be a journal paper. (Besides, I
On Sun, Mar 03, 2013 at 09:10:30PM -0500, Rich Kulawiec wrote:
On Sun, Mar 03, 2013 at 04:13:26PM -0500, Griffin Boyce wrote:
If the problem is limited to DDoS attacks, you might find that Cloudflare
offers some relief.
I agree, but: this thread (dating from today) may be of interest
On Fri, Feb 15, 2013 at 01:35:53PM -0800, Adam Fisk wrote:
At the risk of getting swept up in this by consciously saying something
unpopular, I want to put my shoulder against the wheel of the open source
process produces more secure software machine. [snip]
I've been thinking about your
On Mon, Mar 04, 2013 at 09:42:27AM -0800, Yosem Companys wrote:
7th International Multi-Conference on Society, Cybernetics and Informatics:
IMSCI 2013 (www.2013iiisconferences.org/imsci) to be held in Orlando,
Florida, USA, on July 9-12, 2013.
It's a scam. This is one in a long series of
1 - 100 of 125 matches
Mail list logo