Sorry for the top posting.
Many company are using private social network these days. As usual
someone internal to the organization has the right to record and sniff
also the private traffic. Don't like ? Well, you can always use
services as scrumbls. Perhaps not so secure from a nsa wiretap but
On 2013-05-22 5:00 PM, yersinia wrote:
Sorry for the top posting.
Many company are using private social network these days. As usual
someone internal to the organization has the right to record and sniff
also the private traffic. Don't like ? Well, you can always use
services as scrumbls.
This presupposes custom malware written for the specific target.
Not always. It presumes that someone may pack a binary just for a single
target - this is however an automated process for lots of malware packages.
Highly customized spearphish attacks are unlikely to be detected, but
ianG wrote:
Skype made their reputation as being free and secure (e2e) telephony.
The latter was something that many people bought into. It is now the
largest telco in the world, by minutes, in no small part because people
enjoyed both security as well as free calls to their friends.
Cops just don't put that much work in.
On 2013-05-22 5:41 PM, Jacob Appelbaum wrote:
Yes, yes they do:
http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/
That governments attempt to spy on people is not evidence that they any
good at
On 22.05.2013 10:45, James A. Donald wrote:
This tells me that not that the police are super terrific hackers who
produced customized malware for each person's computer, but that they
are your mother.
... your mother, with a bit of monetary power to simply purchase the
knowledge and the tools
James A. Donald:
Cops just don't put that much work in.
On 2013-05-22 5:41 PM, Jacob Appelbaum wrote:
Yes, yes they do:
http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/
That governments attempt to spy on people is not evidence
On May 22, 2013, at 5:59 AM, Jacob Appelbaum ja...@appelbaum.net wrote:
James A. Donald:
Cops just don't put that much work in.
On 2013-05-22 5:41 PM, Jacob Appelbaum wrote:
Yes, yes they do:
http://cryptome.org/2013/05/cybercrime-battle.pdf
___
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
On Wed, May 22, 2013 at 10:07 AM, Mark Seiden m...@seiden.com wrote:
On May 22, 2013, at 5:59 AM, Jacob Appelbaum ja...@appelbaum.net wrote:
James A. Donald:
http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/
That governments attempt to
So, the review is not invalid. And, even when Skype changes its
model, the review remains valid.
There are now features that are incompatible with the design sketched
in the report, such as user password recovery and call forwarding.
The key management never was end-to-end, and we'd view that
You know thats the second time you claimed skype was not end2end secure.
Did you read the skype independent security review paper that Ian posted a
link to?
http://download.skype.com/share/security/2005-031%20security%20evaluation.pdf
It is cleary and unambiguously claimed that skype WAS end
* Adam Back:
If you want to claim otherwise we're gonna need some evidence.
https://login.skype.com/account/password-reset-request
This is impossible to implement with any real end-to-end security.
___
cryptography mailing list
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi folks,
we recently wrote a small section about skype with some references:
http://sufficientlysecure.org/uploads/skype.pdf
Interesting references (from 2005, 2006):
http://www.ossir.org/windows/supports/2005/2005-11-07/EADS-CCR_Fabrice_Skype.pdf
I dont think your inference is necessarily correct. With reference to the
Berson report, consider the skype RSA keypair was for authentication only
(authenticating ephemeral key-exchange as described in the paper). The
public RSA key is certified by skype as belonging to your identity. They
Indeed it was understood that skype's coding was described as akin to a
polymorphic virus. However it was also considered that this was for
business reasons to make it difficult for competing products to interoperate
at the codec, and protocol level.
I notice that those two papers do NOT make
Hi All,
Sorry this took so long.
Tigerspike is inviting everyone to make up to USD10,000 by being the first
to crack our Karacell 3 encryption, using the weakest keys that it supports
(121 bits). (Please note that this algo differs in key ways from Karacell
(1), released in whitepaper form in
17 matches
Mail list logo