Re: [liberationtech] About private networks (Was Re: NYT covers China cyberthreat)

On 22/02/13 03:53, Charles Zeitler wrote: > On Thu, Feb 21, 2013 at 8:10 AM, Eugen Leitl wrote: >> On Wed, Feb 20, 2013 at 09:03:06PM -0600, Charles Zeitler wrote: >> >>> http://en.wikipedia.org/wiki/Quantum_cryptography >> Doesn't really work. Essentially, this is expensive >> snake oil. > so, it

Re: [liberationtech] About private networks (Was Re: NYT covers China cyberthreat)

On Thu, Feb 21, 2013 at 8:10 AM, Eugen Leitl wrote: > On Wed, Feb 20, 2013 at 09:03:06PM -0600, Charles Zeitler wrote: > >> http://en.wikipedia.org/wiki/Quantum_cryptography > > Doesn't really work. Essentially, this is expensive > snake oil. so, it's been tried, eh? can you post a link? charles

[liberationtech] Security Seminar Today (*in Gates 415*): Florian Kerschbaum -- An Optimizing Compiler for Secure Computations

From: Joe Zimmerman *Florian Kerschbaum -- An Optimizing Compiler for Secure Computations ** *Thursday, February 21, 2013, 4:30pm* Gates 415* *(note unusual place) *Abstract: Secure multi-party computations have many applications in privacy and data security. They can solve cross-organization

[liberationtech] Cryptocat Bug Hunt!

Hey LibTech, I just wanted to let the techies on this list know that Cryptocat's just started a bug hunt initiative! We will be rewarding security bug squishers with swag, t-shirts, stickers, cash and a mention of our Wall of Unquestionable Greatness: https://crypto.cat/bughunt/ Participate and h

Re: [liberationtech] Chinese Hacking, Mandiant & Cyber War

On 2/21/13 5:27 PM, Yosem Companys wrote: > Sadly, policymakers seem to think we have completely solved the > attribution problem. We have not. This article published in > Computerworld does an adequate job of stating my position: > http://news.idg.no/cw/art.cfm?id=94AB4F98-9BBD-1370-154D49FAA7706B

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

Jurre andmore: > TRESOR is no holy grail - I recommend reading TRESOR-HUNT: Attacking > CPU-Bound Encryption[1]. > > [1] http://seclab.ccs.neu.edu/publications/acsac2012dma.pdf > Of course and UFED has JTAG support and so, I would be surprised if they didn't also attack TRESOR with such a setup

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

TRESOR uses debug registers and only protects key material. It doesn't protect the code that actually reads that key in or out of the register, nor any of the data that is actually decrypted with the key. So, it provides protection just for keys against passive, read-only attacks against memory. Th

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

On Thu, Feb 21, 2013 at 2:08 PM, Jacob Appelbaum wrote: > > It seems like one of the few times the use of something like TRESOR > would improve: > http://www1.informatik.uni-erlangen.de/tresor TRESOR looks very interesting! I wonder what's preventing its kind of techniques from being more widely

Re: [liberationtech] Let's make rooting phones a crime

Good news everyone! It *looks like we made it*. I'd like to share this victory video with you https://www.youtube.com/watch?v=8SEwQRPtUz4&feature=youtu.be&t=2m13s The White House petitionto make unlocking phones l

Re: [liberationtech] Using Gajim Instead of Pidgin for More Secure OTR Chat

On 02/20/2013 10:42 PM, Gregory Maxwell wrote: > On Wed, Feb 20, 2013 at 10:27 PM, Micah Lee wrote: >> I just wrote a blog post that people here might find interesting about >> using Gajim, a chat client written in python, and Gajim's OTR plugin, a >> purely python implementation of the OTR standa

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

Michael Rogers: > On 21/02/13 18:32, Brian Conley wrote: >> Any idea why the researchers would posit that iOS devices may be >> less susceptible? > > iOS has several classes of encrypted storage. For the > NSFileProtectionComplete class, the class key that protects the > individual file keys is er

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

Brian Conley: > Always trust Jake to cut right to the bare honest ugly (and depressing!) > truth. If you really want to be depressed about mobile security, I encourage you to acquire the cellebrite UFED forensics device: http://www.cellebrite.com/mobile-forensic-products/ufed-touch-ultimate.html

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 21/02/13 18:32, Brian Conley wrote: > Any idea why the researchers would posit that iOS devices may be > less susceptible? iOS has several classes of encrypted storage. For the NSFileProtectionComplete class, the class key that protects the individ

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

Always trust Jake to cut right to the bare honest ugly (and depressing!) truth. thanks! B On Thu, Feb 21, 2013 at 10:48 AM, Jacob Appelbaum wrote: > Brian Conley: > > hrm, also true for the newest line of google nexus i believe. > > > > In any phone where one might be able to open the case, I a

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

Brian Conley: > hrm, also true for the newest line of google nexus i believe. > In any phone where one might be able to open the case, I assume someone will also just be able to tap the bus lines. Thus, the easy route (booting off of a special image) might not be simple but these devices aren't u

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

hrm, also true for the newest line of google nexus i believe. On Thu, Feb 21, 2013 at 10:37 AM, Parker Higgins wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 2/21/13 10:32 AM, Brian Conley wrote: > > Any idea why the researchers would posit that iOS devices may be > > less susce

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2/21/13 10:32 AM, Brian Conley wrote: > Any idea why the researchers would posit that iOS devices may be > less susceptible? Not sure if this is what they have in mind, but this particular technique requires a battery pop to get into fastboot mode,

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

Thanks Steve, Any idea why the researchers would posit that iOS devices may be less susceptible? Brian On Thu, Feb 21, 2013 at 10:08 AM, Steve Weis wrote: > This is a good illustration how data in use is exposed to physical attacks > on most computing devices. > > An interesting side-note is t

[liberationtech] Someone in "Yo Soy 132"? Undergraduate seeking info for project

from: Victoria Robles Does anyone know someone involved in this movement in Mexico? I'm trying to get some first-hand information. Thanks! abrazos, Vicky -- Victoria Robles Stanford University | Class of 2014 B.S. Candidate | Materials Science & Engineering Engineering Diversity Programs | Inte

Re: [liberationtech] Freeze the memory out of a galaxy nexus?

This is a good illustration how data in use is exposed to physical attacks on most computing devices. An interesting side-note is that Android phones are starting to ship with a hardware security module (HSM), which can be used for crypto operations and key storage. Duo Security is one company tha

[liberationtech] Chinese Hacking, Mandiant & Cyber War

From: Gary McGraw No doubt all of you have seen the NY Times article about the Mandiant report that pervades the news this week: http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html I believe it is important to understand the difference between cybe

[liberationtech] Freeze the memory out of a galaxy nexus?

http://www.forbes.com/sites/andygreenberg/2013/02/14/frost-attack-unlocks-android-phones-data-by-chilling-its-memory-in-a-freezer/ -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech

Re: [liberationtech] About private networks (Was Re: NYT covers China cyberthreat)

On Wed, Feb 20, 2013 at 09:03:06PM -0600, Charles Zeitler wrote: > http://en.wikipedia.org/wiki/Quantum_cryptography Doesn't really work. Essentially, this is expensive snake oil. -- Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtec

[liberationtech] INC Social Media Reader out now

Geert Lovink and Miriam Rasch (eds), Unlike Us Reader: Social Media Monopolies and Their Alternatives, Amsterdam: Institute of Network Cultures, 2013. ISBN: 978-90-818575-2-9, paperback, 384 pages. Freely downloadable as pdf on: http://networkcultures.org/wpmu/portal/publication/unlike-us-rea

[liberationtech] Indymedia: It’s time to move on

Hi, this article about Indymedia is not liberation tech in the strict sense of the word. But then a lot of people who are or were involved with Indymedia are subscribers here and there's considerable overlap of interest, I'd say? http://ceasefiremagazine.co.uk/indymedia-its-time-move/ A local In