On 10.09.2013 21:01, The Doctor wrote:
It might be worth examining some static site generators, [...]
I'm having something like that in mind. The issue was getting the text
plus graphics online. The aversion to advertising is not against the
actual advertising. I'm using adblock to kill almo
On 10.09.2013 17:58, Griffin Boyce wrote:
I don't think it's particularly feasible without . Something that
works currently is using a laptop without a hard drive, a USB with TAILS
or Whonix, and another (encrypted) USB with your critical files on it.
Yes, Tails seems to be the solution her
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Well, you could do it in another way: have a sign somwhere and post a
webcam to it, which renews the picture every now an then... many
things can happen to this offline signs without codings
Hauke
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.20 (
The "other pressure" you mention is just what I was thinking of.
On the one hand there is a threat. "Cooperate with NSA or DOD won't
consider your bids." On the other hand there is an offer. "Cooperate with
NSA and DOD will favor your bids."
About the cash payments, operational costs are a small
I know that users can be forced to handover digital card and written down
passcode to decrypt data while memorized passcode is mostly safe from
subpena and court orders.
As iPhone5S uses fingerprint to lock the device, could users be forced to
unlock their iPhone5S?
As police can legally collect f
Maybe I just don't have the "broken Internets" problem very often, or I
don't notice it. I can use important sites such as my email provider's
web interface (when I'm not near my regular email client) and my credit
union's mobile site without enabling scripts, so there really isn't much
I'm going
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Monday, September 09, 2013 05:09 PM, Jonathan Wilkes wrote:
> On 09/09/2013 03:40 PM, Case Black wrote:
>> There's a more subtle variant to this idea...
[SNIP]
> In short I don't think there's a hack for this one, it just
> requires old fashioned ac
On 9/9/13 2:55 PM, Al Billings wrote:
> I suggest your use of the net is well outside the mainstream, even
> amongst security folks. Some of us actually use social networking, for
> example, or don't want ugly, half broken websites simply because we fear
> a JavaScript zero day.
Hi Al, big fan.
I think the most worrisome issue is that, any security vulnerability will
make direct personal information available to hackers. In other words,
password theft has no direct implciaiton to your persona, in contrast to
bodily information of the fingerprint. If hacked, this might be used for
ulterior
Interesting suggestion. (Do note that supposedly the device will read
'deep in the epidermis', through various skin layers. This suggests that a
life size image of fingerprint might not actually work.)
R
On Tue, Sep 10, 2013 at 5:54 PM, Scott Elcomb wrote:
> Starting a new thread - it's rela
On Tue, Sep 10, 2013 at 05:54:44PM -0400, Scott Elcomb wrote:
> Starting a new thread - it's related but a slightly different topic.
>
> Despite having several devices with fingerprint scanners, I've never used one.
>
> With the release of iPhone 5S and all the discussion around it, I'm
> curious
Your fingerprints change:
http://blog.erratasec.com/2013/09/fingerprints-can-change.html by @ErrataRob
On Tue, Sep 10, 2013 at 4:25 PM, John Adams wrote:
> Has Apple released specs on the operation of the fingerprint system? I.e.
> Can it be configured to use both a pin and a fingerprint?
>
>
Has Apple released specs on the operation of the fingerprint system? I.e.
Can it be configured to use both a pin and a fingerprint?
-j
On Tue, Sep 10, 2013 at 2:34 PM, Percy Alpha wrote:
> I know that users can be forced to handover digital card and written down
> passcode to decrypt data whi
It's not legal to pay for preferential treatment from the government,
that's bribery. Why would it be illegal for the NSA to pay ATT & Chase?
On Tue, Sep 10, 2013 at 3:27 PM, Lucas Gonze wrote:
> Let's say major corps like ATT and Chase are doing favors for NSA. Why
> would they if not for a
Clearly not a battle I'm going to "win" in any sense with this audience but,
really, the current Internet (for many many reasons) is pretty broken in places
(and I don't just mean Facebook) when you turn off JS. We talk about this at
work a lot and even amongst my peers with NoScript installed,
Yes. There is a good hack from the CCC where they
published the fingerprints of the German Innenminister
(equivalent of Attorney General). They also showed
how latex fingerprint imprints can fool existing
scanners.
On 09/10/2013 05:54 PM, Scott Elcomb wrote:
> Starting a new thread - it's related
Starting a new thread - it's related but a slightly different topic.
Despite having several devices with fingerprint scanners, I've never used one.
With the release of iPhone 5S and all the discussion around it, I'm
curious if fingerprints on file with various Law Enforcement agencies
could be pr
begin Moritz Bartl quotation of Tue, Sep 10, 2013 at 11:08:18PM +0200:
> On 09/10/2013 09:27 PM, Lucas Gonze wrote:
> > Let's say major corps like ATT and Chase are doing favors for NSA. Why
> > would they if not for a quid pro quo?
> >
> > And if they are getting favors in return, isn't that ille
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/10/2013 08:41 AM, Moon Jones wrote:
> A portable distribution on an encrypted stick.
>
> In the end, I think only an USB hard drive can offer that, because of
the way memory locations are handled by flash media.
>
> But is it feasable to have a
On Sep 10, 2013, at 2:54 PM, Scott Elcomb wrote:
> Starting a new thread - it's related but a slightly different topic.
>
> Despite having several devices with fingerprint scanners, I've never used one.
>
> With the release of iPhone 5S and all the discussion around it, I'm
> curious if finger
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/07/2013 08:14 AM, Moon Jones wrote:
> I want to do some microsites. All static. HTML plus a few
> optimised graphics. A few megabytes each. But I don't want ads. And
> it should be done over Tor. It's not about FBI/NSA, but about
> having less d
In general, as has been well documented, the telcos and other firms
charge the government for data records. While possibly distasteful
("they're making money off of giving our data to the gov!"), it makes
sense from an operational point of view: there are real, concrete
costs associated with storin
My thought is that the reported payments to compensate big corps aren't
enough to justify the opportunity cost.
For example, Room 641A. No doubt NSA is putting some cash in, but the
actual revenue is probably 1/1000th the cost to ATT. Renting rooms and taps
to governments is not a business ATT wou
On 09/10/2013 09:27 PM, Lucas Gonze wrote:
> Let's say major corps like ATT and Chase are doing favors for NSA. Why
> would they if not for a quid pro quo?
>
> And if they are getting favors in return, isn't that illegal?
>
> I wonder if there is evidence to show what the payback is.
http://www.
Let's say major corps like ATT and Chase are doing favors for NSA. Why
would they if not for a quid pro quo?
And if they are getting favors in return, isn't that illegal?
I wonder if there is evidence to show what the payback is.
--
Liberationtech is a public list whose archives are searchable o
(Apologies if you get this via a few mailing lists. I've tried to spread
it widely yet thinly. And of course, feel free to forward yourself, if
only so I get less blame for over-forwarding)
The newly created Review Group on Intelligence and Communications
Technologies is seeking public comment on
http://www.kickstarter.com/projects/1904431672/trsst-a-distributed-secure-blog-platform-for-the-o
-Bill
--
Liberationtech is a public list whose archives are searchable on Google.
Violations of list guidelines will get you moderated:
https://mailman.stanford
A portable distribution on an encrypted stick.
In the end, I think only an USB hard drive can offer that, because of
the way memory locations are handled by flash media.
But is it feasable to have a two device solution? Media1 has the /boot
but Media2 has the strong key. Media1 boots, prompts
On 09/09/2013 11:09 PM, Jonathan Wilkes wrote:
> On 09/09/2013 03:40 PM, Case Black wrote:
>> There's a more subtle variant to this idea...
>>
>> Regularly state ("put up a sign") that you HAVE in fact received an
>> NSL...with the public understanding that it must be a lie (there's no
>> law ag
This sounds a nice idea.
There was a similar idea (in its early stages) presented at SOUPS 2013
(Symposium on Usable Privacy and Security) earlier this year. [1]
It was called "Device Dash: An Educational Computer Security Game" presented by
Era Vuksani. Unfortunately the Era's thesis is not
I like this concept. I'd particularly love a more basic version of this,
perhaps using openbadges to reward people who make it through a
game-cum-course that lets them use security-related tools.
A perennial problem in security education is getting people enough
practical experience. That's parti
On 03.09.2013 14:10, Moon Jones wrote:
I stumbled upon UPR these last days. It does not work on my machines.
But the idea sounds good. Yet I could not find anything like it. Tails
comes close, but the network is enabled.
I discovered that Trisquel can be used on most (not all!) laptops with
su
32 matches
Mail list logo