On Thu, Jan 23, 2014 at 3:05 AM, Fabio Pietrosanti (naif) <
li...@infosecurity.ch> wrote:
> Browser extension could be hacked if they are unsafe, trough the use of
>
XSS-like attack techniques, by triggering an external payload into it
> (for example from a website visited by the user).
>
...but
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 1/23/14, 3:12 PM, Al Billings wrote:
> "One of the interesting aspects of WebRTC is that it has
> encryption baked right into it; there's actually no way to send
> unencrypted media using a WebRTC implementation. The developing
> specifications c
I know EKR and can get him on board if people have a need (well, I can ask but
I’m not sure what his time is like).
From: Joseph Lorenzo Hall Joseph Lorenzo Hall
Reply: liberationtech liberationtech@lists.stanford.edu
Date: January 23, 2014 at 1:27:55 PM
To: liberationtech@lists.stanford.edu libe
All WebRTC needs to be as secure as a service like ostel.me is a browser
extension implementing ZRTP authentication between you and the callee. This
approach does not rely on PKI and does not need a server in between caller and
callee.
Also the ZRTP authentication string some of you are seei
"One of the interesting aspects of WebRTC is that it has encryption baked right
into it; there's actually no way to send unencrypted media using a WebRTC
implementation. The developing specifications currently use DTLS-SRTP
keying[1], and that's what both Chrome and Firefox implement.”
http://s
On Thu, Jan 23, 2014 at 11:58:28AM -0800, Tony Arcieri wrote:
> ZRTP authentication works by negotiating what's called a "short
> authentication string" between peers. If there's no MitM, both sides will
> see the same string.
>
> To authenticate, you start a voice/video call. You will see the per
Except implementations are using crypto as an option…
From: carlo von lynX carlo von lynX
So I expect WebRTC to become the next major problem for the liberation
business as it removes one more reason for people to install actual
free software - just now that free software Skype alternatives are
On Thu, Jan 23, 2014 at 11:52 AM, carlo von lynX <
l...@time.to.get.psyced.org> wrote:
> > say it not secure. WebRTC is compatible with ZRTP key-authentication
> which
> > builds in a video-based auth scheme and should stop MITM attacks (last
> time
>
> You can't diffie-hellman yourself out of a M
> > Dunno, WebRTC is so prone to MITM.
> > I'd rather have something secure.
On Tue, Jan 21, 2014 at 09:01:49PM -0500, Lucas Dixon wrote:
> What kind of MITM attack are you thinking of? WebRTC doesn't specify a key
> authentication protocol, so not sure WebRTC is anything specific enough to
The a
Comments inline.
Edwin
On Thu, Jan 23, 2014 at 3:05 AM, Fabio Pietrosanti (naif) <
li...@infosecurity.ch> wrote:
> Let's try to get bit deeper in the comparison of the effective
> vulnerability exposure window of a chrome browser extensions vs. native
> application.
>
> My feeling is that chro
Operating systems have decades of research into privilege separation
between users and processes. Browsers are a nice interface for viewing
websites. If you want signed executables and cross-platform support,
you can use e.g., Java Web Start (which is what Android apps
essentially boil down to).
--
Let's try to get bit deeper in the comparison of the effective
vulnerability exposure window of a chrome browser extensions vs. native
application.
My feeling is that chrome browser extensions are more secure than native
applications.
>
> Il 1/22/14, 9:53 AM, Tony Arcieri ha scritto:
>
> It's tr
12 matches
Mail list logo
