On Thu, Nov 20, 2014 at 02:02:24PM -0500, AntiTree wrote:
> I don't see what this would do that an AV wouldn't. Of the samples
> I've reviewed, most (all?) have been detected by AV.
On the contrary, Claudio has documented several RATs and other
"surveillance" malwares used by repressive government
On Mon, Oct 06, 2014 at 06:35:35PM -0700, Greg wrote:
> Thanks for letting me know. Looks like only some of the sparsebundles
> are getting properly timestamped for some reason. We'll fix this for
> the next release.
>
> You of all people, however, should know better [1] than to ignore my
> reques
On Mon, Aug 25, 2014 at 04:24:02PM -0300, J.M. Porup wrote:
> > Folks doing this should be cautious of being completely visible, since
> > in the hypothesized interregnum the lists of "where the knowledge from
> > the past is" will be target lists, both for the opressors to destroy and
> > for desp
On Sun, Aug 24, 2014 at 04:40:26PM -0300, J.M. Porup wrote:
> If we really want a permanent archive of humanity's work, we
> need to build some kind of distributed Noah's Ark. Archive.org is
> no good (book depositories are the first to go when the book-burning
> starts), and asking the book-burne
On Thu, Jul 17, 2014 at 12:32:26PM -0700, coderman wrote:
> > And once you've patched this bug, FOXACID will update to issue another
> > 0day.
> >
> > It's worth doing, for sure! Patching bugs makes us all incrementally
> > safer.
>
> this is exactly why some who have received these payloads are
On Thu, Jul 17, 2014 at 03:14:32PM -0400, Jonathan Wilkes wrote:
> We know something about the selectors that could trigger
> Foxacid attacks, and we can record the data sent to a machine
> running Tor Browser Bundle. So has anyone set up a sitting duck to
> trigger and record the payload of
On Tue, Jun 24, 2014 at 11:17:31AM -0700, Lucas Gonze wrote:
> If anybody comes up with a such a map for the bay area, I'd love to see it.
You may be interested in the hackathon being held on Sat July 12
at Swissnex:
The Hidden City: From Surveillance to Sousveillance
A hack day and workshop with
On Wed, Dec 18, 2013 at 03:42:33PM -0500, Alfredo Lopez wrote:
> On 12/18/2013 03:24 PM, Andy Isaacson wrote:
> > CCing NANOG, since this might be of interest there. Please keep
> > the discussion focused on technical routing issues rather than
> > politics or conspiracy
On Wed, Dec 18, 2013 at 12:24:06PM -0800, Andy Isaacson wrote:
> CCing NANOG, since this might be of interest there.
{never mind, nanog is filtered, so please *don't* CC unless you enjoy
mailman bounce messages.}
-andy
--
Liberationtech is public & archives are searchable on Google
CCing NANOG, since this might be of interest there. Please keep the
discussion focused on technical routing issues rather than politics
or conspiracy theories.
On Wed, Dec 18, 2013 at 11:16:28AM -0500, Tom Ritter wrote:
> I just had the guy next to me with a AT&T phone try to access it and
> inde
Apologies for the long quote, but I wanted to preserve as much context
as possible.
On Fri, Oct 18, 2013 at 05:23:32PM -0400, David Golumbia wrote:
> > Mr. Snowden said he gave all of the classified documents he had
> > obtained to journalists he met in Hong Kong, before flying to Moscow,
> > and
On Sat, Oct 05, 2013 at 04:36:27PM +0100, Ximin Luo wrote:
> On 05/10/13 16:31, John Adams wrote:
> > On Oct 5, 2013, at 12:17 AM, Andy Isaacson wrote:
> >> I wonder if tor.eff.org has any referer logs from 2006 showing inbound
> >> traffic from http://wiki.gchq/ or si
On Fri, Oct 04, 2013 at 02:05:23PM -0700, d.nix wrote:
> Just published by Bart Gellman (Thanks Bart!):
>
> http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-tor-encryption-program/501/
This is the output of a student Summer Program project, as advertised
here:
http://www.nsa
On Wed, Oct 02, 2013 at 11:57:24PM -0500, Paul Elliott wrote:
> What is the quality of the Hardware RNG in the Raspberry Pi?
Fairly unknown. The current driver used in Raspbian and so on, which
exposes the RNG directly at /dev/hwrng is definitely *not* safe to use
raw -- it needs a mixing pool at
On Sat, Sep 21, 2013 at 09:24:43PM +0300, jd.cypherpu...@gmail.com wrote:
> Cypherpunk Eric Hughes: Der Überwachungsalptraum ist wahr geworden -
> http://t.co/hZAWMTEKWZ (DE only) Die Zeit
Why on earth do you route through t.co.
http://www.zeit.de/digital/internet/2013-09/cypherpunks-eric-hughes
On Mon, Sep 16, 2013 at 02:47:48PM -0500, Jon Lebkowsky wrote:
> I followed your links, which said that someone filed a complaint with
> the FTC. Nothing about the FTC suing Dropbox. Got a link for that?
Indeed, seems I was mistaken about how far the issue went. (And I don't
understand the intric
On Mon, Sep 16, 2013 at 08:47:09AM -0700, Joe Szilagyi wrote:
> I thought they hyped at one point their encryption and "not
> accessing your files". I guess I was mistaken.
They used to claim that "dropbox cannot access your files", but after
Chris Soghoian and others pointed out that this was not
On Tue, Sep 10, 2013 at 05:54:44PM -0400, Scott Elcomb wrote:
> Starting a new thread - it's related but a slightly different topic.
>
> Despite having several devices with fingerprint scanners, I've never used one.
>
> With the release of iPhone 5S and all the discussion around it, I'm
> curious
On Sat, Sep 07, 2013 at 12:51:19AM +0300, Maxim Kammerer wrote:
> On Fri, Sep 6, 2013 at 10:34 PM, Andy Isaacson wrote:
> > This is not to say that RdRand is completely unusable. Putting RdRand
> > entropy into a software pool implementation like /dev/urandom (or
> >
On Fri, Sep 06, 2013 at 08:59:26PM -0700, cont...@ansamb.com wrote:
> I contact you as the co-founder of ]ansamb[.
> ]ansamb[ is a Reunion Island (France) based startup that designed a
> massively distributed architecture for content sharing from computer
> to computer in a full encrypted, unlimit
On Fri, Sep 06, 2013 at 10:45:46AM -0700, Joe Szilagyi wrote:
> Does anyone put any stock into the rumors floating lately that the
> government may have influenced Intel and/or AMD into altering in
> subtle ways that CPUs handle random number generation? I keep seeing
> this possible FUD floating a
On Fri, Sep 06, 2013 at 12:48:52AM +0300, Maxim Kammerer wrote:
> On Wed, Sep 4, 2013 at 11:03 PM, Travis McCrea wrote:
> > http://falkvinge.net/2013/09/04/open-letter-to-us-border-patrol-cbp/
>
> My understanding of the relevant laws is clearly lacking, but the
> common theme of these border det
On Thu, Aug 29, 2013 at 12:15:17PM -0700, Michael Hicks wrote:
> ok so I guess I just send u guys the links and u check out my software
> and Vet it? This was made for people to be able to protect their
> privacy and the NSA can't hack it No One can it's impossible. all the
> information is at scra
On Wed, Aug 28, 2013 at 10:47:16PM -0400, Sandy Harris wrote:
> It gets worse. The US has a Communications
> Assistance to Law Enforcement Act (CALEA)
> that basically makes it illegal for anyone to sell
> phone switches without wiretap capability in the
> US. As a result nearly all such switches h
On Mon, Aug 12, 2013 at 11:10:39AM +0200, Guido Witmond wrote:
> There is another problem. You rely on HTTPS. Here is the 64000 dollar
> question:
>
> Q._"What is the CA-certificate for your banks' website?"_
>
> I ask that question to anyone who claims to be security conscious. No
> one has give
On Tue, Aug 06, 2013 at 01:50:31PM +0300, Nadim Kobeissi wrote:
> Yes, to be absolutely clear, I think Tor should issue advisories for
> confirmed security issues in Tor Browser, since Tor Browser is a fork
> of Firefox and is independently maintained. This is exactly what Tor
> did this time, exce
On Tue, Aug 06, 2013 at 12:09:48AM +0200, Griffin Boyce wrote:
> We may have to disagree as to the way forward. I hate to be
> contentious, but it seems unlikely that Tor applied a patch without
> reading firefox's changelog.
I'm still not clear on what you want Tor to have done. Should they do a
On Mon, Aug 05, 2013 at 09:19:01AM -0400, liberationt...@lewman.us wrote:
> Please cite first person sources on this. It's not clear the FBI did
> anything or is involved at all. There is a reddit thread implying this,
> but no statement (as of yet) from the FBI or anyone claiming
> responsibility
On Thu, Aug 01, 2013 at 05:22:48PM +0200, Alexander Kjeldaas wrote:
> On Thu, Aug 1, 2013 at 5:01 PM, Andy Isaacson wrote:
> > On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote:
> > > Since a OTP depends critically on never using the same pad to encrypt
> > &
On Thu, Aug 01, 2013 at 07:37:59AM -0700, Andy Isaacson wrote:
> Since a OTP depends critically on never using the same pad to encrypt
> multiple plaintexts, it conversely also depends on the same pad only
> decrypting a single ciphertext. If a onetime implementation implements
>
On Wed, Jul 31, 2013 at 02:29:20PM -0700, Steve Weis wrote:
> I don't really see a practical use case for one-time pads. You have to
> assume that you can securely deliver the pad to someone in advance of
> any other communications.
This is the key management problem. If I want to secure a 10MB/d
On Wed, Jul 31, 2013 at 12:08:32PM -0500, Karl Fogel wrote:
> interests of code simplicity, I didn't implement that, as I didn't see a
> practical attack here. I still don't, but am definitely open to being
> corrected about that! It's just hard for me to see an attack that
> doesn't rely on havi
On Tue, Jul 30, 2013 at 01:15:15PM -0500, Karl Fogel wrote:
> Andy Isaacson writes:
> >> OneTime 2.0-beta is ready for review and testing, as threatened [1]. See
> >>
> >> http://red-bean.com/onetime/
> >
> >At a quick glance, it appears you have no
On Sun, Jul 28, 2013 at 12:47:10PM -0500, Karl Fogel wrote:
> Look at this as a chance to test the hypothesis that one-time pad
> systems aren't very useable in practice... :-)
>
> OneTime 2.0-beta is ready for review and testing, as threatened [1]. See
>
> http://red-bean.com/onetime/
>
> fo
On Thu, Jul 25, 2013 at 04:41:43AM -0700, Owen Barton wrote:
> > > If a government
> > > secretly aquired the SSL private keys for a site, and the site
> > > continued using them, then no convergence notary would know any
> > > cause not to vouch for the key.
> >
> > What helps here is perfect forw
On Sun, Jul 21, 2013 at 03:26:36AM +0200, KheOps wrote:
> Having to play a little bit with a couple of Amazon EC2 virtual
> machines, I noticed that I wasn't able to access thepiratebay.sx from
> them. The DNS entry is correct, but an HTTP request simply times out.
>
> They are located in the "US
On Fri, Jul 19, 2013 at 01:17:51PM +0100, Michael Rogers wrote:
> On 19/07/13 13:03, KheOps wrote:
> > Just came accross this article, apparently showing the bad quality
> > of the hardware RNG in Raspberri Pi devices.
> >
> > http://scruss.com/blog/2013/06/07/well-that-was-unexpected-the-raspberr
source.
>
> Sent from my iPhone
>
> On Jul 11, 2013, at 8:36 PM, Andy Isaacson wrote:
>
> > On Thu, Jul 11, 2013 at 08:12:32PM -0500, Paul Elliott wrote:
> >> Are there any practical one time pad management systems out there,
> >> GPLed for GNU/Linux?
> >
On Thu, Jul 11, 2013 at 08:12:32PM -0500, Paul Elliott wrote:
> Are there any practical one time pad management systems out there,
> GPLed for GNU/Linux?
I don't know of any but would be interested to learn of one.
> Is anyone working on one?
I started sketching some design ideas a few months ag
On Wed, Jul 10, 2013 at 08:00:03PM -0400, Tom Ritter wrote:
> On 10 July 2013 09:43, Jacob Appelbaum wrote:
> > Andreas Bader:
> > > Tens of thousands zero-days; that sounds like totally shit. That
> > > guy seems to be a script kiddie poser, nothing more.
> > > Are there any real "hackers" that c
On Thu, Jul 11, 2013 at 08:44:24AM -0700, Steve Weis wrote:
> It's not true that all widely used crypto implementations are open.
>
> Even open source projects themselves depend on closed implementations.
>
> For example, Linux, OpenSSL, GnuTLS, libgcrypt, and dm-crypt may all use
> AESNI on x86,
On Thu, Jul 11, 2013 at 12:23:25PM -0700, Mitar wrote:
> BTW. Even Tor has centralized directory servers.
It's incredibly misleading to imply that the Tor DA design provides a
similar threat to a server-hosted-crypto proprietary privacy app. (I'm
not accusing you of intentionally misleading, but
On Sat, Jun 29, 2013 at 03:41:22PM -0500, Mark Theunissen wrote:
> We've created an open-source (MIT license) social networking app that
> stands on the shoulders of BitTorrent Sync. It runs in the browser, looks
> kinda like Twitter.
>
> Vole is a small web server written in Go that you run local
On Mon, Jun 17, 2013 at 10:09:00AM -0400, Richard Brooks wrote:
[re looking for hardware trojans]
> You can't defend against this. There is a lot of research
> going into detecting hardware trojans. In general, verifying
> that either hardware or software is (or is not) malicious
> in undecidable.
On Tue, Jun 11, 2013 at 07:11:49PM -0700, Gregory Maxwell wrote:
> On Tue, Jun 11, 2013 at 6:56 PM, Kate Krauss wrote:
> > It's really easy to use these tools if you already know how to do it.
>
> I've been using PGP since 1994, if not earlier. In more recent times
1998, here.
> it's become a r
On Tue, Jun 11, 2013 at 11:28:37AM -0400, Catherine Roy wrote:
> Browser optimization is not something to take lightly and basically
> dismissing someone by telling them to go contribute code on github
See, you're missing the point here. Cryptocat isn't just a website that
needs to add some Opera
Apologies for replying out of thread and the wide CC list.
On Fri, Jun 07, 2013 at 06:41:32PM +0200, Eugen Leitl wrote:
> - Forwarded message from Matthew Petach -
>
> Date: Fri, 7 Jun 2013 09:32:53 -0700
> From: Matthew Petach
> Cc: NANOG
> Subject: Re: PRISM: NSA/FBI Internet data mi
On Wed, Jun 05, 2013 at 06:33:16PM -0400, Rich Kulawiec wrote:
> One more point: operations that are this incompetent and negligent
> cannot possibly provide any real assurance of security and privacy
> to their users, because their putative operators are no longer in
> full control of them. Not r
On Thu, May 30, 2013 at 12:12:15AM +0200, KheOps wrote:
> This is not the first time such a claim is made, but I just came accross
> what looks like to be a serious scientific publication claiming that
> they prove that P=NP.
>
> In simple words, this would mean that problems that are considered a
On Thu, Apr 25, 2013 at 10:12:11PM -0500, Gregory Foster wrote:
> The WSJ's Jennifer Valentino-DeVries broke this story yesterday,
> unfortunately behind the WSJ's paywall:
> https://twitter.com/jenvalentino/status/327172745332916225
For what it's worth, WSJ often serves real content when you're c
likely scenario is that the Secret Service
> communications are hacked by Nation States that used that surveillance
> to target me directly. A scary assumption, but not out of the
> question. Mitnick was reading GOV emails long ago and I would have to
> presume that adversaries are snoop
Unpaid internships are not universally illegal, but are often misused to
avoid minimum wage laws.
http://www.nytimes.com/2010/04/03/business/03intern.html
http://www.good.is/posts/unpaid-internship-unfair-likely-illegal-and-not-going-away-anytime-soon
http://www.moneysideoflife.com/illegal-interns
On Thu, Feb 07, 2013 at 02:11:22AM -0700, Christopher Soghoian wrote:
> It is clear that you seem to have developed a foaming-in-the-mouth,
> irrational hate of Silent Circle. As such, anyone who fails to denounce
> Phil Zimmermann as the great Satan is, in your eyes, some kind of corrupt
> shill.
On Wed, Feb 06, 2013 at 10:52:23AM -0500, micah anderson wrote:
> > - ChromeOS's update mechanism is automatic, transparent, and basically
> > foolproof. Having bricked Ubuntu and Gentoo systems, the same is not
> > true of Linux.
>
> I would be surprised if you actually 'bricked' these systems,
On Mon, Dec 10, 2012 at 10:07:23PM +, StealthMonger wrote:
> "Fabio Pietrosanti (naif)" writes:
> > for whose who has still not see that project, i wanted to send a notice
> > about MailVelope, OpenPGP encryption for webmail: http://www.mailvelope.com
>
> > It's a client-side, plug-in based (
On Sun, Nov 11, 2012 at 06:38:11PM -0800, Micah Lee wrote:
> That's great that they're releasing the source code.
>
> I'm confused about whether or not it's actually free software though,
Definitely not DFSG-free.
> and if people are allowed to release derivative works or not. It looks
> like it
On Tue, Oct 30, 2012 at 07:32:18PM -0400, Nadim Kobeissi wrote:
> This mailing list has a spam problem (I'm receiving nude photo attachments
> now.) Admins: Please address!
Hmmm, I'm not seeing this problem; I'm subscribed to liberationtech on a
bog-standard linux + postfix installation and I save
On Fri, Oct 05, 2012 at 05:43:46AM +0200, Maxim Kammerer wrote:
> Did anyone try this with devices that are supposed to be resistant to
> file shredding due to wear leveling? I tried the following on two USB
> keys, one ~12 years old, another ~6 years old, both formatted as
> FAT32:
>
> echo test_
58 matches
Mail list logo
