I live in SF and I'd be down. Let me know what date.
-j
On Sun, Feb 1, 2015 at 5:56 PM, Yosem Companys compa...@stanford.edu
wrote:
From: Rhona Mahony rmah...@stanford.edu via
cryptopa...@lists.stanford.edu
Hey, the Privacy Team at Mozilla would like our help with a
CryptoParty! They
I'm on vacation at the moment and it's going to take some time to
analyze Detekt, but there are a number of problems with the software
so far that need help and possibly a write-up or two. Most of it makes
me think, something doesn't smell right here. Here are some random
thoughts after a first
Uh, as far as I know Twitter did not have per-country restrictions on
2FA. Perhaps this is because of limited SMS support, but Twitter did
not restrict 2FA per-country.
-j
On Sun, Sep 28, 2014 at 4:33 AM, Nariman Gharib nariman...@gmail.com wrote:
Hi,
This week, Dick constolo did a good job
I don't know where you're getting your information from, but I audited
Google's 2FA when I worked at Twitter. The attack scenario that is
described here is simply not possible without the endpoint being
owned.
Code replay is not possible. Once a code is accepted, it cannot be
used again to log
On Sat, Mar 15, 2014 at 5:27 AM, carlo von lynX
l...@time.to.get.psyced.org wrote:
On Fri, Mar 14, 2014 at 04:45:01PM -0500, John Adams wrote:
Granted, it provides a low level of encryption for clients but it does not
provide Non-repudiability to those users, opening them up to MitM attacks
On Mon, Feb 3, 2014 at 3:43 AM, Rich Kulawiec r...@gsp.org wrote:
On Fri, Jan 31, 2014 at 09:01:06AM -0800, Yosem Companys quoted:
One of these mandates includes having employees with Windows XP
laptops and desktops migrate to Windows 7 Enterprise or Ultimate, or
Windows 8 Pro or
On Oct 5, 2013, at 12:17 AM, Andy Isaacson a...@hexapodia.org wrote:
I wonder if tor.eff.org has any referer logs from 2006 showing inbound
traffic from http://wiki.gchq/ or similar.
.gchq isn't an Internet TLD, so
That's doubtful.
-j
--
Liberationtech is public archives are searchable on
Ah, point taken. Referrer leak would be very interesting to research here.
-j
On Sat, Oct 5, 2013 at 1:25 PM, Andy Isaacson a...@hexapodia.org wrote:
On Sat, Oct 05, 2013 at 04:36:27PM +0100, Ximin Luo wrote:
On 05/10/13 16:31, John Adams wrote:
On Oct 5, 2013, at 12:17 AM, Andy
Has Apple released specs on the operation of the fingerprint system? I.e.
Can it be configured to use both a pin and a fingerprint?
-j
On Tue, Sep 10, 2013 at 2:34 PM, Percy Alpha percyal...@gmail.com wrote:
I know that users can be forced to handover digital card and written down
passcode
The reason why Twitter, Google, and other companies went to RC4 is because
of issues with AES. The CBC and known IV attacks permitted BEAST to occur.
RC4 was the safest way out.
Even then, RC4 can be broken. In short, no one on the Internet is running
SSL in a way that cannot be broken. Although,
We call this The trust and safety departments at most major companies.
It already exists. You're getting wrapped up in a technical implementation
which would normally be handled by large teams. The level of integration
you describe is more than just a simplistic database table.
Additionally,
Uh. S/key is a one time pad system that came out over 20 years ago and is open
source.
Sent from my iPhone
On Jul 11, 2013, at 8:36 PM, Andy Isaacson a...@hexapodia.org wrote:
On Thu, Jul 11, 2013 at 08:12:32PM -0500, Paul Elliott wrote:
Are there any practical one time pad management
ECHDE_RSA offers an excellent degree of protection against after the fact
analysis if and only if the private key is disclosed (or captured.)
If the the privkey is unavailable, NSA can always go after the session keys
-- capture of communications is actually made easier in these cases when
sites
scarcasm
I'm completely certain that these small, poorly funded projects have hired
massive security teams (as the major social networks do) and provide a safe
alternative to Facebook or Twitter.
/scarcasm
On Mon, Jun 17, 2013 at 4:13 PM, Yosem Companys compa...@stanford.eduwrote:
Slate
the
tools can and cannot provide.
-j
On Wed, Jun 12, 2013 at 11:13 AM, Andrea St and...@gmail.com wrote:
Dear friends
about John Adams, i just copied the title of the website. No more, no
less.
2013/6/12 Guido Witmond gu...@witmond.nl
On 12-06-13 19:21, John Adams wrote:
I like
However, according to SecDev cyber analysts, a damaged cable alone should
not have caused the Border Gateway Protocols (BGP) routes for netblocks to
be withdrawn. Rather, the fact that these routes disappeared suggests that
the regime ordered the disconnect for reasons that are unknown.
On Fri, Mar 15, 2013 at 1:08 PM, Shava Nerad shav...@gmail.com wrote:
Technically, that's a different conference -- SXSW/I is a separate event
that doesn't even run the same dates, last time I went (though they
overlapped).
It is all the same conference, That's why I have a platinum badge
I have never had a problem with creating images via hdiutil, setting them
to AES-256, and then using them on dropbox.
Additionally, if dropbox is breaking files, file a bug report. I've met
with their team multiple times and they're certainly willing to fix things
like this.
-j
On Sun, Jan 6,
On Sun, Jan 6, 2013 at 1:47 PM, Jacob Appelbaum ja...@appelbaum.net wrote:
I generally agree that the data should be encrypted, though I think it
should also be authenticated and integrity checked before it is actually
used.
If this level of paranoia is relevant to you, then maintain
Why don't you just get around the problem entirely and use Dropbox's
storage for encrypted disk images?
If you have data sufficiently encrypted, it doesn't matter how it's stored.
-j
On Sun, Jan 6, 2013 at 12:49 AM, Jerzy Łogiewa jerz...@interia.eu wrote:
Hello!
Dropbox is completely
20 matches
Mail list logo