On 9/7/2011 3:42 PM, Marsh Ray wrote:
On 09/07/2011 03:19 PM, Julian Yon wrote:
My bank forces me to enter part of my password using unobscured
dropdowns for security. Sure, it avoids keyloggers, but what about
*someone standing behind me*?
Do they have a gun? Otherwise, cover the screen
On 08/09/11 15:20, Joe Btfsplk wrote:
My point was ( I think Julian's) was, aside from certificate issues,
various practices of many sites where security is vitally important,
their WORDS ~ we take customers' security online safety very
seriously use high security standards..., and their
On 9/2/2011 4:46 PM, and...@torproject.org wrote:
On Fri, Sep 02, 2011 at 01:31:53PM -0400, col...@averysmallbird.com wrote 4.5K
bytes in 109 lines about:
: According to a number of bloggers(1), torproject.org was include among those
Here's another blogger for your list,
Joe Btfsplk wrote:
I'm just asking here - other than entities (gov'ts?) targeting anonymity
software (for now) what prevents this issue from becoming widespread?
If I download an update from MS - how do I know it's the authentic pkg
from the real MS? There's no authentication (or even check
I'm just asking here - other than entities (gov'ts?) targeting anonymity
software (for now) what prevents this issue from becoming widespread?
If I download an update from MS - how do I know it's the authentic pkg
from the real MS? There's no authentication (or even check sums) for
d/l
On 03/09/11 15:59, Jim wrote:
I don't have a solution to this problem but I am raising it in case
somebody else does. It's great that you not only sign your packages but
that the page above also lists the fingerprints of the signing keys.
But in case of a man-in-the-middle attack (or a
On 9/3/11, Joe Btfsplk joebtfs...@gmx.com wrote:
[.. snip stuff addressed to others ..]
Lee:
These are all rhetorical questions - right?
No. I understand Tor Project's main concern is Tor / TBB. I fail to
understand why the issue / problem being discussed is in any way limited
to Tor or a
- Original Message -
From: Roger Dingledine
Sent: 09/01/11 03:47 PM
To: tor-talk@lists.torproject.org
Subject: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many
others)
For those who haven't been following, check out
https://blog.torproject.org/blog/diginotar-debacle
On 9/2/2011 7:55 AM, Achter Lieber wrote:
- Original Message -
From: Roger Dingledine
Sent: 09/01/11 03:47 PM
To: tor-talk@lists.torproject.org
Subject: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many
others)
New bundles are out now:
https://blog.torproject.org
On 9/2/2011 9:57 AM, David Carlson wrote:
On 9/2/2011 9:28 AM, Joe Btfsplk wrote:
Is it really a risk, d/l Tor or TBB directly from Tor Project's site,
that verifying signatures is necessary? What is the reasoning here -
if getting files from Tor Project server?
On 9/2/2011 9:28 AM, Joe Btfsplk wrote:
On 9/2/2011 7:55 AM, Achter Lieber wrote:
- Original Message -
From: Roger Dingledine
Sent: 09/01/11 03:47 PM
To: tor-talk@lists.torproject.org
Subject: [tor-talk] Dutch CA issues fake *.torproject.org cert (among
many others)
New bundles
Joe Btfsplk writes:
Is it really a risk, d/l Tor or TBB directly from Tor Project's
site, that verifying signatures is necessary? What is the reasoning
here - if getting files from Tor Project server?
How do you know it was really the Tor Project server?
--
Seth Schoen sch...@eff.org
On 9/2/2011 12:11 PM, Seth David Schoen wrote:
Joe Btfsplk writes:
Is it really a risk, d/l Tor or TBB directly from Tor Project's
site, that verifying signatures is necessary? What is the reasoning
here - if getting files from Tor Project server?
How do you know it was really the Tor
According to a number of bloggers(1), torproject.org was include among those
domains targeted in the certificate breach. In at least the case of Google,
these certificates have been offered to Iranian Internet users by a number
of ISPs, in a number of city.
Risk is a product of situation, and if
On Fri, Sep 02, 2011 at 01:31:53PM -0400, col...@averysmallbird.com wrote 4.5K
bytes in 109 lines about:
: According to a number of bloggers(1), torproject.org was include among those
Here's another blogger for your list,
For those who haven't been following, check out
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
You should pay special attention if you're in an environment where your
ISP (or your government!) might try a man-in-the-middle attack on your
interactions with
16 matches
Mail list logo
