Data encryption and decryption computer program
POPULARITY
2 episodes with openpgp
3 episodes with openpgp
3 episodes with openpgp
2 episodes with openpgp
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Researchers Scanning the Internet A newish RFC, RFC 9511, suggests researchers identify themselves by adding strings to the traffic they send, or by operating web servers on machines from which the scan originates. We do offer lists of researchers and just added three new groups today https://isc.sans.edu/diary/Researchers%20Scanning%20the%20Internet/31964 Cloudy with a change of Hijacking: Forgotten DNS Records Organizations do not always remove unused CNAME records. An attacker may take advantage of this if an attacker is able to take possession of the now unused public cloud resource the name pointed to. https://blogs.infoblox.com/threat-intelligence/cloudy-with-a-chance-of-hijacking-forgotten-dns-records-enable-scam-actor/ Message signature verification can be spoofed CVE-2025-47934 A vulnerability in openpgp.js may be used to spoof message signatures. openpgp.js is a popular library in systems implementing end-to-end encrypted browser applications. https://github.com/openpgpjs/openpgpjs/security/advisories/GHSA-8qff-qr5q-5pr8
Guests Jan Lehnardt | Alba Herrerías Ramírez Panelist Richard Littauer Show Notes In this episode of Sustain, host Richard Littauer engages with Jan Lehnardt and Alba Herrerías Ramírez from Neighbourhoodie, a consultancy company based in Berlin and the Canary Islands. The discussion delves into Neighbourhoodie's work on sustaining open source projects, their collaboration with the Sovereign Tech Fund for enhancing open source project's bug resilience, and the technical and ethical facets of their consultancy services. Insights are shared into their past and current projects, including PouchDB, CouchDB, and their contributions to humanitarian causes, emphasizing their focus on creating a sustainable impact in the open source community. Press download now to hear more! [00:01:55] Jan explains the origin of Neighbourhoodie, which began with the Hoodie open source project, how the company evolved, the decline of the Hoodie project due to timing and resources, and how CouchDB and PouchDB continued to thrive. [00:04:27] Richard asks about the company's name and its novelty domain, and Jan gives an overview of Neighbourhoodie's size and slow and steady growth, and their focus on a positive work environment. [00:05:51] Jan gives a detail explanation of CouchDB and PouchDB's functionality, particularly their offline-first and synchronization capabilities, and how this has been used in critical projects like the Ebola vaccine. [00:08:41] Richard asks about maintaining ethical work practices and avoiding projects that conflict with Neighbourhoodie's values. [00:09:53] Jan discusses how Neighbourhoodie balances reinvesting in open source projects and expanding the company, focusing on professional services around CouchDB and PouchDB. [00:11:53] Alba describes her role in leading Sovereign Tech Fund (STF) projects within Neighbourhoodie, and how they engage with various projects to offer support. [00:13:31] Jan explains the STF's Bug Resilience Program. [00:16:33] Richard asks about the potential ethical dilemma when third-party consultants like Neighbourhoodie might be taking work that could have otherwise gone to maintainers themselves. We hear how Neighbourhoodie, the projects, and the STF agree on statements of work, including milestones and time estimates, to ensure fairness and proper allocation of resources. [00:21:23] We learn from Jan that dealing with low-quality bug reports isn't a primary focus of their work, but improving test coverage, dependency updates, and CI/CD processes helps mitigate these issues as a side effect. [00:22:54] Alba talks about the different types of projects they work in, such as OpenPGP.js, Sequioa, Yocto, PyPi, Systemd, PHP, Log4j, and reproducible builds. [00:23:49] Jan discusses the challenges and learning opportunities that comes with working across diverse projects, each with its own set of tools, communication styles, and cultural contexts. [00:25:29] Richard reflects on the complexity of open source sustainability and Alba describes how they research projects and identify areas where they can provide the most help, tailoring their approach to the specific needs of each project. [00:27:25] Jan explains that they don't dictate solutions but rather collaborate with projects to address their most pressing needs, often helping to mediate between different parts of a project to find common ground. [00:30:07] Jan explains how they educate clients to take responsibility for the scripts they deliver, unless there's a long-term support contract in place. [00:32:00] We learn how the Neighbourhoodie transition was organic and not part of a grand strategy and how they continue to contribute to open source through their consulting work. [00:34:54] Richard questions the choice of open source as the main focus given its limitations, and Jan explains that open source is widely understood and accessible, making it a practical choice for their work. [00:37:35] Alba and Jan share some highlights and fun things from their work. [00:39:32] Find out where you can follow Jan and Alba online. Quotes [00:02:19] “The goal was to have two separate entities so that when the company puts out an open source project in its own name, and then the company goes under, and the project goes away, we wanted to not have that.” [00:24:08] “If you do software long enough, you realize that the technical problems are just the sideshow and everything else you have to solve things on the people layer instead of the technology layer.” [00:25:06] “The current monoculture of everything is on GitHub is not the only truth out there.” [00:35:34] “Open source is the thing that everybody understands.” Spotlight [00:40:57] Richard's spotlight is Gregor Martynus. [00:41:54] Jan's spotlight is AdonisJS. [00:42:45] Alba's spotlight is PouchDB. Links SustainOSS (https://sustainoss.org/) podcast@sustainoss.org (email) (mailto:podcast@sustainoss.org) richard@theuserismymom.com (email) (mailto:richard@theuserismymom.com) SustainOSS Discourse (https://discourse.sustainoss.org/) SustainOSS Mastodon (https://mastodon.social/tags/sustainoss) Open Collective-SustainOSS (Contribute) (https://opencollective.com/sustainoss) Richard Littauer Socials (https://www.burntfen.com/2023-05-30/socials) Alba Herrerías Ramírez LinkedIn (https://www.linkedin.com/in/alba-herrerias-ramirez/) Alba Herrerías Ramírez Website (https://www.albaherrerias.dev/) Alba Herrerías Ramírez Mastodon (https://mastodon.social/@albaherrerias) Alba Herrerías Ramírez email (mailto:alba@neighbourhood.ie) Jan Lehnardt LinkedIn (https://www.linkedin.com/in/jan-lehnardt-750b0816b/) Jan Lehnardt Website (https://writing.jan.io/) Jan Lehnardt Mastodon (https://narrativ.es/@janl) Jan Lehnardt email (mailto:jan@neighbourhood.ie) Neighbourhoodie Software (https://neighbourhood.ie/) CouchDB (https://couchdb.apache.org/) Sovereign Tech Fund (https://www.sovereigntechfund.de/) Bug Resilience Program (STF) (https://www.sovereigntechfund.de/programs/bug-resilience) Sustain Podcast: 2 episodes with guest Daniel Stenburg (https://podcast.sustainoss.org/guests/stenberg) Gregor Martynus-GitHub (https://github.com/gr2m) AdonisJS (https://adonisjs.com/) PouchDB (https://pouchdb.com/) Credits Produced by Richard Littauer (https://www.burntfen.com/) Edited by Paul M. Bahr at Peachtree Sound (https://www.peachtreesound.com/) Show notes by DeAnn Bahr Peachtree Sound (https://www.peachtreesound.com/) Special Guests: Alba Herrerías Ramírez and Jan Lehnardt.
Online identity is a ticking time bomb. Are trustworthy, open-source solutions ready to disarm it? Or will we be stuck with lackluster, proprietary systems?Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices!1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps.Support LINUX UnpluggedLinks:
密码学一直在为保护信息安全、确保通信隐私和完整性发挥着关键作用,区块链和加密货币正是基于密码学原理构建的,而在密码学诞生的背后,隐藏着一群名为Cypherpunk(密码朋克)极客群体。从上个世纪90年代开始,这些密码朋克们开始尝试构建一个数字乌托邦,他们的执着,不仅构建起了保卫通信安全的堡垒,也就此开启了整个加密货币故事的序章。 那么,加密精神究竟从何而来,它与近年来轰轰烈烈的Web3运动有何联系,密码朋克真正的精神内核又是什么?伴随着最近加密货币牛市的到来,本期节目,就让我们一起回到Web3的起源之处去一探究竟。 此次,我们邀请到了“原语里弄”发起人、资深密码学研究者姚翔和BODL Ventures合伙人、前链闻总编辑、前彭博商业周刊中文版主编刘锋,来一起深入聊聊那些关于密码学和密码朋克们的故事,探索密码朋克是如何起源、如何发展又是如何一步步改变加密世界的。 【主播】 Vicky,《Web3 101》播客主理人 【嘉宾】 刘锋, BODL Ventures合伙人、前链闻总编辑、前彭博商业周刊中文版主编 姚翔,“原语里弄”发起人、密码学研究者 【你将听到】 【跟加密货币的第一次接触】 03:18 加密货币背后不只有利益游戏,更有一段Cypherpunk(密码朋克)精神史 04:49 2010年看比特币相关论文,技术上能完全理解,但并没有深入理解技术背后想要解决的经济社会问题 09:06 早期很多人因为挖比特币挣了钱,所以出现要打破传统金融和老钱控制的潮流 10:57 加密世界是一个兔子洞,洞内洞外是完全不同的世界 【密码朋克的起源】 11:57 Jude Mihong首次提出了Cypherpunk,之后Tim May发布密码朋克宣言 14:43 密码朋克们从多种维度展开了研究:包括理论和算法程序 17:21 非对称加密的原型出现,并很快得到了发展 21:09 Zimmermann试图把软件代码写成一本书,用出版书的方式进行技术传播 24:18 开源运动的兴起和软件的商业化也推动着密码朋克运动成为一种新思潮 【关于“朋克”精神的解读】 28:07 朋克音乐和密码朋克的主线发展有很多重合之处 32:23 朋克是一种旗帜和文化现象,更是一种精神内核 34:59 加密朋克圈子里大家的意识形态也并不是完全统一的,甚至出现了非常激进的做法 37:22 在密码朋克们的努力下,加密技术打破了国界墙 40:02 硅谷的极客氛围让密码朋克圈中的很多人也都聚集于此 【“密码朋克”与加密货币关系】 41:36 密码朋克不是描述某个人,而更像是一面从密码学衍生出来的精神旗帜 45:13 密码朋克们对于密码学的经济效益不是很重视,Tim May把ICO浪潮视为“郁金香炒作” 48:41 使用比特币的人决定了它的属性是什么样的 51:09 对财富的追求是很多人进入加密社区的驱动力,但目前大家忽视了密码学真正要去解决的底层问题 【密码学中的精神内核】 54:04 Hal Finney:比特币先驱人物,后来因病去世后,选择冷冻自己的遗体 55:33 “志愿精神“也是密码朋克很重要的精神内核之一,所以密码学领域的论文作者署名都按姓氏首字母排序 61:02 密码朋克做的事情来自于人类本性中的爱 68:47 连线杂志记者Andy Greenberg数十年对比特币的报道也是加密精神的一种体现 70:38 Cypherpunk运动的真正核心是对乌托邦的向往 72:08 加密精神不能成为一种打压别人或者敛财的工具,而更需要回归真和善的初心 【信息拓展】 1. 节目中提到的相关主要人物: Jude Milhon:一位黑客兼密码学作家,1992年首次创造cypherpunk这个词将与密码学技术相关的cypher(密码)与punk(朋克)合成,意思是“密码学反叛者”。 Tim May:美国物理学家,英特尔前员工。密码朋克邮件列表的发起者之一。 Martin Hellman以及Whitfield Diffle:密码技术专家,在1976年提出了一种全新的非对称加密技术,共同撰写首部公开的公钥密码学著作《密码学的新方向》,在密码学发展史上有重要意义。 Phil Zimmermann:计算机科学家、发明家与企业家,为PGP(Pretty Good Privacy)邮件加密软件的开创者。PGP 于1991年免费发布。由于PGP在世界范围的传播违反了美国政府关于加密软件的出口限制,Zimmermann受到了为期三年刑事调查。 Eric Hughes:加利福尼亚大学伯克利分校数学家,Cypherpunks 发起人之一。 S.Goldwasser:MIT电子工程和计算机科学的教授,密码学专家,零知识证明理论的提出者和奠基人之一。1985 年与S.Micali 及C.Rackoff共同发布论文《互动证明系统的知识复杂性》提出“零知识证明”概念。 Hal Finney:比特币先驱人物。最早支持比特币,并与中本聪完成第一笔比特币链上转账的密码学专业人士,在比特币问世两年多以后不幸罹患渐冻症而去世。 Andy Greenberg:《连线》杂志的资深撰稿人,主要撰写内容涉及黑客、加密货币、网络安全和监控。 2.《Crypto Wars》:作者Craig Javis,该书描述了从20世纪70年代开始加密技术的发展历史和重要历史事件。 【补充阅读】 02:18 原语里弄网站 https://www.primitiveslane.org/ 02:56 寻找密码朋克(一):奥古斯特·柯克霍夫传 https://www.primitiveslane.org/post/augustekerckhoffs 06:43 Tim May 采访 https://www.coindesk.com/markets/2018/10/19/enough-with-the-ico-me-so-horny-get-rich-quick-lambo-crypto/ 12:43 The Cyphernomicon https://nakamotoinstitute.org/library/cyphernomicon 12:54 【更正:作者是 Eric Hughes】A Cypherpunk's Manifesto https://www.activism.net/cypherpunk/manifesto.html 13:41 提议的名字包括:Cryptographic Research Association, Cryptography Privacy 等,Tim May 还使用了一个更无趣的名字进一步解释—— Northern California Cryptography Hobbyists Association。 14:11 Wired 杂志对 Jude Milhon 的采访 https://www.wired.com/1995/02/st-jude/ 16:14 美国关于密码学出口的限制 https://en.wikipedia.org/wiki/ExportofcryptographyfromtheUnited_States 19:30 Hellman 和 NSA 的渊源 https://cryptome.org/hellman/hellman-nsa.htm 20:24 OpenPGP https://www.openpgp.org/about/ 21:18 Crypto Wars, Craig Jarvis https://www.routledge.com/Crypto-Wars-The-Fight-for-Privacy-in-the-Digital-Age-A-Political-History-of-Digital-Encryption/Jarvis/p/book/9780367642488 21:58 Philip Zimmermann 关于此书的介绍 https://philzimmermann.com/EN/essays/BookPreface.html 36:24 Phil Zimmermann 最近接受的采访 https://www.youtube.com/watch?v=dRFOtL0fbxg 40:30 Homebrew Computer Club 45:30 Tim May 采访 https://www.coindesk.com/markets/2018/10/19/enough-with-the-ico-me-so-horny-get-rich-quick-lambo-crypto/ 47:16 戴维生平 https://mp.weixin.qq.com/s?src=11×tamp=1710898050&ver=5149&signature=8eZ1LxNbb6LYkRwOCBZxGf6Siam6TObTa1uQDeeYAS7pPjM8l9sN1WfuT*qjmglhfuF8GCEMru1fueH108-K9kz-3vCK5KQ9goSqiTUfTw47ve3GvAlrZr6N8Mgqz7&new=1 54:26 Running Bitcoin https://x.com/halfin/status/1110302988?s=20 57:28 DES, Data Encryption Standard 58:10 DualECDRBG https://en.wikipedia.org/wiki/DualECDRBG 【后期】 AMEI 【BGM】 Mumbai — Ooyy 【Shownotes】 Juny 【在这里找到我们】 收听渠道:苹果|小宇宙 海外用户:Apple Podcast|Spotify|Google Podcast|Amazon Music 联系我们:podcast@sv101.net 本节目不构成任何投资建议,投资有风险,入市需谨慎
Jüngst titelte c't in einer großen Bestandsaufnahme etwas provokant: "So kaputt ist E-Mail!" Wir zählten all die Schwächen auf, die das Kommunikationsmedium auch nach 40 Jahren nicht los geworden ist. Dazu gehört, dass sich immer noch keine Methode durchgesetzt hat, um vertrauliche Inhalte via Mail Ende-zu-Ende-verschlüsselt von A nach B zu schicken. Klar, es gibt OpenPGP und S/MIME. Doch welcher Adressat nutzt das schon? Dabei ist das Bedürfnis groß: Berufgeheimnisträger wie Ärzte, Anwälte oder Journalisten sind darauf angewiesen, dass ihre Kommunikation von niemandem abgehört werden kann. Außerdem verlangt die Datenschutz-Grundverordnung (DSGVO) in Art. 32 geeignete technische und organisatorische Maßnahmen nach Stand der Technik, die die Verarbeitung von personenbezogenen Daten absichern. Dazu gehört eben explizit auch die Verschlüsselung. In Episode 103 des c't-Datenschutz-Podcasts beschäftigen sich Holger und Joerg mit dieser Problematik auf technischer und rechtlicher Ebene. Zur Vertiefung haben sie mit c't-Redakteur Sylvester Tremmel einen Experten eingeladen, der sich seit Jahren mit Verschlüsselungsmethoden in Mailclients und Messengern auseinandersetzt. Neben den technischen Grundlagen geht es um die rechtliche Einordnung. Joerg weist auf eine Forderung der Bremer Landesdatenschutzbehörde hin, die von Rechtsnwälten verlangt, Mails an Mandanten, Prozessgegner und Kollegen Ende-zu-Ende zu verschlüsseln. Die Runde fragt sich leicht verzweifelt, wie eine solche Forderung zustandekommt und wie sie realisiert werden könnte, obwohl die Adressaten oftmals vor verschlüsselten Mails wie der berühmte Ochs vorm Berg stehen. Die Ratlosigkeit steigt, als ein aktueller Gesetzentwurf aus dem Bundesdigitalministerium zur Sprache kommt: Die geplante Novelle des Gesetzes zum Datenschutz in der Telekommunikation und bei Telemedien (TTDSG) sieht vor, dass jeder E-Mail- und Messenger-Nutzer Ende-zu-Ende-Verschlüsselung beherrschen, aber nicht verpflichtend anwenden muss. Die Runde ist sich einig, dass noch viel Fortschritt bei der E-Mail nötig ist, um dieses Ziel zu realisieren. Sylvester und Holger sind sich einig: Wer bequem und dennoch abhörsicher kommunizieren will, greift derzeit am besten zu verschlüsselnden Messengern wie Signal.
Todos, o la amplia mayoría, sabemos lo que es un gestor de contraseñas: un programa o aplicación que se utiliza para almacenar contraseñas, además de otros datos, ayudándonos generalmente en su gestión y creación. Una de las mejores soluciones existentes para proteger todas nuestras cuentas de usuario sin tener que recordar las mil y una contraseñas diferentes que deberíamos manejar. Es por estas razones que estos servicios han proliferado de forma tan notable durante los últimos años diferenciándose, muchos de ellos, por rasgos que los hacen únicos respecto a la feroz competencia que los rodea. Algo que no es fácil de conseguir. ¿Un ejemplo? Passbolt. Passbolt podría ser un administrador de contraseñas más, sin nada especial. Pero tiene varios atributos, muy bien comunicados, que lo distinguen del resto y lo colocan en una posición favorable a la hora de ser escogido. ¿Por qué? Porque es un gestor de contraseñas gratuito (aunque también se encuentran disponibles opciones de pago) y de código abierto que permite a los miembros de un equipo almacenar y compartir credenciales de forma segura. Por citar los mismos ejemplos de los que hablan sus responsables, podemos compartir la contraseña wifi de la oficina, la contraseña del administrador del router o la contraseña de la cuenta de Twitter de la empresa. En Passbolt se preocupan mucho de resaltar estas cualidades porque, como bien dicen, gran parte de las soluciones para gestionar y administrar contraseñas "se centran en las necesidades personales", mientras que Passbolt "está diseñado principalmente para equipos y no para individuos; lo construimos teniendo en cuenta las necesidades de las pequeñas y medianas empresas". No obstante, también animan a usarlo de forma personal. A este principal atributo, Passbolt suma otros atractivos: opción de ejecutarlo en servidores propios, posibilidad de personalizarlo para servir a necesidades particulares, disponibilidad de API, empleo de estándares de seguridad abiertos, minuciosidad a la hora de construirlo y empleo de OpenPGP, el estándar de encriptación de correo electrónico más utilizado. https://tecnolitas.com/blog/instalar-un-gestor-de-contrasenas-passbolt/
Guest Matt Massicotte - Twitter @mattieChime Youtube Video: https://youtu.be/dc7x04Ao2xURelated Episodes Episode 130 - macOS by Tutorials with Sarah Reichelt Episode 89 - Cryptography with Marcin Krzyżanowski Episode 45 - Developer Community (Part 1) with Dave Verwer Related Links AnyCodable by FlightSchool An Introduction to ExtensionKit by Matt STTextView by Marcin Krzyzanowski Tree-sitter Short story about OpenPGP for iOS and OS X — ObjectivePGP by Marcin Krzyzanowski ExtensionKit - Apple Docs Mac App Store and investing engineering time BY Kaleidoscope SponsorsBushel - the macOS virtual machine app for developersI'm looking for beta testers! For developers who want to be rigorous and uncompromising in their app testing. You can set up your virtual machine for almost any configuration, from a fresh, factory reset of the Ventura beta all the way back to Big Sur. Test, simulate, roll back and debug apps and scripts however you need to without worrying about destroying your machine. If you want to be invited to our first TestFlight, or even if you just want updates on Bushel, sign up at the website, and we will get in touch with you.swiftpackageindex.com is the place to find Swift packages. over 5,000 packages indexed now, you'll find a package that can help. help you make better decisions about your dependencies. host DocC-based documentation for package authors. You can see how well maintained every package is, what platforms and Swift versions it's compatible with based on real-world build data, how many other dependencies it will bring in and much more. Unlike an open-source library, running an open-source website requires ongoing time for maintenance and supporting package authors in addition to the time we spend on new features. Our work is primarily funded by you - the Swift communityIf the site has helped you find a package, or if you want to support a community-run open-source project, please go to swiftpackageindex.com, look for the pink heart, and join over a hundred other people who support our work through GitHub sponsors.Open Source and Mac App Fear of dependencies What's the benefit of doing it in open source What kind of open source licenses are there How can you avoid your code being copied outside the license For a larger company what benefits do they get by open sourcing part of their code base? How does open sourcing work with iOS/mac apps and the App Store ExtensionKit What is ExtensionKit and how are you using it? How is it related to XPC How does something like this get installed and distributed How does Sandboxing relate to this What are some good candidates for using ExtensionKit Have you looked at the work iOS, watchOS, or tvOS? Social MediaEmailleo@brightdigit.comGitHub - @brightdigitTwitter BrightDigit - @brightdigitLeo - @leogdionLinkedInBrightDigitLeoInstagram - @brightdigitPatreon - empowerappshowCreditsMusic from https://filmmusic.io"Blippy Trance" by Kevin MacLeod (https://incompetech.com)License: CC BY (http://creativecommons.org/licenses/by/4.0/) ★ Support this podcast on Patreon ★
ProtonMail dünyanın en büyük şifrelenmiş e-posta servisidir. ProtonMail şifrelenmiş e-postalar sunar; bu da gönderen ve alıcı dışındakilerin e-postayı okumasını imkânsız hale getirir. -Wall Street Journal ProtonMail 1 milyondan fazla kullanıcısıyla dünyanın en büyük şifrelenmiş e-posta servisidir. Android için ProtonMail güvenli e-posta uygulaması PGP uçtan uca şifrelemesini sorunsuz bir şekilde entegre ederek mobil cihazınıza kullanımı kolay e-posta şifrelemesini getirir. ProtonMail ayrıca özelleştirilebilir kaydırma hareketleri ve e-postaların geçerlilik süresini belirleme olanağı gibi yenilikçi özellikler içeren modern bir kullanıcı arabirimi sağlar. 2013 yılında CERN bilim insanları tarafından kurulduğumuz günden beri çevrimiçi gizliliği koruma misyonumuz dünya çapındaki vatandaşlar tarafından destekleniyor. Mobil uygulamamız rekor kıran 550.000 $'lık bir bağış kampanyası ile mümkün hale geldi. ProtonMail uygulamasıyla artık siz de kendi ücretsiz ProtonMail e-posta hesabınızı oluşturabilir ve geleceğin güvenli e-postasını deneyimlemeye başlayabilirsiniz. Neden ProtonMail Kullanmalısınız? ¥ E-Postalarınızın özel kalmasını, üçüncü taraflarca ele geçirilemez veya ifşa edilemez olmasını sağlayın. ¥ OpenPGP uyumlu uçtan uca şifreleme sunar ¥ Kolay kullanımlı: şifreleme otomatik olarak yapılmaktadır ve bu işlem kullanıcıya tamamen görünmezdir ¥ Sıfır erişim: tüm mesajlar şifrelenmiş biçimde saklanır. ProtonMail dahi mesajlarınızı okuyamaz. ¥ Açık kaynaklı: ProtonMail'in şifrelemesi dünyanın dört bir yanındaki güvenlik uzmanlarının denetimine açıktır ¥ Ücretsiz: ProtonMail hilesiz-hurdasız %100 ücretsizdir. Projemizi beğendiyseniz bize bağışta bulunabilir veya hesabınızı ücretli bir plana yükseltebilirsiniz. ¥ İsviçre gizliliği ve tarafsızlığı: ProtonMail tamamen İsviçre'de, dünyanın en güçlü gizlilik yasalarının koruması altında barındırılmaktadır. ProtonMail uygulaması ile şunları yapabilirsiniz: ¥ Otomatik PGP anahtar oluşturma ve yönetimi ile yeni bir protonmail.com e-posta adresi oluşturma ¥ Şifreli e-postalar ve ekleri otomatik olarak gönderme ve alma ¥ Gönderildikten sonra kendiliğinden yok olan iletiler için zamanlayıcı ayarlama ¥ Özelleştirilebilen hızlı kaydırma hareketleri ve etiketlerle e-postalarınızı hızlı bir şekilde organize etme ¥ Yeni e-postalar için anlık bildirim alma ¥ ProtonMail kullanmayan e-posta adreslerine de şifre korumalı e-postalar gönderme What's new: * General stability improvements. uygulamayı indirmek isterseniz engelsizandroid arşiv botuna bekleriz: https://t.me/engelsizandroidarsiv_bot
Il tennista rifiutato inizialmente dall'Australia dichiara di avere le carte in regola. Alla dogana pero' il suo braccio destro presenta un documento diverso. Un progettista di blockchain propone di notarizzare le ricette mediche.E' una buona idea ?Valutiamo insieme.Sfoglia le fonti citate nel podcast su: www.caffe20.it/link e cerca blockchain e segui le news su www.lexchain.it e seguici su https://t.me/+TmsgTZmE6FffI1k6=*_*=Caffe20.it il podcast: - Linkografia: www.caffe20.it/link- Sito: www.caffe20.it/play- News: t.me/caffe20- Gruppo: t.me/caffe20group- Alexa: apri caffè due punto zero- Contatti: info@caffe20.it- Telefono: 02 4548 9591Supporta con domande e con donazioni !- www.caffe20.it/sostenitori=*_*= ADV:COOKIEIl KIT è arrivato su: www.cookiekit.it/ondemandLe LIVE continuano su: www.cookiekit.it/liveGratis ogni giorno: privacykit.it/podcast e privacykit.i/rssPRIVACYGDPR: Le basi operative, su Udemy: www.caffe20.it/corsi/privacyPASSWORDGestirle facilmente: www.caffe20.it/corsi/passwordINFLUENCERDiritto d'autore e strategie legali: www.caffe20.it/corsi/influencerPODCASTINGDiventa podcaster registrando: www.caffe20.it/corsiECOMMERCERaccogli gli ordini, evadili in automatico, prepara la bozza di fattura elettronica: www.fatturami.itRECENSIONI FALSEDifenditi dalle Fake Reviews: www.civile.it/internet/visual.php?num=95680BLOCKCHAINLibro su Bitcoin e Blockchain: prenotalo senza impegno scrivendo info@legalkit.it o t.me/iusondemand indicando il prezzo che lo pagheresti. Vale fino al 30.11.2021ACCESSIBILITA' e USABILITA' DIGITALIControlla l'usabilità e gli aspetti legali di sito, app e assistenti: www.Controllosito.itCHI E' SPATARO VALENTINO ?Sviluppatore dal 1984 e giurista dal 1995. Privacy e sviluppo servizi online.=*_*=... e condividi caffe20.it con gli amici !
Добрый день уважаемые слушатели. Представляем новый выпуск подкаста RWpod. В этом выпуске: Ruby GitHub Processes 2.8 Billion API Requests Per Day… with Ruby (notes) Ruby 3.1 adds Enumerable#compact and Enumerator::Lazy#compact Rails 7 provides context when logging unpermitted parameters AnyCable Goes Pro: Fast WebSockets for Ruby, at scale The Best Ruby Blogs Rhizome - a JIT for Ruby, implemented in pure Ruby ActiveAnalytics - first-party, privacy-focused traffic analytics for Ruby on Rails applications Web Next.js 11 Benchmarking JavaScript Memory Usage Embedding Vue.js Apps in Go The pain and aguish of using IndexedDB: problems, bugs and oddities OpenPGP.js - OpenPGP JavaScript Implementation SwiftLaTeX - a WYSIWYG Browser-based LaTeX Editor Div.js - a framework for the HTML programming language Illustrated guide to Apache Kafka RWpod Cafe 23 (03.07.2021) Сбор и голосование за темы новостей
Puntata pro per chi usa pgp e thunderbird: non funzionano due email per la stessa coppia di chiavi. Quindi ? Come organizzare le nostre chiavi crittografiche e le nostre email ?Puntata per utenti pro !
Shownotes: Bottlerocket: https://aws.amazon.com/about-aws/whats-new/2020/08/announcing-general-availability-of-bottlerocket Windows as a rolling release: https://ubuntupodcast.org/2020/08/27/s13e23-horseshoe LPC Rust in kernel: https://program.linuxplumbersconf.org/event/7/contributions/804/attachments/641/1168/barriers-to-in-tree-rust.pdf Redox OS: https://www.redox-os.org FC33: https://fedoramagazine.org/btrfs-coming-to-fedora-33 Linux kernel history report: https://www.linuxfoundation.org/resources/publications/2020-kernel-history-report Thunderbird 78 with OpenPGP: https://wiki.mozilla.org/Thunderbird:OpenPGP:2020 Python Software Foundation: https://www.python.org/psf Rust project website: https://www.rust-lang.org ISO C working group: http://www.open-std.org/jtc1/sc22/wg14 ISO C++ standard: https://isocpp.org Rust @ Microsoft: https://www.youtube.com/watch?v=NQBVUjdkLAA Rainbow escort: https://www.etsy.com/de/market/rainbow_escort_card
I was giving a talk at DefCon one year and this guy starts grilling me at the end of the talk about the techniques Apple was using to encrypt home directories at the time with new technology called Filevault. It went on a bit, so I did that thing you sometimes have to do when it's time to get off stage and told him we'd chat after. And of course he came up - and I realized he was really getting at the mechanism used to decrypt and the black box around decryption. He knew way more than I did about encryption so I asked him who he was. When he told me, I was stunned. Turns out that like me, he enjoyed listening to A Prairie Home Companion. And on that show, Garrison Keillor would occasionally talk about Ralph's Pretty Good Grocery in a typical Minnesota hometown he'd made up for himself called Lake Wobegon. Zimmerman liked the name and so called his new encryption tool PGP, short for Pretty Good Privacy. It was originally written to encrypt messages being sent to bulletin boards. That original tool didn't require any special license, provided it wasn't being used commercially. And today, much to the chagrin of the US government at the time, it's been used all over the world to encrypt emails, text files, text messages, directories, and even disks. But we'll get to that in a bit. Zimmerman had worked for the Nuclear Weapons Freeze Campaign in the 80s after getting a degree in computer science fro Florida Atlantic University in 1978. And after seeing the government infiltrate organizations organizing Vietnam protests, he wanted to protect the increasingly electronic communications of anti-nuclear protests and activities. The world was just beginning to wake up to a globally connected Internet. And the ARPAnet had originally been established by the military industrial complex, so it was understandable that he'd want to keep messages private that just happened to be flowing over a communications medium that many in the defense industry knew well. So he started developing his own encryption algorithm called BassOmatic in 1988. That cipher used symmetric keys with control bits and pseudorandom number generation as a seed - resulting in 8 permutation tables. He named BassOmatic after a Saturday Night Live skit. I like him more and more. He'd replace BassOmatic with IDEA in version 2 in 1992. And thus began the web of trust, which survives to this day in PGP, OpenPGP, and GnuPG. Here, a message is considered authentic based on it being bound to a public key - one that is issued in a decentralized model where a certificate authority issues a public and private key where messages can only be encrypted or signed with the private key and back then you would show your ID to someone at a key signing event or party in order to get a key. Public keys could then be used to check that the individual you thought was the signer really is. Once verified then a separate key could be used to encrypt messages between the parties. But by then, there was a problem. The US government began a criminal investigation against Zimmerman in 1993. You see, the encryption used in PGP was too good. Anything over a 40 bit encryption key was subject to US export regulations as a munition. Remember, the Cold War. Because PGP used 128 bit keys at a minimum. So Zimmerman did something that the government wasn't expecting. Something that would make him a legend. He went to MIT Press and published the PGP source code in a physical book. Now, you could OCR the software, run it through a compiler. Suddenly, his code was protected as an exportable book by the First Amendment. The government dropped the investigation and found something better to do with their time. And from then on, source code for cryptographic software became an enabler of free speech, which has been held up repeatedly in the appellate courts. So 1996 comes along and PGP 3 is finally available. This is when Zimmerman founds PGP as a company so they could focus on PGP full-time. Due to a merger with Viacrypt they jumped to PGP 5 in 1997. Towards the end of 1997 Network Associates acquired PGP and they expanded to add things like intrusion detection, full disk encryption, and even firewalls. Under Network Associates they stopped publishing their source code and Zimmerman left in 2001. Network Associates couldn't really find the right paradigm and so merged some products together and what was PGP commandline ended up becoming McAfee E-Business Server in 2013. But by 2002 PGP Corporation was born out of a few employees securing funding from Rob Theis to help start the company and buy the rest of the PGP assets from Network Associates. They managed to grow it enough to sell it for $300 million to Symantec and PGP lives on to this day. But I never felt like they were in it just for the money. The money came from a centralized policy server that could do things like escrow keys. But for that core feature of encrypting emails and later disks, I really always felt like they wanted a lot of that free. And you can buy Symantec Encryption Desktop and command it from a server, S/MIME and OpenPGP live on in ways that real humans can encrypt their communications, some of which in areas where their messages might get them thrown in jail. By the mid-90s, mail wasn't just about the text in a message. It was more. RFC934 in 1985 had started the idea of encapsulating messages so you could get metadata. RFC 1521 in 1993 formalized MIME and by 1996, MIME was getting really mature in RFC2045. But by 1999 we wanted more and so S/MIME went out as RFC 2633. Here, we could use CMS to “cryptographically enhance” a MIME body. In other words, we could suddenly encrypt more than the text of an email and it since it was an accepted internet standard, it could be encrypted and decrypted with standard mail clients rather than just with a PGP client that didn't have all the bells and whistles of pretty email clients. That included signing information, which by 2004 would evolve to include attributes for things like singingTime, SMIMECapabilities, algorithms and more. Today, iOS can use S/MIME and keys can be stored in Exchange or Office 365 and that's compatible with any other mail client that has S/MIME support, making it easier than ever to get certificates, sign messages, and encrypt messages. Much of what PGP was meant for is also available in OpenPGP. OpenPGP is defined by the OpenPGP Working Group and you can see the names of some of these guardians of privacy in RFC 4880 from 2007. Names like J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. Despite the corporate acquisitions, the money, the reprioritization of projects, these people saw fit to put powerful encryption into the hands of real humans and once that pandoras box had been opened and the first amendment was protecting that encryption as free speech, to keep it that way. Use Apple Mail, GPGTools puts all of this in your hands. Use Android, get FairEmail. Use Windows, grab EverDesk. This specific entry felt a little timely. Occasionally I hear senators tell companies they need to leave backdoors in products so the government can decrypt messages. And a terrorist forces us to rethink that basic idea of whether software that enables encryption is protected by freedom of speech. Or we choose to attempt to ban a company like WeChat, testing whether foreign entities who publish encryption software are also protected. Especially when you consider whether Tencent is harvesting user data or if the idea they are doing that is propaganda. For now, US courts have halted a ban on WeChat. Whether it lasts is one of the more intriguing things I'm personally watching these days, despite whatever partisan rhetoric gets spewed from either side of the isle, simply for the refinement to the legal interpretation that to me began back in 1993. After over 25 years we still continue to evolve our understanding of what truly open and peer reviewed cryptography being in the hands of all of us actually means to society. The inspiration for this episode was a debate I got into about whether the framers of the US Constitution would have considered encryption, especially in the form of open source public and private key encryption, to be free speech. And it's worth mentioning that Washington, Franklin, Hamilton, Adams, and Madison all used ciphers to keep their communications private. And for good reason as they knew what could happen should their communications be leaked, given that Franklin had actually leaked private communications when he was the postmaster general. Jefferson even developed his own wheel cipher, which was similar to the one the US army used in 1922. It comes down to privacy. The Constitution does not specifically call out privacy; however, the first Amendment guarantees the privacy of belief, the third, the privacy of home, the fourth, privacy against unreasonable search and the fifth, privacy of of personal information in the form of the privilege against self-incrimination. And giving away a private key is potentially self-incrimination. Further, the ninth Amendment has broadly been defined as the protection of privacy. So yes, it is safe to assume they would have supported the transmission of encrypted information and therefore the cipher used to encrypt to be a freedom. Arguably the contents of our phones are synonymous with the contents of our homes though - and if you can have a warrant for one, you could have a warrant for both. Difference is you have to physically come to my home to search it - whereas a foreign government with the same keys might be able to decrypt other data. Potentially without someone knowing what happened. The Electronic Communications Privacy Act of 1986 helped with protections but with more and more data residing in the cloud - or as with our mobile devices synchronized with the cloud, and with the intermingling of potentially harmful data about people around the globe potentially residing (or potentially being analyzed) by people in countries that might not share the same ethics, it's becoming increasingly difficult to know what is the difference between keeping our information private, which the framers would likely have supported and keeping people safe. Jurisprudence has never kept up with the speed of technological progress, but I'm pretty sure that Jefferson would have liked to have shared a glass of his favorite drink, wine, with Zimmerman. Just as I'm pretty sure I'd like to share a glass of wine with either of them. At Defcon or elsewhere!
Unfettered Freedom is a video podcast that focuses on news and topics about GNU/Linux, free software and open source software. On this freedom-packed episode:0:00 - Intro02:00 - Blender 2.90 is an impressive release.06:54 - Thunderbird now has OpenPGP.10:06 - Open source 2FA application.14:12 - Arch Wiki's "List of Applications" page.16:57 - Hurricane Laura, the loss of power, and lessons learned.31:05 - Outro and a THANK YOU to the patrons!REFERENCED:► https://www.blender.org/download/releases/2-90/► https://9to5linux.com/thunderbird-email-client-now-ships-with-openpgp-support-enabled-by-default► https://fosspost.org/two-factor-authentication-open-source/► https://wiki.archlinux.org/index.php/List_of_applications► https://en.wikipedia.org/wiki/Hurricane_LauraAUDIO VERSION OF THIS PODCAST:https://www.buzzsprout.com/1263722/https://open.spotify.com/show/2dWHD35...https://podcasts.apple.com/us/podcast...RSS FEED FOR UNFETTERED FREEDOM:https://feeds.buzzsprout.com/1263722.rssMUSIC ATTRIBUTION:"Key To Your Heart" by The Mini Vandals (from the YT Audio Library)CREATIVE COMMONS LICENSE:This video is licensed with a Creative Commons CC BY license. By marking this original video with a Creative Commons license, I am granting the community the right to reuse and edit that video. Freedom, baby!WANT TO SUPPORT THE CHANNEL?
Disclaimer: I'm not at my best today since been feeling a bit sick. I focused on bringing the episode out, so sorry for this weeks poor quality. This week Daniel and David talk about the code review of the SPN cryptography module. The auditor is Cure53 who already has reviewed big players in the scene, such as Bitwarden, Mullvad or OpenPGP. First hints of the result are also included. Enjoy the listen. Links - Auditor: Cure53 - https://cure53.de/ - Nadim Kobeissi - https://twitter.com/kaepora - Formal verification software by Nadim: https://verifpal.com/ - Our Crypto Library: Jess - https://github.com/safing/jess Participate What could we do better? Let us know how we can improve our podcast on reddit: - r/safing: https://reddit.com/r/safing Daniels Handles - https://twitter.com/dehaavi/ - https://github.com/dhaavi/ - https://reddit.com/user/dhaavi Davids Handles - https://twitter.com/davegson/ - https://github.com/davegson/ - https://reddit.com/u/davegson/
Leo Laporte answers Ruchie's question about email encryption and whether email attachments also get encrypted.OpenPGP: https://www.openpgp.orgGnuPG: https://gnupg.orgGpg4win: https://gpg4win.orgGPG Suite: https://gpgtools.org Host: Leo Laporte Download or subscribe to this show at https://twit.tv/shows/ask-the-tech-guy Sponsor: LastPass.com/twit
NVIDIA joins the Blender foundation, a new cybersecurity alliance is launched to better integrate security products, Thunderbird makes plans for official OpenPGP support, and some mixed news for console enthusiasts.
We reveal our secrets for bridging networks with WireGuard and Linux-powered networking. Plus the future of OpenPGP in Thunderbird, a disappointing update for the Atari VCS, and a shiny new Spotify client for your terminal. Special Guest: Martin Wimpress.
NVIDIA joins the Blender foundation, a new cybersecurity alliance is launched to better integrate security products, Thunderbird makes plans for official OpenPGP support, and some mixed news for console enthusiasts.
Llegó el café informativo de sysarmy. Noticias del mundo Linux, Administración de sistemas y DevOps, mezclado con novedades sobre eventos, meetups, etc. == Pedí tus remeras y merchandising de sysarmy == remeras[at]sysarmy.com.ar == Búsquedas laborales == Despegar: DBA https://despegar.avature.net/oportunidades/JobDetail?jobId=4541 JAVA JR/SSR/SR https://despegar.avature.net/oportunidades/JobDetail?jobId=1579 Medallia: Site Reliability Engineer (LInux, Scripting, Kubernetes) - http://bit.ly/2Yh5Weg Mulesoft: Devops Engineer (AWS, Saltstack, Scripting) http://bit.ly/2WmZuO1 Elementum: Software Engineer - Back End (JAVA, Experiencia en REST APIs y Microservicios) http://bit.ly/2Xrevzt Avature: Developers (mobile - PHP - Java) http://bit.ly/2HTeJKz == En este episodio == Noticias, polémicas (como debe ser), robos, se cayó cloudflare y todos entraron en pánico, hackeos a la NASA, información sobre el gran apagón en Argentina, libros que desaparecen en el Store de Microsoft, de todo. == Mencionados en este episodio == Ex-Microsoft dev used test account to swipe $10m: https://www.theregister.co.uk/2019/07/17/exmicrosoft_engineer_arrested_fraud/ Introducing the face of the new £50 note: https://www.bankofengland.co.uk/banknotes/50-pound-note-nominations Cloudflare outage on July 2, 2019 : https://blog.cloudflare.com/details-of-the-cloudflare-outage-on-july-2-2019/ https://blog.cloudflare.com/cloudflare-outage/ WHO’S LISTENING WHEN YOU TALK TO YOUR GOOGLE ASSISTANT?: https://www.wired.com/story/whos-listening-talk-google-assistant/ Amazon CloudFront Edge Location in Argentina: https://aws.amazon.com/es/blogs/aws-spanish/aws-announces-amazon-cloudfront-edge-location-in-argentina/?sc_channel=sm&sc_campaign=AWS_LATAM&sc_publisher=TWITTER&sc_country=LATAM&sc_geo=LATAM&sc_outcome=awareness&trkCampaign=launches_latam&trk=27June19_launches_latam_tw_es_AmazonCloudFrontEdge_TWITTER&sc_content=lp_launches_latam_tw_es_AmazonCloudFrontEdge&sc_category=Amazon+CloudFront&linkId=69630083 Varias vulnrabilidades en zoom: https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 British Airways faces record £183m fine for data breach: https://www.bbc.com/news/business-48905907 Municipio con criptomonedas: https://www.cronista.com/finanzasmercados/Un-municipio-lanza-su-criptomoneda-para-impulsar-el-consumo-y-ahorrar-impuestos-20190703-0031.html El co-creador de Wikipedia convoca a una huelga masiva en las redes sociales: https://www.infobae.com/america/tecno/2019/07/03/por-que-el-creador-de-wikipedia-convoca-a-una-huelga-masiva-en-las-redes-sociales/ Ebooks Purchased From Microsoft Will Be Deleted : https://gizmodo.com/ebooks-purchased-from-microsoft-will-be-deleted-this-mo-1836005672 Apagón en Argentina: https://econojournal.com.ar/2019/07/el-gobierno-responsabilizara-a-los-privados-por-el-historico-apagon/ https://blog.segu-info.com.ar/2019/06/apagon-en-argentina-blackout.html certificate spamming attack against two high-profile contributors in the OpenPGP: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f Linus vuelve a sus andadas: https://lkml.org/lkml/2019/6/14/127 Microsoft open-sources a linux kernel : https://twitter.com/andreasklinger/status/1144802782962167809?s=19 Warren Seine Jony Ive, iPhone designer, announces Apple departure: https://www.ft.com/content/947e557a-98a8-11e9-8cfb-30c211dcd229 Funding the Load Bearing Internet People: https://esr.gitlab.io/loadsharers/ http://esr.ibiblio.org/?p=8383 Why New York's Subway Still Uses OS/2.: https://news.slashdot.org/story/19/06/17/0345216/why-new-yorks-subway-still-uses-os2 Bill Gates Just Confessed His Greatest Ever Mistake: https://www.inc.com/chris-matyszczyk/bill-gates-just-confessed-his-greatest-ever-mistake-he-still-hasnt-got-over-it.html Hackers Used a Cheap Raspberry Pi Computer to Breach NASA: https://fortune.com/2019/06/20/hackers-raspberry-pi-computer-nasa/ Argentinian hacker Julio Ardita, aka El Griton, broke into several sites including NASA JPL.: https://www.clarin.com/sociedad/habla-hacker-argentino-puso-jaque-fbi_0_SkaeFh6gRKx.html WhatsApp sin Internet: Google lanzará un nuevo servicio: https://www.clarin.com/tecnologia/google-confirmo-lanzamiento-servicio-similar-whatsapp-conexion-internet_0_2PCjIIBj5.amp.html Genius said it used morse code to catch Google stealing lyrics: https://mashable.com/article/google-genius-steal-lyrics/ Amazon marca mas valiosa del mundo.: https://www.puromarketing.com/14/32229/amazon-marca-mas-valiosa-mundo-encima-apple-google.html == Eventos y meetups == Muestra del Museo de Informática == Organizaciones amigas == Museo de Informática: http://museodeinformatica.org.ar/ Museo de Informática en Facebook: https://goo.gl/TaASu3 == Encontranos en == Web: http://sysar.my Twitter: @sysarmy Facebook: https://goo.gl/tGcpcw IRC en Freenode: #sysarmy Youtube: https://youtube.com/c/SysarmyAr Ivoox: https://goo.gl/GtISQ9 Pocketcast: http://pca.st/D3H0 Playerfm: http://bit.ly/polemicaenvarplayerfm iTunes: https://goo.gl/Nrt22g Spotify: http://bit.ly/polemicaenvar == Conducen este episodio == Ariel Jolo: @ajolo Jorge Abreu: @ar_jorge1987 Regina Loustau: @Rhapsody_Girl Eduardo Casarero: @jedux == Colega invitado == Darío Nievas - @darionievas
It was another busy week in tech, but rest assured, the Technado crew had it covered. They tackled an OpenPGP attack, bricked Raspberry Pi 4's, Canonical’s GitHub hack, and the sale of an Instagram star’s used bath water. Then, Linux Training Architect Ross Brunson joined the team in studio to geek out on all things Linux.
It was another busy week in tech, but rest assured, the Technado crew had it covered. They tackled an OpenPGP attack, bricked Raspberry Pi 4's, Canonical’s GitHub hack, and the sale of an Instagram star’s used bath water. Then, Linux Training Architect Ross Brunson joined the team in studio to geek out on all things Linux.
It was another busy week in tech, but rest assured, the Technado crew had it covered. They tackled an OpenPGP attack, bricked Raspberry Pi 4's, Canonical’s GitHub hack, and the sale of an Instagram star’s used bath water. Then, Linux Training Architect Ross Brunson joined the team in studio to geek out on all things Linux.
It was another busy week in tech, but rest assured, the Technado crew had it covered. They tackled an OpenPGP attack, bricked Raspberry Pi 4's, Canonical’s GitHub hack, and the sale of an Instagram star’s used bath water. Then, Linux Training Architect Ross Brunson joined the team in studio to geek out on all things Linux.
It was another busy week in tech, but rest assured, the Technado crew had it covered. They tackled an OpenPGP attack, bricked Raspberry Pi 4's, Canonical’s GitHub hack, and the sale of an Instagram star’s used bath water. Then, Linux Training Architect Ross Brunson joined the team in studio to geek out on all things Linux.
It was another busy week in tech, but rest assured, the Technado crew had it covered. They tackled an OpenPGP attack, bricked Raspberry Pi 4's, Canonical’s GitHub hack, and the sale of an Instagram star’s used bath water. Then, Linux Training Architect Ross Brunson joined the team in studio to geek out on all things Linux.
Border agents in china are installing malware on phones, GnuPG has a serious problem, and Amazon saves your voice recordings indefinitely! All that coming up now on ThreatWire. #threatwire #hak5 Links:Support me on alternative platforms! https://snubsie.com/support https://www.youtube.com/shannonmorse -- subscribe to my new channel! ThreatWire is only possible because of our Patreon patrons! https://www.patreon.com/threatwire Links:https://www.nytimes.com/2019/07/02/technology/china-xinjiang-app.htmlhttps://www.vice.com/en_us/article/7xgame/at-chinese-border-tourists-forced-to-install-a-text-stealing-piece-of-malwarehttps://github.com/motherboardgithub/bxaqhttps://www.cnet.com/news/china-is-reportedly-scanning-tourists-phones-with-malware/ https://threatpost.com/pgp-ecosystem-targeted-in-poisoning-attacks/146240/https://www.vice.com/en_us/article/8xzj45/someone-is-spamming-and-breaking-a-core-component-of-pgps-ecosystemhttps://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275fhttps://dkg.fifthhorseman.net/blog/openpgp-certificate-flooding.html https://www.cnet.com/news/alexa-privacy-concerns-prompt-senator-to-seek-answers-from-amazon-ceo-jeff-bezos/https://www.cnet.com/news/amazon-alexa-keeps-your-data-with-no-expiration-date-and-shares-it-too/https://www.theverge.com/2019/7/3/20681423/amazon-alexa-echo-chris-coons-data-transcripts-recording-privacyhttps://www.cnet.com/how-to/you-can-finally-delete-most-of-your-amazon-echo-transcripts-heres-how/ -----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆Our Site → https://www.hak5.orgShop → https://www.hakshop.comSubscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1Support → https://www.patreon.com/threatwireContact Us → http://www.twitter.com/hak5Threat Wire RSS → https://shannonmorse.podbean.com/feed/Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999 Host: Shannon Morse → https://www.twitter.com/snubsHost: Darren Kitchen → https://www.twitter.com/hak5darrenHost: Mubix → http://www.twitter.com/mubix-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
En nuestro After Work de ciberseguridad de este lunes lo centramos en las ciudades secuestradas. Atlanta, Anchorage... y, por supuesto, Baltimore centrarán gran parte del debate de hoy en el que compartimos mesa con Mónica Valle y Pablo San Emeterio. Además, invitamos a Ignacio Solinís, el especialista en informática forense de OnRetrieval. Además, tendremos tiempo para hablar de la última hora de la red con OmniRAT, Silex y OpenPGP como protagonistas.
Mysterious signals from space? What’s happened to Google’s Larry Page? Plus, uTorrent Web, Apple’s stealing your movies, Ethereum is shit, and much, much more… Opening Audio: N/A NEW BOOK! THE SOVRYN UNIVERSE, VOL. 1 OUT NOW! Link: amzn.to/2MrvfEy The Foreplay:--The Sovryn Tech Newsletter (zog.email)...check your spam folders!!, the uTorrent Web (www.utorrent.com/utweb-index) (make sure you decline offers), OpenPGP keys being used for magnet links (bit.ly/2NimePv), Sovryn Tech Patreon flagged as adult (finally) (Resistence trailer), Google is shutting down Inbox (bit.ly/2xnxkHQ), the $2 billion homeless Bezos. Story of the Week:--“Mysterious Light Flashes Are Coming from Deep Space, and AI Just Found More of Them” Link: bit.ly/2OpeCHd This Week in Blockchain:--“Wal-Mart is Selling Bitcoin for $1” Link: tcrn.ch/2p01ugA --“THE PROBLEM(S) WITH ETHEREUM” Link: bit.ly/2NfJiOH Important Messages:--"Sovryn Tech Contact Form” Link: contact.zog.ninja--“Don’t Use Authy?” HackSec:--“Larry Page is Missing” Link: read.bi/2p8iWj6 GameTalk:--“Steam Gets Steamy Finally” Link: bit.ly/2xmHoAO --“Nintendo Direct 9/13” Wild Card:--“You Don’t Own That” Link: bit.ly/2Msunvl APPENDIX: --“Horizen” Link: www.horizen.global/ --"Surveillance Self-Defense" Link: ssd.eff.org/ --"RetroShare" Link: retroshare.net/--“Books of Liberty” Link: booksofliberty.com/--"Dark Android: 2017 Edition" Link: darkandroid.info-----------------------------------------------------------------------------------Make easy monthly donations through Patreon: patreon.com/sovryntech Donate with Crypto! BTC: 1AEiTkWiF8x6yjQbbhoU89vHHMrkzQ7o8d ZenCash Shielded (encrypted) Address: zceDc5yyR5wY5w9ArxhAvLxWz2gpKMESTzC3iwzASong3o4oVgqp1VkZU1eeMUobPW87TStRABqcfN3rPSErFwyFnU8AjJeZenCash Transparent (unencrypted) Address: znZCyUwzGt19KqhCVzeR5iiUG5CEjNoe1YpZcash Shielded (encrypted) Address: zcfUhN29ddFdtZ1iKvv6WFFXUB9nKWwL5kXvcrvhQuB2yMw6eabshv1CGN92kkbtRt1Ykf1k2266sJvZAQQUrhmpuCwXUDD Zcash Transparent (unencrypted) Address: t1ZAA33YYzPmm4Ks5aq13N4NJBjqqSypY8G Donate with PayPal! Link: donate.zog.ninja Donate with our Amazon Wish List! Link: wishlist.zog.ninja -----------------------------------------------------------------------------------You can e-mail the show at: bbs@sovryntech.com-----------------------------------------------------------------------------------You can also visit our IRC channel on Freenode: #SovNet Or just go to: irc.zog.ninja -----------------------------------------------------------------------------------sovryntech.com twitter.com/sovryntech
Mysterious signals from space? What’s happened to Google’s Larry Page? Plus, uTorrent Web, Apple’s stealing your movies, Ethereum is shit, and much, much more… Opening Audio: N/A NEW BOOK! THE SOVRYN UNIVERSE, VOL. 1 OUT NOW! Link: amzn.to/2MrvfEy The Foreplay:--The Sovryn Tech Newsletter (zog.email)...check your spam folders!!, the uTorrent Web (www.utorrent.com/utweb-index) (make sure you decline offers), OpenPGP keys being used for magnet links (bit.ly/2NimePv), Sovryn Tech Patreon flagged as adult (finally) (Resistence trailer), Google is shutting down Inbox (bit.ly/2xnxkHQ), the $2 billion homeless Bezos. Story of the Week:--“Mysterious Light Flashes Are Coming from Deep Space, and AI Just Found More of Them” Link: bit.ly/2OpeCHd This Week in Blockchain:--“Wal-Mart is Selling Bitcoin for $1” Link: tcrn.ch/2p01ugA --“THE PROBLEM(S) WITH ETHEREUM” Link: bit.ly/2NfJiOH Important Messages:--"Sovryn Tech Contact Form” Link: contact.zog.ninja--“Don’t Use Authy?” HackSec:--“Larry Page is Missing” Link: read.bi/2p8iWj6 GameTalk:--“Steam Gets Steamy Finally” Link: bit.ly/2xmHoAO --“Nintendo Direct 9/13” Wild Card:--“You Don’t Own That” Link: bit.ly/2Msunvl APPENDIX: --“Horizen” Link: www.horizen.global/ --"Surveillance Self-Defense" Link: ssd.eff.org/ --"RetroShare" Link: retroshare.net/--“Books of Liberty” Link: booksofliberty.com/--"Dark Android: 2017 Edition" Link: darkandroid.info-----------------------------------------------------------------------------------Make easy monthly donations through Patreon: patreon.com/sovryntech Donate with Crypto! BTC: 1AEiTkWiF8x6yjQbbhoU89vHHMrkzQ7o8d ZenCash Shielded (encrypted) Address: zceDc5yyR5wY5w9ArxhAvLxWz2gpKMESTzC3iwzASong3o4oVgqp1VkZU1eeMUobPW87TStRABqcfN3rPSErFwyFnU8AjJeZenCash Transparent (unencrypted) Address: znZCyUwzGt19KqhCVzeR5iiUG5CEjNoe1YpZcash Shielded (encrypted) Address: zcfUhN29ddFdtZ1iKvv6WFFXUB9nKWwL5kXvcrvhQuB2yMw6eabshv1CGN92kkbtRt1Ykf1k2266sJvZAQQUrhmpuCwXUDD Zcash Transparent (unencrypted) Address: t1ZAA33YYzPmm4Ks5aq13N4NJBjqqSypY8G Donate with PayPal! Link: donate.zog.ninja Donate with our Amazon Wish List! Link: wishlist.zog.ninja -----------------------------------------------------------------------------------You can e-mail the show at: bbs@sovryntech.com-----------------------------------------------------------------------------------You can also visit our IRC channel on Freenode: #SovNet Or just go to: irc.zog.ninja -----------------------------------------------------------------------------------sovryntech.com twitter.com/sovryntech
A kernel of failure, IPv6 fragmentation vulnerability in OpenBSD’s pf, a guide to the terminal, using a Yubikey for SSH public key authentication, FreeBSD desktop series, and more. ##Headlines ###A Kernel Of Failure - How IBM bet big on the microkernel being the next big thing in operating systems back in the ’90s—and spent billions with little to show for it. Today in Tedium: In the early 1990s, we had no idea where the computer industry was going, what the next generation would look like, or even what the driving factor would be. All the developers back then knew is that the operating systems available in server rooms or on desktop computers simply weren’t good enough, and that the next generation needed to be better—a lot better. This was easier said than done, but this problem for some reason seemed to rack the brains of one company more than any other: IBM. Throughout the decade, the company was associated with more overwrought thinking about operating systems than any other, with little to show for it in the end. The problem? It might have gotten caught up in kernel madness. Today’s Tedium explains IBM’s odd operating system fixation, and the belly flops it created. ###CVE-2019-5597IPv6 fragmentation vulnerability in OpenBSD Packet Filter Packet Filter is OpenBSD’s service for filtering network traffic and performing Network Address Translation. Packet Filter is also capable of normalizing and conditioning TCP/IP traffic, as well as providing bandwidth control and packet prioritization. Packet Filter has been a part of the GENERIC kernel since OpenBSD 5.0.Because other BSD variants import part of OpenBSD code, Packet Filter is also shipped with at least the following distributions that are affected in a lesser extent: FreeBSD, pfSense, OPNSense, Solaris. Note that other distributions may also contain Packet Filter but due to the imported version they might not be vulnerable. This advisory covers the latest OpenBSD’s Packet Filter. For specific details about other distributions, please refer to the advisory of the affected product. Kristof Provost, who maintains the port of pf in FreeBSD added a test for the vulnerability in FreeBSD head. ##News Roundup How I’m still not using GUIs in 2019: A guide to the terminal TL;DR: Here are my dotfiles. Use them and have fun. GUIs are bloatware. I’ve said it before. However, rather than just complaining about IDEs I’d like to provide an understandable guide to a much better alternative: the terminal. IDE stands for Integrated Development Environment. This might be an accurate term, but when it comes to a real integrated development environment, the terminal is a lot better. In this post, I’ll walk you through everything you need to start making your terminal a complete development environment: how to edit text efficiently, configure its appearance, run and combine a myriad of programs, and dynamically create, resize and close tabs and windows. Don’t forget rule number one. Whenever in doubt, read the manual. ###Using a Yubikey as smartcard for SSH public key authentication SSH is an awesome tool. Logging into other machines securely is so pervasive to us sysadmins nowadays that few of us think about what’s going on underneath. Even more so once you start using the more advanced features such as the ssh-agent, agent-forwarding and ProxyJump. When doing so, care must be taken in order to not compromise one’s logins or ssh keys. You might have heard of Yubikeys. These are USB authentication devices that support several different modes: they can be used for OTP (One Time Password) authentication, they can store OpenPGP keys, be a 2-factor authentication token and they can act as a SmartCard. In OpenBSD, you can use them for Login (with loginyubikey(8)) with OTP since 2012, and there are many descriptions available(1) how to set this up. ###The 18 Part FreeBSD Desktop Series by Vermaden FreeBSD Desktop – Part 1 – Simplified Boot FreeBSD Desktop – Part 2 – Install (FreeBSD 11) FreeBSD Desktop – Part 2.1 – Install FreeBSD 12 FreeBSD Desktop – Part 3 – X11 Window System FreeBSD Desktop – Part 4 – Key Components – Window Manager FreeBSD Desktop – Part 5 – Key Components – Status Bar FreeBSD Desktop – Part 6 – Key Components – Task Bar FreeBSD Desktop – Part 7 – Key Components – Wallpaper Handling FreeBSD Desktop – Part 8 – Key Components – Application Launcher FreeBSD Desktop – Part 9 – Key Components – Keyboard/Mouse Shortcuts FreeBSD Desktop – Part 10 – Key Components – Locking Solution FreeBSD Desktop – Part 11 – Key Components – Blue Light Spectrum Suppress FreeBSD Desktop – Part 12 – Configuration – Openbox FreeBSD Desktop – Part 13 – Configuration – Dzen2 FreeBSD Desktop – Part 14 – Configuration – Tint2 FreeBSD Desktop – Part 15 – Configuration – Fonts & Frameworks FreeBSD Desktop – Part 16 – Configuration – Pause Any Application FreeBSD Desktop – Part 17 – Automount Removable Media ##Beastie Bits Drist with persistent SSH ARPANET: Celebrating 50 Years Since “LO” Termtris - a tetris game for ANSI/VT220 terminals Poor Man’s CI - Hosted CI for BSD with shell scripting and duct tape Why I use the IBM Model M keyboard that is older than me? A privilege separated and sandboxed IPv6 Stateless Address AutoConfiguration Daemon Google-free Android Setup BSD Users Stockholm Meetup #6 ##Feedback/Questions Sijmen - Hi, and a Sunday afternoon toy project Clint - Tuning ZFS for NVME James - Show question Send questions, comments, show ideas/topics, or stories you want mentioned on the show to feedback@bsdnow.tv Your browser does not support the HTML5 video tag.
Show notes for Security Endeavors Headlines for Week 5 of 2019Check out our subreddit to discuss this week's headlines!InfoSec Week 6, 2019 (link to original Malgregator.com posting)The Zurich American Insurance Company says to Mondelez, a maker of consumer packaged goods, that the NotPetya ransomware attack was considered an act of cyber war and therefore not covered by their policy.According to Mondelez, its cyber insurance policy with Zurich specifically covered “all risks of physical loss or damage” and “all risk of physical loss or damage to electronic data, programs or software” due to “the malicious introduction of a machine code or instruction.” One would think that the language in the cyber insurance policy was specifically designed to be broad enough to protect Mondelez in the event of any kind of cyber attack or hack. And NotPetya would seem to fit the definition included in the cyber insurance policy – it was a bit of malicious code that effectively prevented Mondelez from getting its systems back up and running unless it paid out a hefty Bitcoin ransom to hackers.Originally, Zurich indicated that it might pay $10 million, or about 10 percent of the overall claim. But then Zurich stated that it wouldn't pay any of the claim by invoking a special “cyber war” clause. According to Zurich, it is not responsible for any payment of the claim if NotPetya was actually “a hostile or warlike action in time of peace or war.” According to Zurich, the NotPetya cyber attack originated with Russian hackers working directly with the Russian government to destabilize the Ukraine. This is what Zurich believes constitutes "cyber war."https://ridethelightning.senseient.com/2019/01/insurance-company-says-notpetya-is-an-act-of-war-refuses-to-pay.html Reuters reports that hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients. According to investigators at cyber security firm Recorded Future, the attack was part of what Western countries said in December is a global hacking campaign by China’s Ministry of State Security to steal intellectual property and corporate secrets. Visma took the decision to talk publicly about the breach to raise industry awareness about the hacking campaign, which is known as Cloudhopper and targets technology service and software providers in order reach their clients.https://www.reuters.com/article/us-china-cyber-norway-visma/china-hacked-norways-visma-to-steal-client-secrets-investigators-idUSKCN1PV141 A new vulnerability has been discovered in the upcoming 5G cellular mobile communications protocol. Researchers have described this new flaw as more severe than any of the previous vulnerabilities that affected the 3G and 4G standards.Further, besides 5G, this new vulnerability also impacts the older 3G and 4G protocols, providing surveillance tech vendors with a new flaw they can abuse to create next-gen IMSI-catchers that work across all modern telephony protocols.This new vulnerability has been detailed in a research paper named "New Privacy Threat on 3G, 4G, and Upcoming5G AKA Protocols," published last year.According to researchers, the vulnerability impacts AKA, which stands for Authentication and Key Agreement, a protocol that provides authentication between a user's phone and the cellular networks.The AKA protocol works by negotiating and establishing keys for encrypting the communications between a phone and the cellular network.Current IMSI-catcher devices target vulnerabilities in this protocol to downgrade AKA to a weaker state that allows the device to intercept mobile phone traffic metadata and track the location of mobile phones. The AKA version designed for the 5G protocol --also known as 5G-AKA-- was specifically designed to thwart IMSI-catchers, featuring a stronger authentication negotiation systemBut the vulnerability discovered last year allows surveillance tech vendors to create new models of IMSI-catchers hardware that, instead of intercepting mobile traffic metadata, will use this new vulnerability to reveal details about a user's mobile activity. This could include the number of sent and received texts and calls, allowing IMSI-catcher operators to create distinct profiles for each smartphone holder. https://www.zdnet.com/article/new-security-flaw-impacts-5g-4g-and-3g-telephony-protocols/ The Debian Project is recommending the upgrade of golang-1.8 packages after a vulnerability was discovered in the implementation of the P-521 and P-384 elliptic curves, which could result in denial of service and in some cases key recovery. In addition this update fixes two vulnerabilities in the “go get” command, which could result in the execution of arbitrary shell commands.https://www.debian.org/security/2019/dsa-4380 It is possible to trick user’s of the Evolution email application into trusting a phished mail via adding a forged UID to a OpenPGP key that has a previously trusted UID. It's because Evolution extrapolates the trust of one of OpenPGP key UIDs into the key itself. The attack is based on using the deficiency of Evolution UI when handling new identifiers on previously trusted keys to convince the user to trust a phishing attempt. More details about how the flaw works, along with examples are included in the article, which is linked in the show notes. Let’s take a minute to cover a bit of background on Trust Models and how validating identities work in OpenPGP and GnuPG:The commonly used OpenPGP trust models are UID-oriented. That is, they are based on establishing validity of individual UIDs associated with a particular key rather than the key as a whole. For example, in the Web-of-Trust model individuals certify the validity of UIDs they explicitly verified.Any new UID added to the key is appropriately initially untrusted. This is understandable since the key holder is capable of adding arbitrary UIDs to the key, and there is no guarantee that new UID will not actually be an attempt at forging somebody else's identity.OpenPGP signatures do not provide any connection between the signature and the UID of the sender. While technically the signature packet permits specifying UID, it is used only to facilitate finding the key, and is not guaranteed to be meaningful. Instead, only the signing key can be derived from the signature in cryptographically proven way.GnuPG (as of version 2.2.12) does not provide any method of associating the apparent UID against the signature. In other words, from e-mail's From header. Instead, only the signature itself is passed to GnuPG and its apparent trust is extrapolated from validity of different UIDs on the key. Another way to say this is that the signature is considered to be made with a trusted key if at least one of the UIDs has been verified.https://dev.gentoo.org/~mgorny/articles/evolution-uid-trust-extrapolation.html If you’re up for some heavy reading about manipulation and deceit being perpetrated by cyber criminals, it may be worth checking out a piece from buzzfeednews. It tells a woeful and dark tale that does not have a happy ending. A small excerpt reads: “As the tools of online identity curation proliferate and grow more sophisticated, so do the avenues for deception. Everyone’s familiar with the little lies — a touch-up on Instagram or a stolen idea on Twitter. But what about the big ones? Whom could you defraud, trick, ruin, by presenting false information, or information falsely gained? An infinite number of individual claims to truth presents itself. How can you ever know, really know, that any piece of information you see on a screen is true? Some will find this disorienting, terrifying, paralyzing. Others will feel at home in it. Islam and Woody existed purely in this new world of lies and manufactured reality, where nothing is as it seems.”https://www.buzzfeednews.com/article/josephbernstein/tomi-masters-down-the-rabbit-hole-i-go Security researchers were assaulted by a casino technology vendor Atrient after responsibly disclosed critical vulnerabilities to them. Following a serious vulnerability disclosure affecting casinos globally, an executive of one casino technology vendor Atrient has allegedly assaulted the security researcher who disclosed the vulnerability at the ICE conference in London. The article covers the story of a vulnerability disclosure gone bad, one involving the FBI, a vendor with a global customer base of casinos and a severe security vulnerability which has gone unresolved for four months without being properly addressed.https://www.secjuice.com/security-researcher-assaulted-ice-atrient/ Article 13, the new European Union copyright law is back and it got worse, not better. In the Franco-German deal, Article 13 would apply to all for-profit platforms. Upload filters must be installed by everyone except those services which fit all three of the following extremely narrow criteria:Available to the public for less than 3 yearsAnnual turnover below €10 millionFewer than 5 million unique monthly visitorsCountless apps and sites that do not meet all these criteria would need to install upload filters, burdening their users and operators, even when copyright infringement is not at all currently a problem for them.https://juliareda.eu/2019/02/article-13-worse/ Researchers from Google Project Zero evaluated Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS. There are bypasses possible, but the conclusion says it is still a worthwhile exploitation mitigation technique.Among the most exciting security features introduced with ARMv8.3-A is Pointer Authentication, a feature where the upper bits of a pointer are used to store a Pointer Authentication Code (PAC), which is essentially a cryptographic signature on the pointer value and some additional context. Special instructions have been introduced to add an authentication code to a pointer and to verify an authenticated pointer's PAC and restore the original pointer value. This gives the system a way to make cryptographically strong guarantees about the likelihood that certain pointers have been tampered with by attackers, which offers the possibility of greatly improving application security.There’s a Qualcomm white paper which explains how ARMv8.3 Pointer Authentication was designed to provide some protection even against attackers with arbitrary memory read or arbitrary memory write capabilities. It's important to understand the limitations of the design under the attack model the author describes: a kernel attacker who already has read/write and is looking to execute arbitrary code by forging PACs on kernel pointers.Looking at the specification, the author identifies three potential weaknesses in the design when protecting against kernel attackers with read/write access: reading the PAC keys from memory, signing kernel pointers in userspace, and signing A-key pointers using the B-key (or vice versa). The full article discusses each in turn.https://googleprojectzero.blogspot.com/2019/02/examining-pointer-authentication-on.html There is a dangerous, remote code execution flaw in the LibreOffice and OpenOffice software. While in the past there have been well documented instances where opening a document would result in the executing of malicious code in paid office suites. This time LibreOffice and Apache’s OpenOffice are the susceptible suites. The attack relies on exploiting a directory traversal flaw, identified as CVE-2018-16858, to automatically execute a specific python library bundled within the software using a hidden onmouseover event.To exploit this vulnerability, the researcher created an ODT file with a white-colored hyperlink (so it can't be seen) that has an "onmouseover" event to trick victims into executing a locally available python file on their system when placing their mouse anywhere on the invisible hyperlink.According to the researcher, the python file, named "pydoc.py," that comes included with the LibreOffice's own Python interpreter accepts arbitrary commands in one of its parameters and execute them through the system's command line or console.https://thehackernews.com/2019/02/hacking-libreoffice-openoffice.html Nadim Kobeissi is discontinuing his secure online chat Cryptocat. The service began in 2011 as an experiment in making secure messaging more accessible. In the eight ensuing years, Cryptocat served hundreds of thousands of users and developed a great story to tell. The former maintainer explains on the project’s website that other life events have come up and there’s no longer available time to maintain things. The coder says that Cryptocat users deserve a maintained secure messenger, recommends Wire.The Cryptocat source code is still published on GitHub under the GPL version 3 license and has put the crypto.cat domain name up for sale, and thanks the users for the support during Cryptocat's lifetime.https://twitter.com/i/web/status/1092712064634753024 Malware For Humans is a conversation-led, independent documentary about fake news, big data, electoral interference, and hybrid warfare. Presented by James Patrick, a retired police officer, intelligence analyst, and writer, Malware For Humans covers the Brexit and Trump votes, the Cambridge Analytica scandal, Russian hybrid warfare, and disinformation or fake news campaigns.Malware For Humans explains a complex assault on democracies in plain language, from hacking computers to hacking the human mind, and highlights the hypocrisy of the structure of intelligence agencies, warfare contractors, and the media in doing so. Based on two years of extensive research on and offline, Malware For Humans brings the world of electoral interference into the light and shows that we are going to be vulnerable for the long term in a borderless, online frontier. A complete audio companion is available as a separate podcast, which can be found on iTunes and Spotify as part of The Fall series and is available for free, without advertisements.https://www.byline.com/column/67/article/2412 Security Endeavors Headlines is produced by SciaticNerd & Security Endeavors with the hope that it provides value to the wider security community. Some sources adapted for on-air readability.Special thanks to our friends at malgregator dot com, who allow us to use their compiled headlines to contribute to show’s content. Visit them at Malgregator.com. Additional supporting sources are also be included in our show notesWhy not start a conversation about the stories from this week on our Subreddit at reddit.com/r/SEHLMore information about the podcast is available at SecurityEndeavors.com/SEHL Thanks for listening and we'll see you next week!
Hernani Marques on Pretty Easy Privacy On this episode I'm joined by Hernani Marques, a hacker and member of the pEp Foundation, talking about Pretty Easy Privacy, a concerted attempt to make adoption of end-to-end email encryption easier and more ubiquitous through automation of key-making and management through partnering with programs like Outlook and Thunderbird. To learn more about pEp, check out the foundation's website and follow or get in touch with Hernani via their website, vecirex.net. - pEp.foundation (Core technology & community entity of pEp) - pEp.software (All usable pEp software, commercial and not, and all Free Software) - gnunet.org (P2P framework for secure decentralized applications, including - for pEp - messaging) - sequoia-pgp.org (new OpenPGP library from former GnuPG devs) Reach Out If you have a topic or guest suggestion for Error451, find us via our contact page on our website and drop us a line. To hear past episodes of the podcast, click the link in these shownotes or find them up at our website or in our podcast feed. Subscribing to our show is free and easy. Support You can also support TFSR/Error451 monetarily. Featured Track Suspect Device by Stiff Little Fingers off of State of Emergency
16.06.2018 BSidesKharkiv https://kharkiv.securitybsides.org.ua/ 07.06.2018 OWASP Odesa https://www.facebook.com/events/2104923576405410/ 07.07.2018 BSidesOdessa https://odessa.securitybsides.org.ua/ Kostiantyn Korsun про NoNameCon https://www.facebook.com/kostiantyn.korsun/posts/840821456102957 EFAIL https://efail.de/ Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels (draft 0.9.1) https://efail.de/efail-attack-paper.pdf ProtonMail is safe against the efail PGP vulnerability. https://twitter.com/ProtonMail/status/995996112526954496 Efail or OpenPGP is safer than S/MIME https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html Digital Photocopiers Loaded With Secrets https://www.cbsnews.com/news/digital-photocopiers-loaded-with-secrets/ Throwhammer: Rowhammer Attacks over the Network and Defenses https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf Rowhammer strikes networks, Bolton strikes security jobs, and Nigel Thornberry strikes Chrome, and more http://www.theregister.co.uk/2018/05/12/security_roundup/ Memcached https://memcached.org/ 7-Zip: From Uninitialized Memory to Remote Code Execution https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/ IBM bans all removable storage, for all staff, everywhere http://www.theregister.co.uk/2018/05/10/ibm_bans_all_removable_storage_for_all_staff_everywhere/ Second wave of Spectre-like CPU security flaws won't be fixed for a while http://www.theregister.co.uk/2018/05/09/spectr_ng_fix_delayed/ Every major OS maker misread Intel's docs. Now their kernels can be hijacked or crashed http://www.theregister.co.uk/2018/05/09/intel_amd_kernel_privilege_escalation_flaws/ Ex-CIA man fingered as prime suspect in Vault 7 spy tool manuals leak http://www.theregister.co.uk/2018/05/15/vault_7_leak/ DHCP Client Script Code Execution Vulnerability - CVE-2018-1111 https://access.redhat.com/security/vulnerabilities/3442151 Securit13 Patreon https://www.patreon.com/securit13 Keygen Music [2+ hour Mix] https://www.youtube.com/watch?v=cYkaG5CT53I
PGP, OpenPGP, and GPG: Waht Is The Difference? • Breaking down Keybase.io • Using Keybase.io Web App • Keybase Apps and the Command Line --- Support this podcast: https://anchor.fm/hackerculture/support
We start Brakeing Down Security with a huge surprise! A 3rd member of the podcast! Amanda #Berlin (@infosystir) joins us this year to help us educate people on #security topics. During the year, she'll be getting us some audio from various conventions and giving us her perspective working as an #MSSP, as well as a blue team (defender). We start out talking about new #California #legislation about making #malware illegal. What are politicians in California thinking? We work through that and try to find some understanding. With all the various secure messaging systems out there, we discuss how why secure messaging systems fail so poorly with regards to #interoperability and the difficulties in getting average non-infosec people to adopt one. We also discuss #Perfect #Foward #Security and how it prevents people from decrypting old messages, even if the key is compromised. ---------- HITB announcement: “Tickets are on sale, And entering special code 'brakeingsecurity' at checkout gets you a 10% discount". Brakeing Down Security thanks #Sebastian Paul #Avarvarei and all the organizers of #Hack In The Box (#HITB) for this opportunity! You can follow them on Twitter @HITBSecConf. Hack In the Box will be held from 10-14 April 2017. Find out more information here: http://conference.hitb.org/hitbsecconf2017ams/ --------- Join our #Slack Channel! Sign up at https://brakesec.signup.team #RSS: http://www.brakeingsecurity.com/rss #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback, or Suggestions? Contact us via Email: bds.podcast@gmail.com #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Facebook: https://www.facebook.com/BrakeingDownSec/ #Tumblr: http://brakeingdownsecurity.tumblr.com/ #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582 ---Show Notes--- News story: http://www.latimes.com/politics/la-pol-sac-crime-ransomware-bill-20160712-snap-story.html “If this legislation gives prosecutors the tools that they didn’t have before, where are the cases that they have lost because they didn’t have these tools?” said Brandon Perry, a senior consultant for NTT Com Security. “Authorities are focused on prosecuting criminals that they can’t even find, as opposed to educating the victims to prevent this from happening again and again.” Ransomware won’t infect you if you watch training videos: http://thehackernews.com/2017/01/decrypt-ransomware-files.html Secure messaging - stuck in an Apple ecosystem Too many, no interoperability Signal, Whisper, Wickr, Wire, WhatsApp, FB messenger I uninstalled Signal… can’t convince people to adopt something if everyone cannot message one another --BrBr OpenPGP is ‘dangerous’ http://arstechnica.com/information-technology/2016/12/signal-does-not-replace-pgp/ Forward Secrecy - https://en.wikipedia.org/wiki/Forward_secrecy “A public-key system has the property of forward secrecy if it generates one random secret key per session to complete a key agreement, without using a deterministic algorithm.” (input given gives the same output every time) Perfect Forward Secrecy - “In cryptography, forward secrecy (FS; also known as perfect forward secrecy[1]) is a property of secure communication protocols in which compromise of long-term keys does not compromise past session keys. Ms. Amanda’s pentest homework: “https://docs.google.com/document/d/17NJPXpqB5Upma2-6Hu5svBxd8PH0Ex7VgCvRUhiUNk8/edit”
Nuestra credulidad es su fuerza http://podcast.jcea.es/podcast1984/2 Notas: 00:00: Presentación. 02:27: Noticias breves: 02:27: I Evento Telemático de ANSI: Charla - Ley Seguridad Ciudadana y LECrim. Charla Debate Seguridad Domestica El Enemigo En Casa. 04:22: Facebook integra OpenPGP en sus notificaciones de correo electrónico. La nota de prensa: Securing Email Communications from Facebook. 05:00: El autor del ransomware Locker publica el listado de claves necesarias para descifrar los ficheros de los usuarios. 05:40: Libro Cibercrimen, escrito por Manel Medina y Mercè Molist. 07:20: En el debate hablaremos sobre la TTIP. 08:10: Javiér presenta el Tratado transatlántico de comercio e inversiones. 09:45: Antonio habla del espionaje internacional. 10:00 Derechos laborables, servicios públicos, medicamentos. 11:19: A Jesús no le parece mal la globalización. El problema es irse al máximo común divisor. 13:17: Antonio insiste en el tema del espionaje masivo, ley mordaza, etc. 14:45: Jesús presenta tu teoría del egoismo productivo. 15:30: Javier indica que el terrorismo y similares proporcionan excusas para aprobar leyes abusivas contando con el apoyo del público. 16:20: Jesús opina que el público está dispuesto a ceder en lo que sea con tal de mantener su percepción de nivel de vida y su percepción de seguridad. 19:43: Jesús: La propia TSA confirma que la seguridad aérea es un coladero: US Airport Screeners Missed 95% of Weapons, Explosives In Undercover Tests. 24:38: Antonio: Si damos al público en general por perdido, ¿qué opciones tenemos? 26:20: Jesús: Proporcionar seguridad "a pesar" del público, que no sea una elección. 27:00: La epifanía de Jesús con FireSheep (en el podcast Jesús habla de BlackSheep. Es una errata, el nombre correcto es FireSheep). 31:00: Tras Snowden, nada ha cambiado. ¿O sí?. 31:40: Antonio: ¿privacidad? 32:20: Jesús ignora a Antonio y sigue contando su rollo. Más detalles en su artículo Nada ha cambiado desde Snowden. ¿O si?. 34:30: Jesús da su opinión sobre las peticiones de muchos gobiernos de limitar la calidad del cifrado en las comunicaciones. 35:40 Jesús: Ya se ha abierto la caja de Pandora. La tecnología no se puede prohibir porque los malos lo usarán y los buenos estarán desprotegidos. 39:00: Javier habla de la ley antiterrorista francesa. 39:30: Jesús: arbitrariedad en la aplicación de leyes que se infringen de forma masiva. 40:30: Jesús: Estas propuestas de ley son globos sonda. 44:30: Asimetría entre violaciones de la ley de protección de datos por parte de empresas privadas o por parte de organismos públicos. 45:20: Antonio pide un resumen final. 45:50: Jesús da su receta. 46:30: Javier recuerda que el tema del debate era la TTIP y que el público debe informarse y resistirse. 47:50: Antonio aporta su opinión. 48:18: Javier nos habla de la ingeniería social, presentando un ejemplo práctico.
In this episode... Jon Callas gives a little of his background and his current role We talk through why cryptography is so hard, and so broken today Jon overviews compatibility, audit and making cryptography useful Jon brings up open source, security, and why "open is more secure" is bunk We talk through "barn builders" vs. "barn kickers" and why security isn't improving We talk through how to do privacy, active vs. passive surveillance We talk through anonymous VPN providers, anonymization services, and how they're legally bound Jon talks about appropriate threat modeling and knowing what we're protecting We talk through patching -- how to do patching for Joe Average User Bonus-- Mobile is as secure (or more) than what we're used to on the desktop Guest Jon Callas ( @JonCallas ) - Jon Callas is an American computer security expert, software engineer, user experience designer, and technologist who is the co-founder and CTO of the global encrypted communications service Silent Circle. He has held major positions at Digital Equipment Corporation, Apple, PGP, and Entrust, and is considered “one of the most respected and well-known names in the mobile security industry.” Callas is credited with creating several Internet Engineering Task Force (IETF) standards, including OpenPGP, DKIM, and ZRTP, which he wrote. Prior to his work at Entrust, he was Chief Technical Officer and co-founder of PGP Corporation and the former Chief Technical Officer of Entrust.
Neste episódio, falamos sobre o OpenPGP, o protocolo de cifragem de mensagens mundialmente conhecido que procura colocar na mão do usuário comum o acesso a criptografia forte. ShowNotes Resposta da Lenovo sobre o caso SuperfishContinue reading
Check out RailsClips on Kickstarter!! 02:01 - Richard Kennard Introduction Twitter GitHub Kennard Consulting Metawidget 02:04 - Geraint Luff Introduction Twitter 02:07 - David Luecke Introduction Twitter GitHub 02:57 - Object-relational Mapping (ORM) NoSQL Duplication 10:57 - Online Interface Mapper (OIM) CRUD (Create, Read, Update, Delete) UI (User Interface) 12:53 - How OIMs Work Form Generation Dynamic Generation Static Generation Duplication of Definitions Runtime Generation 16:02 - Editing a UI That’s Automatically Generated Shape Information => Make Obvious Choice 23:01 - Why Do We Need These? 25:24 - Protocol? Metawidget 27:56 - Plugging Into Frameworks backbone-forms JSON Schema 33:48 - Making Judgement Calls WebComponents, React JSON API AngularJS 49:27 - Example OIMs JSON Schema Metawidget Jsonary 52:08 - Testing Picks The Legend of Zelda: Majora's Mask 3D (AJ) 80/20 Sales and Marketing: The Definitive Guide to Working Less and Making More by Perry Marshall (Chuck) A Wizard of Earthsea by Ursula K. Le Guin (Chuck) Conform: Exposing the Truth About Common Core and Public Education by Glenn Beck (Chuck) Miracles and Massacres: True and Untold Stories of the Making of America by Glenn Beck (Chuck) 3D Modeling (Richard) Blender (Richard) Me3D (Richard) Bandcamp (David) Zones of Thought Series by Vernor Vinge (David) Citizenfour (Geraint) Solar Fields (Geraint) OpenPGP.js (Geraint) forge (Geraint)
Check out RailsClips on Kickstarter!! 02:01 - Richard Kennard Introduction Twitter GitHub Kennard Consulting Metawidget 02:04 - Geraint Luff Introduction Twitter 02:07 - David Luecke Introduction Twitter GitHub 02:57 - Object-relational Mapping (ORM) NoSQL Duplication 10:57 - Online Interface Mapper (OIM) CRUD (Create, Read, Update, Delete) UI (User Interface) 12:53 - How OIMs Work Form Generation Dynamic Generation Static Generation Duplication of Definitions Runtime Generation 16:02 - Editing a UI That’s Automatically Generated Shape Information => Make Obvious Choice 23:01 - Why Do We Need These? 25:24 - Protocol? Metawidget 27:56 - Plugging Into Frameworks backbone-forms JSON Schema 33:48 - Making Judgement Calls WebComponents, React JSON API AngularJS 49:27 - Example OIMs JSON Schema Metawidget Jsonary 52:08 - Testing Picks The Legend of Zelda: Majora's Mask 3D (AJ) 80/20 Sales and Marketing: The Definitive Guide to Working Less and Making More by Perry Marshall (Chuck) A Wizard of Earthsea by Ursula K. Le Guin (Chuck) Conform: Exposing the Truth About Common Core and Public Education by Glenn Beck (Chuck) Miracles and Massacres: True and Untold Stories of the Making of America by Glenn Beck (Chuck) 3D Modeling (Richard) Blender (Richard) Me3D (Richard) Bandcamp (David) Zones of Thought Series by Vernor Vinge (David) Citizenfour (Geraint) Solar Fields (Geraint) OpenPGP.js (Geraint) forge (Geraint)
Check out RailsClips on Kickstarter!! 02:01 - Richard Kennard Introduction Twitter GitHub Kennard Consulting Metawidget 02:04 - Geraint Luff Introduction Twitter 02:07 - David Luecke Introduction Twitter GitHub 02:57 - Object-relational Mapping (ORM) NoSQL Duplication 10:57 - Online Interface Mapper (OIM) CRUD (Create, Read, Update, Delete) UI (User Interface) 12:53 - How OIMs Work Form Generation Dynamic Generation Static Generation Duplication of Definitions Runtime Generation 16:02 - Editing a UI That’s Automatically Generated Shape Information => Make Obvious Choice 23:01 - Why Do We Need These? 25:24 - Protocol? Metawidget 27:56 - Plugging Into Frameworks backbone-forms JSON Schema 33:48 - Making Judgement Calls WebComponents, React JSON API AngularJS 49:27 - Example OIMs JSON Schema Metawidget Jsonary 52:08 - Testing Picks The Legend of Zelda: Majora's Mask 3D (AJ) 80/20 Sales and Marketing: The Definitive Guide to Working Less and Making More by Perry Marshall (Chuck) A Wizard of Earthsea by Ursula K. Le Guin (Chuck) Conform: Exposing the Truth About Common Core and Public Education by Glenn Beck (Chuck) Miracles and Massacres: True and Untold Stories of the Making of America by Glenn Beck (Chuck) 3D Modeling (Richard) Blender (Richard) Me3D (Richard) Bandcamp (David) Zones of Thought Series by Vernor Vinge (David) Citizenfour (Geraint) Solar Fields (Geraint) OpenPGP.js (Geraint) forge (Geraint)
https://portalzine.de/services/podcast-5aes/folge/012/ ÜBER DIE FOLGE -------------------------------------- Folge 012 - 17.01.2014: Tardis mit App, TechniSat MyDigitRadio App, Adobe + Shapeways 3d Druck, Bilder Optimierung für den Mac und OpenPGP mit Mailvelope LINKS -------------------------------------- * Wikipedia - OpenPGP- http://de.wikipedia.org/wiki/OpenPGP * Mailvelope OpenPGP- http://www.mailvelope.com/ * Mac ImageOptim- http://imageoptim.com/ * Mac ImageAlpha- http://pngmini.com/ * Adobe Shapeways 3d Druck- http://blogs.adobe.com/photoshopdotcom/2014/01/photoshop-cc-gets-physical-3d-printing-in-just-one-click.html * MyDigitRadio App- https://www.facebook.com/technisat/posts/10152198038633287:0?stream_ref=1 * Dr Who Tardis mit App- https://www.youtube.com/watch?v=dUBxHd3bMhg SOCIAL MEDIA -------------------------------------- ♡ Blog: https://portalzine.de/news ♡ Facebook: https://www.facebook.com/portalZINE ♡ Instagram: https://www.instagram.com/pztv/ ♡ Twitter: https://twitter.com/portalzine PORTALZINE® NMN - Development meets Creativity -------------------------------------- Alexander Gräf Stettiner Str. Nord 20 49624 Löningen Deutschland https://portalzine.de #podcast #tech #geek #woche #portalzine #pztv
In this episode: a discussion of OpenPGP, GnuPG, and how to use public-key cryptography to sign and encrypt emails and files (here are some excellent how-to's: GnuPG mini Howto, Gentoo Documentation on GnuPG, and Ubuntu Documentation on GnuPG); an audio Listener Tip on the "cal" command; audio and email Listener Feedback.
© 2020-2025 Ivy Podcast Discovery LLC
