Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Stuff that doesn't need it's own Thread

«1

Comments

  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    God damnit, I hate ridiculous app requirements.....

    318011.jpg

    edit: And that's not even all of them!!! They wouldn't all fit on the screen. :/


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    That looks to be a slightly old version of play store where they just give the permissions per very abstract category. They have included more details in recent version, but its still related to all permissions for a given category, rather than fine tuned for what the app in question specifically requests:

    https://play.google.com/store/apps/details?id=com.whatsapp (Click "View permissions")

    But you might want to look into one of these solutions: http://www.xda-developers.com/android/protecting-your-privacy-app-ops-privacy-guard-and-xprivacy/


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    I was about to quote Khannie's post then remembered he gets grumpy when people do that. At this years DefCon, John Mcafee spoke about many things including the eventful year he had last year but he also spoke about an app he created called DCentral1 which audits the permissions requirements of the apps installed and gives each one a rating. My friend found it interesting that his banking app requires access to his camera.

    I recommend installing it and checking what you have. You can tweak the thresholds your self, so its ok if your camera app needs access to your camera, or your gallery app needs access to your SD card, but you can quickly see if your wall paper app is reading your calls.

    You can get it from the play store.


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    syklops wrote: »
    I was about to quote Khannie's post then remembered he gets grumpy when people do that.

    AAAAhahahahaha. :P Only when you quote the pic. ;)
    syklops wrote: »
    My friend found it interesting that his banking app requires access to his camera.

    That's disgraceful tbh.
    syklops wrote: »
    You can get it from the play store.

    Thanks, I'll check it out.


  • Advertisement
  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard




  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    http://dontevenreply.com/

    Few good lols in that.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard




  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    That's disgraceful tbh.

    My friend wrote to the bank.


    The bank wrote back! :eek:

    Needless to say its not an irish bank.

    Anyway they said the reason their app requires access to the camera is in case the phone gets stolen, if someone tries to use the app when they have been informed that the phone has been stolen, its so they can take a picture of the person using the app and send it to their servers for further investigation.

    My initial thought was Bo%$ox!

    That said, the bank responded to his query and is one of the few banks I know to provide dual-factor auth for online banking - by default. So, I'll give them credit to be honest.


  • Advertisement
  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    How do we feel about blog links? And by we, I mean the gods mods of the security forum. Work asked me to write about my trip to DefCon 22 for their corporate blog. I intend on copying the text to my personal blog and if there is interest, pasting it here. Im not looking for bigger readership or anything I just thought some people would be genuinely interested in this forum.

    If there is interest, but we are not happy about posting links, I can paste the text as a comment instead.

    Interested in hearing thoughts.

    P.S. A thread for stuff that doesnt need its own thread was a great idea!


  • Registered Users, Registered Users 2 Posts: 5,112 ✭✭✭Blowfish


    syklops wrote: »
    How do we feel about blog links? And by we, I mean the gods mods of the security forum. Work asked me to write about my trip to DefCon 22 for their corporate blog. I intend on copying the text to my personal blog and if there is interest, pasting it here. Im not looking for bigger readership or anything I just thought some people would be genuinely interested in this forum.

    If there is interest, but we are not happy about posting links, I can paste the text as a comment instead.

    Interested in hearing thoughts.

    P.S. A thread for stuff that doesnt need its own thread was a great idea!
    I'd be interested...though I think I've already read it.


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Ah yeah...fire away. It's not spam if you're a regular contributor IMO.


  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49



    I just had a read of this, a summary of this user's complaints about gpg would seem to be as follows:

    - Key distribution is problematic as keys are large and also there's no centralised key server such as is the case with Apple's iMessage. (I kid you not, he mentioned iMessage as an example...)

    - No forward secrecy for messages.

    - The OpenPGP default encryption formats in some cases are quite old e.g CAST5.

    - Many of the implementations inside the Mail Client aren't easy to use and require you to enter the password for your private key which will then exist in the Computer Memory.

    I don't think he's being very fair, at least on the first point. It seems to me if you want to trust Google/Yahoo both to manage your keys and encrypt your data for you, you might as well not bother encrypting the data in the first place.

    As for older encryption ciphers and awkward mail interfaces you can get around this problem by simply using a separate program to encrypt/decrypt messages and just paste the text between windows e.g GPG4USB.

    Would be interested to hear all of your thoughts on this that said.


  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49


    syklops wrote: »
    How do we feel about blog links? And by we, I mean the gods mods of the security forum. Work asked me to write about my trip to DefCon 22 for their corporate blog. I intend on copying the text to my personal blog and if there is interest, pasting it here. Im not looking for bigger readership or anything I just thought some people would be genuinely interested in this forum.

    If there is interest, but we are not happy about posting links, I can paste the text as a comment instead.

    Interested in hearing thoughts.

    P.S. A thread for stuff that doesnt need its own thread was a great idea!

    Hi syklops, I'd be very interested to read about your experience. For the record I have shamelessly linked to my own Security blog in the past but if it's to provide info that isn't available elsewhere, which of course would be the case if you want to recount your own experiences, I think it can be justified.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Gmail smartphone app hacked by researchers
    US researchers say they have been able to hack into Gmail accounts with a 92% success rate by exploiting a weakness in smartphone memory.
    The researchers were able to gain access to a number of apps, including Gmail, by disguising malicious software as another downloaded app.
    Other apps hacked included H&R Block, Newegg, WebMD, Chase Bank, Hotels.com and Amazon.

    The Amazon app was the hardest to access, with a 48% success rate.
    The hack involves accessing the shared memory of a user's smartphone using malicious software disguised as an apparently harmless app, such as wallpaper.


    This shared memory is used by all apps, and by analysing its use the researchers were able to tell when a user was logging into apps such as Gmail, giving them the opportunity to steal login details and passwords.

    "The assumption
    Assumption!!!:eek:




    :pac::pac::pac:

    I always think of that when I see assumed...lol
    "The assumption has always been that these apps can't interfere with each other easily," said Zhiyun Qian, an assistant professor at the University of California and one of the researchers involved in the study.
    "We show that assumption is not correct, and one app can in fact significantly impact another and result in harmful consequences for the user."

    Android. It's full of holes.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    SSL Vulnerabilities: Who listens when Android applications talk?

    Nuke Regulator Hacked by Suspected Foreign Powers

    Can they not send them on a 3 day course and teach not to click on everything with a line under it or something.


    Future Hack: New Cybersecurity Tool Predicts Breaches Before They Happen
    A new research paper (PDF) outlines security software that scans and scrapes web sites (past and present) to identify patterms leading up to a security breach. It then accurately predicts what websites will be hacked in the future. The tool has an accuracy of up to 66%. Quoting: "The algorithm is designed to automatically detect whether a Web server is likely to become malicious in the future by analyzing a wide array of the site's characteristics: For example, what software does the server run? What keywords are present? How are the Web pages structured? If your website has a whole lot in common with another website that ended up hacked, the classifier will predict a gloomy future. The classifier itself always updates and evolves, the researchers wrote. It can 'quickly adapt to emerging threats.'"

    The comments are far from kind and I haven't skimmed the report but the idea here is good. The bit in bold itself would be very useful. I was reading about a breach in some US firm the other day, the breach was a few years back but the head guy was so pissed as similar setups to theirs were being breached for months and he never knew. If he had he could have adapted.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Khannie wrote: »
    Ah yeah...fire away. It's not spam if you're a regular contributor IMO.

    Def Con 22 - A report from the frontline

    Just spotted a typo which will get changed soon, it says Turn out this year was 11,000, that should read Turn out last year was 11,000. This year was over 15,000.


  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49


    syklops wrote: »
    Def Con 22 - A report from the frontline

    Just spotted a typo which will get changed soon, it says Turn out this year was 11,000, that should read Turn out last year was 11,000. This year was over 15,000.

    Sklops,

    I just wanted to thank you for this, this was a fascinating read, I'm only sorry you had to queue up so long!

    I am awed you got to meet jduck in person, also am taking on board what you said about contactless payment. As a matter of fact I switched banks recently because my own was insisting on giving me a card to use for contactless - frankly I don't see how it saves time - the 3 seconds it takes me to enter my PIN isn't the problem, usually the teller inserting my card the wrong way round!

    Will you go back next year? My Uncle lives in Nevada so I'm seriously considering paying a visit.


  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49


    Also what is it with "biometric" USB and hard drives?

    Aside from the fact they can be overcome easily with the use of gummi bears, in the event you were found to be in possession of one couldn't your local government grunt or Mafia henchman just press your thumb to the drive against your will?

    Colossal waste of time surely?


  • Advertisement
  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    Sklops,

    I just wanted to thank you for this, this was a fascinating read, I'm only sorry you had to queue up so long!

    I am awed you got to meet jduck in person, also am taking on board what you said about contactless payment. As a matter of fact I switched banks recently because my own was insisting on giving me a card to use for contactless - frankly I don't see how it saves time - the 3 seconds it takes me to enter my PIN isn't the problem, usually the teller inserting my card the wrong way round!

    Will you go back next year? My Uncle lives in Nevada so I'm seriously considering paying a visit.

    I am hooked on Def Con now and will definitely be going back next year. I don't know why I didn't go before now.

    Flights plus accommodation came to about 2K, plus $220 for the DefCon ticket. I spent an additional 300 on equipment, and another 200 on booze (:eek:). Tbh, that is easily doable with a bit of scrimping and saving.

    I'm also thinking we need an Irish DefCon. I know there is Iriss, but its more like Blackhat rather than DefCon. I already have ideas for names, but I'll write about that later.

    Currently working on a blog on hacking android phones using the OTG cable I bought. I'll paste it here when done.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    syklops wrote: »
    and another 200 on booze (:eek:).
    :eek::eek:

    syklops wrote: »
    Currently working on a blog on hacking android phones using the OTG cable I bought. I'll paste it here when done.
    USB Condom protects your devices from nasty ports


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    I was reading about a breach in some US firm the other day, the breach was a few years back but the head guy was so pissed as similar setups to theirs were being breached for months and he never knew. If he had he could have adapted.
    Here it is.


    More than a Thousand US firms are after getting hit by the same "Backoff" Malware lately. Clever little one.
    According to the Secret Service, criminals are actively scanning corporate systems for remote access opportunities — a vendor with remote access to a company’s systems, for example, or employees with the ability to work remotely — and then deploying computers to guess user names and passwords at high speeds until they find a working combination.
    The hackers use those footholds to crawl through corporate networks until they gain access to the in-store cash register systems. From there, criminals collect payment card data off the cash register systems and send it back to their servers abroad.

    Last year, in the largest known breach against a retailer’s payment system, hackers invaded Target for weeks without being detected. The hackers’ malware stole customers’ data directly off the magnetic stripes of credit and debit cards used by tens of millions of shoppers.


  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49


    syklops wrote: »
    I am hooked on Def Con now and will definitely be going back next year. I don't know why I didn't go before now.

    Flights plus accommodation came to about 2K, plus $220 for the DefCon ticket. I spent an additional 300 on equipment, and another 200 on booze (:eek:). Tbh, that is easily doable with a bit of scrimping and saving.

    I'm also thinking we need an Irish DefCon. I know there is Iriss, but its more like Blackhat rather than DefCon. I already have ideas for names, but I'll write about that later.

    Currently working on a blog on hacking android phones using the OTG cable I bought. I'll paste it here when done.

    I agree it's money well spent chief and even if you can set aside a token amount like 150 Euro a month it should be doable.

    Please do post your thoughts on Android phones on here. I'm seriously considering using an Android phone in conjunction with a VPS as a kind of software "dead man's switch" but am a little worried about all the supposed security holes.

    Have you had any experience with Cynaogen Mod or replicant? I've rooted a Samsung Galaxy Ace with the "Cooper" build of Cynaogen Mod and am very impressed - it certainly runs much faster than my old OS, don't know if it's more secure though.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops



    Beer in the hotel/casino was 8 dollars a bottle. In the hot nevada heat its very easy to have 5-6 beers in the course of the day and not really feel buzzed. 6 x 8 is $48. Have a cocktail in the evening(1) and its $13 so daily spend on booze was about 61. Three and a half days. Yep

    The last day we went to an off license in the morning(I love the liberty of an off license open at 8 am!) and bought a six pack and put it in our bags. That is frowned upon by some Goons, but the day before we met a guy with a cooler on wheels filled with ice and beer and he said so long as he didnt wheel it around the lobby no one had a problem, so we thought why not. For 12 dollars I got 6 bottles of stella. Next year I'll do the same.


  • Registered Users, Registered Users 2 Posts: 2,021 ✭✭✭ChRoMe


    Khannie wrote: »
    That's disgraceful tbh.

    That is most likely to allow you to take a photo of a cheque to deposit it electronically, if that is the case its a perfectly reasonable requirement.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    ChRoMe wrote: »
    That is most likely to allow you to take a photo of a cheque to deposit it electronically, if that is the case its a perfectly reasonable requirement.
    Post 11


  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49


    Just been working on generating secure passwords.

    Will all the usual warnings about black bag and rubber hose "cryptography", I've found an excellent password checker on the Kaspersky Blog.

    What I like about it, is that it tells you how quickly various devices would crack your password e.g a 2012 Macbook Pro or the Conficker botnet.

    I put in the last password I used for one of my external USB drives (which has since been changed) and was surprised to see that Conficker would have polished it off in just 20 days - sobering reading!


  • Registered Users, Registered Users 2 Posts: 6,393 ✭✭✭AnCatDubh


    I've found an excellent password checker on the Kaspersky Blog.

    Nice one.

    Just throwing random stuff into it it comes up with a funny;

    A given password holycowsbatman!-- will take 3 months to crack whereas if I add a third hyphen for it to become holycowsbatman!--- it takes 3 days.

    I know there's repeated characters in there and 'widely used combinations' as the tool will respond, but the repeated characters (though not as many of them) were there in the first example as were the combinations.

    Most recent advice i've come across all makes a virtue of elongating your password which I kinda get in terms of the theory of it. If i keep adding hyphens to elongate the password then it increments the time taken as you might expect.

    Does it look like a bug in there somewhere or does that look like reasonable behaviour of the checker?


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,456 ✭✭✭FSL


    Not limiting it to keyboard characters i.e. using 12 random bytes between Hex 01 and Hex FE i.e. excluding 00 and FF would take confiker 5380 centuries and the super computer 33 centuries.


  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49


    AnCatDubh wrote: »
    Nice one.

    Just throwing random stuff into it it comes up with a funny;

    A given password holycowsbatman!-- will take 3 months to crack whereas if I add a third hyphen for it to become holycowsbatman!--- it takes 3 days.

    I know there's repeated characters in there and 'widely used combinations' as the tool will respond, but the repeated characters (though not as many of them) were there in the first example as were the combinations.

    Most recent advice i've come across all makes a virtue of elongating your password which I kinda get in terms of the theory of it. If i keep adding hyphens to elongate the password then it increments the time taken as you might expect.

    Does it look like a bug in there somewhere or does that look like reasonable behaviour of the checker?

    Hi Ancat,

    Although I'm a little rusty when it comes to password "salting" as I understand it, the warning about repeated characters is because it results in a more predictable hash of your password, hence the "3 days" - I agree though that bigger is always going to be better.

    I ran your password there through howsecureismypassword.net - adding a hyphen as you did means the difference between 20 and 849 billion years for a desktop PC to crack it, so I think you're on the right track.

    The reason for my preoccupation with long passwords has to do with a software "Dead Man's switch" on which I'm currently working (have posted about this in a separate thread in this forum).

    An essential part of this is that the password generated is one which is near nigh impossible to commit to memory, also one which cannot be cracked even by a supercomputer.

    In a nutshell, the idea is to store the password in an encrypted file on a server (currently I'm using one in Iran). A script is constantly running on the server with a timer, which unless it's reset every 24 hours will securely erase the file.

    Whenever you want to unlock your encrypted drive all you need to do is log into the server, decrypt the file and copy and paste the password.

    This sounds elaborate but it seems to me the only way that you can't be compelled to hand over the key. Provided you can hold out for 24 hours, then the data can't be retrieved.

    Of course any fool can invent a security system that they can't get around themselves so I'd be very interested to hear your thoughts on this in the other thread.


  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49


    FSL wrote: »
    Not limiting it to keyboard characters i.e. using 12 random bytes between Hex 01 and Hex FE i.e. excluding 00 and FF would take confiker 5380 centuries and the super computer 33 centuries.

    Thanks FSL,

    For any Linux users out there if you want to create a truly random password of X bits, you can do this very easily from the command line:

    dd if=/dev/random bs=1 count=X 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev

    e.g

    dd if=/dev/random bs=1 count=32 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev
    bN95Jid3is1SYt0G+sx/41+LKXq3fDbbxGCwcuGbKnQ


    A lot easier to generate than to remember sadly! :)


  • Registered Users, Registered Users 2 Posts: 328 ✭✭suspectdevice


    Quick one; i noticed on a gmail account that someone had accessed it via a vodafone mobile service. I have the IP address but it looks like a Vodafone mobile IP address. I know I haven't used this and am wondering how can i look further into who did.

    Does Vodafone use a range of IP for mobile access so that someone using mobile only shows the Vodafone IP?

    The IP is from between Borrisokane and Roscrea - is this simply a repeater tower in the area or does it indicate the cell that the user was accessing from?

    Not understanding a whole lot about mobile IP so any help much appreciated.

    EDIT: so its the same geolocation for my fixed IP on Broadband so nothing relevant there.


  • Advertisement
  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard




  • Moderators, Society & Culture Moderators Posts: 9,768 Mod ✭✭✭✭Manach


    Interesting Slashdot discussion on how NATO will now respond to IT attacks:
    http://yro.slashdot.org/story/14/09/02/1643236/nato-set-to-ratify-joint-defense-for-cyberattacks


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    On BBC2 Now.

    Inside the Dark Web
    Duration: 1 hour

    Twenty-five years after the world wide web was created, it is now caught in the greatest controversy of its existence: surveillance.

    With many concerned that governments and corporations can monitor our every move, Horizon meets the hackers and scientists whose technology is fighting back. It is a controversial technology, and some law enforcement officers believe it is leading to 'risk-free crime' on the 'dark web' - a place where almost anything can be bought, from guns and drugs to credit card details.

    Featuring interviews with the inventor of the world wide web, Sir Tim Berners-Lee, and the co-founder of WikiLeaks, Julian Assange, Horizon delves inside the 'dark web'.

    Repeated Tomorrow 23.20 (Not in Scotland), will be on Iplayer (bit of hassle to watch though)

    Grand Designs (New Season) on CH4 now though, I'm watching that.


  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49



    Very much enjoyed the article you posted about alternatives to Google RF, many thanks.

    During my exile from the Information Security forums, I have been looking at ways to beef up my SSH sessions and have been very tempted by Google Authenticator.

    As you all know it's an open source app which helps generate OTP's which you can access from your APP on your phone. These codes need to be entered before you can connect to your server over SSH.

    While the server side software is open source, the application for Android and iPhones isn't, and contains some google specific code. Fortunately there is an open source alternative Authenticator called FreeOTP.

    This can import the keys created by Google Authenticator and help log you in.

    My question though is can this really be trusted - if an app has been created by the Gods of google, even open source, can we be sure they've found every bug and there's no backdoor?


  • Registered Users, Registered Users 2 Posts: 36,450 ✭✭✭✭Hotblack Desiato



    Sadly Horizon has been dumbed down past the point of uselessness for a couple of decades now.
    Repeated Tomorrow 23.20 (Not in Scotland)

    :pac:

    In Cavan there was a great fire / Judge McCarthy was sent to inquire / It would be a shame / If the nuns were to blame / So it had to be caused by a wire.



  • Advertisement
  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Sadly Horizon has been dumbed down past the point of uselessness for a couple of decades now.



    :pac:
    Anybody watch it? Any good?

    I'l give it a look at some stage, S09 E09 of Supernatural is Tonights viewing.:D


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard




  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    The redacted list(e.g. without the passwords) can be downloaded from here so you can check if you or a friend/loved one is affected. Some users say the passwords are not their current ones but was one they used in the past which suggests it came from another site which people registered with which has been compromised.

    Apparently this is the biggest leak of passwords in one go in history, but can't find any data to back up that particular claim.


    Edit: People, people, people. Of the just under 5 million accounts, how many used the word "password" to form the basis of their password?


    19,646.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    I dont want to link to it here because then every skript kiddy in the house will be hacking peoples accounts. I PM'ed you, be responsible.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    syklops wrote: »
    The redacted list(e.g. without the passwords) can be downloaded from here
    Never worked for me (though read that it's been overloaded), here's another 1.

    https://isleaked.com/en.php
    If you don't like to specify your full email address for any reason, you can replace up to 3 characters with asterisk sign (e.g., for myaccount@gmail.com enter myac***nt@gmail.com), thus we'll show you a count of matches for this pattern. We respect your privacy.
    I don't think I'd put mine (if I used one) in to these to be honest, just change your password.


  • Registered Users, Registered Users 2 Posts: 1,034 ✭✭✭dalta5billion


    One of my generated passwords from ages ago is there.

    Thank bejesus for lastpass.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    https://www.cyphertite.com/

    Opensource encrypted storage


    The Moment of Truth: Kim Dotcom, Glenn Grenwald, Edward Snowden, Julian Assange



    Jist is:Dotcom has an email apparently from Warner Bros to NZ Prime Min about getting Dot to NZ with the intention of raiding Mega and extraditing Dot. And New Zealand Launched Mass Surveillance Project While Publicly Denying It


    Wikileaks released FinFisher


    Get out and walk people...



  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard




  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49


    https://www.cyphertite.com/

    Opensource encrypted storage


    The Moment of Truth: Kim Dotcom, Glenn Grenwald, Edward Snowden, Julian Assange



    Jist is:Dotcom has an email apparently from Warner Bros to NZ Prime Min about getting Dot to NZ with the intention of raiding Mega and extraditing Dot. And New Zealand Launched Mass Surveillance Project While Publicly Denying It


    Wikileaks released FinFisher


    Get out and walk people...


    Thanks RF,

    Just had a look at Cyphertite, looks promising.

    There's a very generous initial offer of storage space of 8GB although it seems this is more for archiving purposes rather than actual cloud storage a la Dropbox, I could be wrong though, what do you think?

    Unlike Wuala, SpiderOak, Dropbox et. al there also isn't currently an Android app to automatically upload your pictures to the cloud which is a must for me as I like to take my handy camera phone on protests and it's good to be able to make sure your content is proof against seizure.

    There doesn't seem to be any way of limiting the upload speed of a backup and in fact the site's FAQ says specifically that the software is designed to make maximum use of your connection.

    The company is incorporated in Chicago in a "high security data facility" - possibly the most significant of the FAQ's and answers:
    Is there any legislation in the US that obligates you to report information about your users to US intelligence agencies?

    There are no laws that obligate us to share any information with US intelligence, law enforcement or other government agencies. In the U.S., like in most other jurisdictions, we may be served with a valid warrant forcing us to hand over a user's data. That data, however, is completely encrypted and will be indecipherable to anyone who does not have access to the users keys. We do not have access to users keys nor can we be forced to decrypt your data.

    All the same a warrant canary would be nice. Personally I'd feel more comfortable if their servers were located somewhere like the Caymans but there you are.

    The FAQ also claim that their secure storage passes the mud puddle test.

    It's also immensely reassuring to know they use open source software to encrypt the data and the source code for the software is available from the site.

    For the purists, an in depth explanation of the crypto they use can be found by visiting this page, then clicking "Read More".

    For the TLDR didn't read crowd, Cyphertite uses 256-bit AES-XTS to encrypt file data.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    http://labs.bittorrent.com/bleep/

    Ant-sized radios could help connect trillions of devices to the Internet of Things
    A team of researchers from Stanford University and the University of California, Berkeley, has created prototype radio-on-a-chip communications devices that are powered by ambient radio waves. Comprising receiving and transmitting antennas and a central processor, the completely self-contained ant-sized devices are very cheap to manufacture, don't require batteries to run and could give the "Internet of Things" (IoT) a serious kick start.

    CosmosBrowserAndroid



    Top 10 Emerging Technologies That Are Changing The World


    Craig Gentry is a computer scientist fueling a revolution in cryptography and theoretical computer science through his elegant solutions to some of the discipline’s most challenging open problems.


    Copyright Holders Want Netflix to Ban VPN Users


  • Advertisement
Advertisement