General

general@lists.hackerspace.pl

1059 discussions

Fwd: Twister: P2P microblogging platform
by rysiek 13 Jan '14

13 Jan '14

---------- Treść przekazywanej wiadomości ---------- Temat: Twister: P2P microblogging platform Data: sobota, 11 stycznia 2014, 12:24:59 Od: Jesse Taylor Do: cypherpunks(a)cpunks.org I came across this the other day: /"This paper presents a proposal of a new P2P microblogging platform that is scalable, resilient to failures and attacks, does not depend on any central authority for user registration, provides easy-to-use encrypted private communication and authenticated public posts. The architecture tries to leverage from existing and proven P2P technologies such as Bittorrent and Bitcoin as much possible. Privacy is also one of the primary design concerns, no one should be able to see the user's IP or their followers unless he explicitly shares such information. The proposed platform is comprised of three mostly independent overlay networks. The first provides distributed user registration and authentication and is based on the Bitcoin protocol. The second one is a Distributed Hash Table (DHT) overlay network providing key/value storage for user resources and tracker location for the third network. The last network is a collection of possibly disjoint "swarms" of followers, based on the Bittorrent protocol, which can be used for efficient near-instant notification delivery to many users. [...] "/ -- "twister - a P2P microblogging platform <http://arxiv.org/pdf/1312.7152v1.pdf>", Miguel Freitas Personally, I'm impressed by the creative application of Bitcoin/Bitorrent/DHT protocols to the problem of private/anonymous communication ... and the software looks very clean and usable as well. I also like that it's based on P2P technology unlike solutions such as Diaspora, which still require trusting third parties with personal data ... Thoughts? --Jesse Taylor <http://www.interference.cc> ----------------------------------------- -- Pozdr rysiek

2 1

Facebook kasuje profil tęczowych fanów Legii
by rysiek 12 Jan '14

12 Jan '14

Jak w temacie: http://warszawa.gazeta.pl/warszawa/1,34862,15254213,Kibice_Legii_to_tez_gej… -- Pozdr rysiek

1 0

Cuckoo Sandbox
by viq 11 Jan '14

11 Jan '14

http://cuckoosandbox.org/about.html What is Cuckoo Sandbox? In three words, Cuckoo Sandbox is a malware analysis system. What does that mean? It simply means that you can throw any suspicious file at it and in a matter of seconds Cuckoo will provide you back some detailed results outlining what such file did when executed inside an isolated environment. -- viq

5 9

Powitajmy MPAA w W3C
by rysiek 11 Jan '14

11 Jan '14

Bez komentarza: https://twitter.com/w3c/status/420548145102061568 -- Pozdr rysiek

2 2

Fwd: Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve)
by rysiek 10 Jan '14

10 Jan '14

---------- Treść przekazywanej wiadomości ---------- Temat: Re: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) Data: piątek, 10 stycznia 2014, 13:21:34 Od: stef DW: cypherpunks(a)cpunks.org <cypherpunks(a)cpunks.org> On Fri, Jan 10, 2014 at 04:13:29AM -0800, gwen hastings wrote: > From the README... > > DESCRIPTION > > Pretty Curved Privacy (pcp1) is a commandline utility which can be used > to encrypt files. pcp1 uses eliptc curve cryptography for encryption > (CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide > accepted standard it hasn't been compromised by the NSA - which might be > better, depending on your point of view. sounds like my pbp: https://github.com/stef/pbp except with a 'c' and less features, from the readme: v0.2 - experimental PBP[0] is a simple python wrapper and a command line interface around libsodium, to provide basic functionality resembling PGP. It uses scrypt for a KDF and a much simpler packet format, which should be much harder to fingerprint, pbp also provides an experimental forward secrecy mode and a multi-party DH mode. Installation pip install pbp you possibly need to run (or an equivalent command) sudo apt-get install git python-virtualenv gcc python-dev libffi-dev to satisfy all basic dependencies. Design goals: 1. use modern crypto 2. provide similar functionality to PGP 3. be extensible 4. difficult to identify based on fingerprinting 5. provide extensive testing 6. strive for security Crypto Cryptographic primitives are based on the NaCl library from http://nacl.cr.yp.to. The KDF used is scrypt. PGP-like Provides basic public key encrypt/decrypt, sign/verify and secret key encrypt/decrypt modes, as well as the ability to sign, verify, list, generate, export and import keys. Extensibility using pbp and the underlying pysodium[1] library it's easy to extend pbp. Some examples are the experimental forward secrecy mode (see description in docs/chaining-dh.txt), the support for ECDH key exchanges from the command-line and generation of arbitrarily large random byte streams. [1] https://github.com/stef/pysodium also available on https://pypi.python.org/pypi/pysodium Fingerprinting pbp tries to avoid to store any sensitive plaintext info, the encrypted files all should look like random noise. for a description of the packet formats see docs/fileformats.txt. Testing All py files come with their internal tests, unit tests are in tests.py, and commandline functionality is tested in test.sh. Security pbp locks the process memory, so it cannot be swapped to disk. Also pbp uses SecureString[2] to overwrite sensitive key material after usage in memory, so keys have a short window of opportunity to leak. [2] https://github.com/dnet/pysecstr Usage Generate a key pbp -g -n alice sending howdy.txt using public key encryption from alice to bob pbp -c -S alice -r bob -i howdy.txt decrypt an encrypted file using public key crypto pbp -d -S bob -i howdy.txt.pbp sending howdy.txt using secret key encryption pbp -c -i howdy.txt decrypt an encrypted file using secret key crypto pbp -d -i howdy.txt.pbp sign howdy.txt pbp -s -S alice -i /howdy.txt verify howdy.txt pbp -v -i howdy.txt.sig sign bobs key pbp -m -S alice -n bob check sigs on carols key pbp -C -n carol alice encrypts howdy.txt to bob using experimental forward secret mode pbp -e -S alice -r bob -i howdy.txt -o ./secret-message bob decrypts howdy.txt from alice using experimental forward secret mode pbp -E -S bob -r alice -i ./secret-message initiate ECDH key exchange pbp -D1 respond to ECDH key exchange pbp -D2 -Dp 'public component from D1' finish ECDH key exchange pbp -D3 -Dp 'public component from D2' -De 'secret exponent from D1' random streaming 23GByte of cryptographic randomness pbp -R -Rs 23G -o /mnt/huge_fs/random_data participate in a 4-way DH exchange, 1st message pbp -Ds -Dp 4 -S alice -n 'friends001' -i oldkeychain -o newkeychain participate in a 4-way DH exchange, 2nd message pbp -De -S alice -n 'friends001' -i oldkeychain -o newkeychain this is one big pipe that creates a 3-way ECDH secret between alice, bob and carol: pbp -Ds -S alice -Dp 3 -n 'test-dh' -i /dev/null | pbp -Ds -S bob -Dp 3 -n 'test-dh' | pbp -Ds -S carol -Dp 3 -n 'test-dh' | pbp -De -S alice -Dp 3 -n 'test-dh' | pbp -De -S bob -Dp 3 -n 'test-dh' of course instead of a pipe you could use any kind of transport mechanism (c) 2013, stf <s(a)ctrlc.hu>, dnet vsza(a)vsza.hu, AGPLv3.0+ [0] also it's very funny to say pbp with a mouth full of dry cookies. don't try this in company! -- pgp: https://www.ctrlc.hu/~stef/stef.gpg pgp fp: FD52 DABD 5224 7F9C 63C6 3C12 FC97 D29F CA05 57EF otr fp: https://www.ctrlc.hu/~stef/otr.txt ----------------------------------------- -- Pozdr rysiek

1 0

Fwd: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve)
by rysiek 10 Jan '14

10 Jan '14

---------- Treść przekazywanej wiadomości ---------- Temat: Pretty Curved Privacy.. ECC Curve p25519 util(Bernstein approved curve) Data: piątek, 10 stycznia 2014, 04:13:29 Od: gwen hastings Do: cypherpunks(a)cpunks.org <cypherpunks(a)cpunks.org> >From the README... DESCRIPTION Pretty Curved Privacy (pcp1) is a commandline utility which can be used to encrypt files. pcp1 uses eliptc curve cryptography for encryption (CURVE25519 by Dan J. Bernstein). While CURVE25519 is no worldwide accepted standard it hasn't been compromised by the NSA - which might be better, depending on your point of view. Caution: since CURVE25519 is no accepted standard, pcp1 has to be considered as experimental software. In fact, I wrote it just to learn about the curve and see how it works. Beside some differences it works like GNUPG. So, if you already know how to use gpg, you'll feel almost home. QUICKSTART Lets say, Alicia and Bobby want to exchange encrypted messages. Here's what the've got to do. First, both have create a secret key: Alicia Bobby pcp1 -k pcp1 -k After entering their name, email address and a passphrase to protect the key, it will be stored in their vault file (by default ~/.pcpvault). Now, both of them have to export the public key, which has to be imported by the other one. With pcp you can export the public part of your primary key, but the better solution is to export a derived public key especially for the recipient: Alicia Bobby pcp1 -p -r Bobby -O alicia.pub pcp1 -p -r Alicia -O bobby.pub They've to exchange the public key somehow (which is not my problem at the moment, use ssh, encrypted mail, whatever). Once exchanged, they have to import it: Alicia Bobby pcp1 -P -I bobby.pub pcp1 -P -I alicia.pub They will see a response as this when done: key 0x29A323A2C295D391 added to .pcpvault. Now, Alicia finally writes the secret message, encrypts it and sends it to Bobby, who in turn decrypts it: Alicia Bobby echo "Love you, honey" > letter pcp1 -e -i 0x29A323A2C295D391 -I letter -O letter.z85 cat letter.z85 | mail bobby(a)foo.bar pcp1 -d -I letter.z85 | less And that's it. Please note the big difference to GPG though: both Alicia AND Bobby have to enter the passphrase for their secret key! That's the way CURVE25519 works: you encrypt a message using your secret key and the recipients public key and the recipient does the opposite, he uses his secret key and your public key to actually decrypt the message. Oh - and if you're wondering why I named them Alicia and Bobby: I was just sick of Alice and Bob. We're running NSA-free, so we're using other sample names as well. INSTALLATION There are currently no packages available, so pcp has to be compiled from source. Follow these steps: First, you will need libsodium: git clone git://github.com/jedisct1/libsodium.git cd libsodium ./autogen.sh ./configure && make check sudo make install sudo ldconfig cd .. Next, pcp: git clone git://github.com/tlinden/pcp.git cd pcp ./configure sudo make install cd .. Optionally, you might run the unit tests: make test DOCUMENTATION To learn how to use pcp, read the manpage: man pcp1 7. Licensed under the GNU GENERAL PUBLIC LICENSE version 3. HOME The homepage of Pretty Curved Privacy can be found on http://www.daemon.de/PrettyCurvedPrivacy. The source is on Github: https://github.com/TLINDEN/pcp -- Tentacle #99 ecc public key curve p25519(pcp 0.15) 1l0$WoM5C8z=yeZG7?$]f^Uu8.g>4rf#t^6mfW9(rr910 Governments are instituted among men, deriving their just powers from the consent of the governed, that whenever any form of government becomes destructive of these ends, it is the right of the people to alter or abolish it, and to institute new government, laying its foundation on such principles, and organizing its powers in such form, as to them shall seem most likely to effect their safety and happiness.’ https://github.com/TLINDEN/pcp.git to get pcp(curve25519 cli) ----------------------------------------- -- Pozdr rysiek

1 0

neuromorficzne procesory w tym roku
by spin 09 Jan '14

09 Jan '14

http://bgr.com/2013/12/30/qualcomm-brain-like-processor-2014/ gdzieś z gazety wyrwałem. Na początku będzie pewnie wkurwiające po maksie. Ciekawe czy taką niepewną zmienną ktoś zdecyduje się wprowadzić do superkomputerów albo serwerów, czy na razie będzie tylko research i małpofony.

2 1

Fwd: Re: [cryptography] To Protect and Infect Slides
by rysiek 08 Jan '14

08 Jan '14

Hej, Pod rozwagę, zwłaszcza dla adminów. ---------- Treść przekazywanej wiadomości ---------- Temat: Re: [cryptography] To Protect and Infect Slides Data: poniedziałek, 6 stycznia 2014, 22:48:48 Od: Cathal Garvey Do: cypherpunks(a)cpunks.org > How would you monitor, maintain & troubleshoot administration & security > issues on your servers if you do not have logs? Or are you talking about > retention of said logs? I read from this that excessive logging outside of a debugging scenario, coupled with either bad security or wilful sharing of log files, is the culprit. So you're running a server, you want logs. Fine; what do you need to know? Statistical information about access, but not necessarily *who* is accessing. Perhaps you need to see if one person is accessing more than their share, but unless they exceed a certain threshold you don't want to record who they are; hash the IPs with a salt. Sure, yes, I expect you can reverse IP hashes, but at least you're trying. Point being that logs are for debug and performance monitoring, but in this era of A) spying without consent and B) wilful assistance of spies by sysadmins globally, to be a good guy you have to wear blinders and collect only what you need. To resist the urge to hoard that comes with being raised in a marketing-heavy capitalism and with seeing storage volumes growing exponentially and remembering your days of scrimping on poorly encoded mp3s. Store what you need. Ditch the rest before it's even paged. On 06/01/14 16:42, Laurens Vets wrote: > On 2014-01-05 01:01, John Young wrote: >> If your server or ISP generates log files, as all do, you cannot >> be secure. If upstream servers generate log files, as all do, >> you cannot be secure. If local, regional, national and international >> servers generate log files, as all do, you cannot be secure. >> >> So long as log files are ubiquitous on the Internet, no one can >> be secure. >> >> Log files are the fundamental weakness of the Internet >> because system administrators claim the Internet cannot >> be managed and maintained without them. >> >> This is not true, it is merely an urban legend to conceal >> the interests of system administrators and their customers >> to exploit Internet user data. >> >> There is no fundamental need for log files, except to >> perpetuate the other urban legend, privacy policy, which >> conceals the abuse of log files by web site operators >> and their cooperation with "lawful" orders to reveal >> user data, most often by being paid to reveal that >> data to authorities, to sponsors, to funders, to >> advertisers, to scholars, to private investigators, >> to inside and outside lawyers, to serial cohorts, >> cartels and combines, to providers and purchasers >> of web sites, to educators of cyber employees, >> to courts, to cybersecurity firms, to journalists, to >> anybody who has the slightest justification to exploit >> Internet freedom of information by way of phony >> security, privacy and anonymizing schemes. >> >> In this way, the Internet corrupts its advocates by >> inducing the gathering and exploiting user data, . >> It is likely your organizaion is doing this ubiquitous >> shit by pretending to ask for advice on security. >> As if there is any. NSA is us. > > How would you monitor, maintain & troubleshoot administration & security > issues on your servers if you do not have logs? Or are you talking about > retention of said logs? > >> At 05:44 PM 1/4/2014, you wrote: > On 31/12/13 21:13, Jacob Appelbaum wrote: >>>>> I'm also happy to answer questions in discussion form about the >>>>> content of the talk and so on. I believe we've now released quite a >>>>> lot of useful information that is deeply in the public interest. >>>>> >>>>> All the best, Jacob > > Hi people: > > As most of the people around the world, I find really troubling all > these revelations. Of course we suspected this kind of shit, we just > didn't know the gory and surprising details. > > I work in a libre-software e-voting project [0] which has been > deployed in some interesting initiatives already [1] and we strive to > make it as secure as possible [2], though our resources are currently > limited. Of course, anyone is welcome to join and help us. > > Do you have any specific recommendation for securing the servers of > the authorities who do the tallying, in light of latest revelations? > it seems really difficult to get away from the NSA if they want to get > inside the servers. > > Kind regards, >>> _______________________________________________ >>> cryptography mailing list >>> cryptography(a)randombit.net >>> http://lists.randombit.net/mailman/listinfo/cryptography ----------------------------------------- -- Pozdr rysiek

4 9

CNC machines locked with gyro and gps mechanisms
by spin 07 Jan '14

07 Jan '14

http://www.practicalmachinist.com/vb/dmg-mori-gildemeister-maho-cnc/mori-el… niezłe jaja

2 1

Shodan search engine
by spin 07 Jan '14

07 Jan '14

http://www.shodanhq.com/ http://money.cnn.com/2013/04/08/technology/security/shodan/

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

General