Dropsafe

CVE-2021-31166 HTTP Protocol Stack Remote Code Execution Vulnerability I learned RCE at my Grandma’s knee; “Billy,” she said, whisking cake batter as the cat circled awaiting a few fallen drops of sweet goo, “there’s an article in Phrack 49…”

2021/06/04 10:02:04 BST

(more…)

twitter
If you want to see each and every new @torproject Onion site as-and-when it has a HTTPS certificate issued, you want to follow this web page:

2021/05/30 23:03:47 BST

For reasons of integrity and trust, all HTTPS Certificates which are issued by Certificate Authorities must be registered into a variety of centralised “transparency logs” – primarily in order to detect “cheating”. This means that we can see all V3 onions sites which are registered: Real World Onion Sites: Certificate Transparency Log This is both
(more…)

certificate transparency onion sooc
If you visit the @Wikipedia page on the #DiffieHellman #encryption algorithm, you will see this illustration of how the protocol works; I think we can do better, but I lack the skills and @Wikipedia “clout” to do it.

2021/05/30 21:00:12 BST

A pet bugbear of mine is that if you go to the Wikipedia page for the Diffie-Hellman key-exchange algorithm, you will see this image that ostensibly explains how it works: To be fair: it’s clean, elegant, symmetrical, and colourful, and I kinda like it, but the thing that frustrates me most is that it’s not
(more…)

diffie hellman encryption
Make your cleartext website #UNBLOCKABLE by adding a @torproject Onion address, using #EOTK and a HTTPS certificate from #HARICA

2021/05/30 14:29:54 BST

Note: this blog post, and the documentation that it links to, are in a state of rapid change; please add comments below, or raise issues at Github, in case of error or suggestions for improvement. Back in March, the Tor Project announced this: …but it’s taken until today for me to implement the same for
(more…)

dropsafe eotk onion tor
Stop talking about who you think should *not* have #privacy. Instead: talk about who you think really, *really* needs it, and *why* they need it.

2021/05/30 11:49:05 BST

A short Twitter Essay (twessay?) The thing which makes me cringe in this @rj_gallagher piece on @signalapp is the quote from @greggcorp, attached. I gut-feel like: dude, do you even “dual use”? How is it that the consequences of enabling free, disintermediated speech… /1 How is it that the consequences of enabling free, disintermediated speech
(more…)

concerns are not the same as needs privacy
Today in Nerdiness: this doesn’t mean what I reflexively interpreted it to mean.

2021/05/19 16:07:48 BST

Although my interpretation works for me.
(more…)

john lewis
OMG this is an emotional rollercoaster: “Our cybersecurity ‘industry best practices’ keep allowing breaches” – but @allengwinn has got at least one thing right about cybersecurity

2021/05/19 06:16:16 BST

So there is this posting at The Hill. And it’s terrible. But also insightful. And all of my cyberfriends are focusing on the former, and not looking at where the latter might be pointing. It’s got this: And it’s got this: And this is likely a recipe for disaster: But it’s also got this: I
(more…)

allen gwinn cyber
A vision of the future: #CyberSumptuary Laws — who will and will not be permitted to use encryption or to have online privacy? #CyberNobility, #CyberPeasantry, #KnightsTale & #HeathLedger (HT @heyfeifer)

2021/05/18 16:06:52 BST

A few days ago I was listening to Build For Tomorrow, a podcast by Jason Feifer which specialises in debunking the myth that the world is in a permanent state of decline, that society is getting worse, etc; it’s a wonderful podcast in a bunch of ways, but it especially appeals to those of us
(more…)

cybersumptuary encryption end to end encryption knight's tale
Now: #Canada proposes to regulate popular Twitter accounts

2021/05/13 13:06:09 BST

In ~2011 I gave a cybersecurity end-of-term lecture at Shrivenham Defence Academy, citing @stephenfry as a exemplar in this argument regarding censorship. Now: #Canada proposes to regulate popular Twitter accounts: https://www.ctvnews.ca/politics/minister-suggests-with-bill-c-10-regulations-could-apply-to-accounts-with-a-large-enough-following-1.5419170 #OnlineHarms #OnlineSafetyBill Incidentally, the next few slides / answer to the question, are: Canadian Minister @s_guilbeault : “Don’t worry, we don’t mean *you*.” Not
(more…)

canada censorship and interception regulation
Also, an Ocarina

2021/05/12 20:54:10 BST

(more…)
Designed a simple espresso dosing cup, printed in a slightly tweaked vase mode. Will update this post tomorrow with review, deets & code.

2021/05/12 20:45:43 BST

(more…)
“Messenger Interoperability” : a largely terrible, illiberal, misconceived idea which — on the other hand — if implemented in the least terrible way, would stop any lingering capability to monitor or filter end-to-end encrypted messengers

2021/05/04 15:20:47 BST

I was on a E2EE conference Zoom-call yesterday, run by the Stanford mob and discussing combatting political misinformation on end-to-end-secure messenger platforms. There were some (IMHO) constructive solutions proposed, such as: “tip-lines” community engagement with influencers reddit/slack-bot like “vaxbots” (“you appear to be repeating some misinformation re: Covid, here are some links to sites which
(more…)

adium competition end to end encryption interoperability pidgin