background preloader


Facebook Twitter

Issues - google-security-research - Google Security Research. Top Level Telecommunications. Why were CERT researchers attacking Tor? Yesterday the Tor Project issued an advisory describing a large-scale identification attack on Tor hidden services.

Why were CERT researchers attacking Tor?

The attack started on January 30 and ended when Tor ejected the attackers on July 4. It appears that this attack was the subject of a Black Hat talk that was canceled abruptly. These attacks raise serious questions about research ethics and institutional responsibilities. Let’s review the timeline as we know it (all dates in 2014): This story raises some serious questions of research ethics. The role of CERT in this story deserves special attention. So CERT has some explaining to do. [Post updated, 31 July 2014 at 6:45pm EDT, to correct two details in the timeline (number of servers and date of first hints from the researchers).

[1405.7418] Deanonymisation of clients in Bitcoin P2P network. Anonbib/cache/ccs07-doa.pdf. Thoughts and Concerns about Operation Onymous. Recently it was announced that a coalition of government agencies took control of many Tor hidden services.

Thoughts and Concerns about Operation Onymous

We were as surprised as most of you. Unfortunately, we have very little information about how this was accomplished, but we do have some thoughts which we want to share. Over the last few days, we received and read reports saying that several Tor relays were seized by government officials. We do not know why the systems were seized, nor do we know anything about the methods of investigation which were used. Specifically, there are reports that three systems of disappeared and there is another report by an independent relay operator. But, more to the point, the recent publications call the targeted hidden services seizures "Operation Onymous" and they say it was coordinated by Europol and other government entities. Anonbib/cache/trickle02.pdf. Appsec - How to securely hash passwords? We need to hash passwords as a second line of defence.

appsec - How to securely hash passwords?

A server which can authenticate users necessarily contains, somewhere in its entrails, some data which can be used to validate a password. A very simple system would just store the passwords themselves, and validation would be a simple comparison. Passwords - Is salting a hash really as secure as common knowledge implies?

Firstly, why are you implementing low-level crypto code for a web page?

passwords - Is salting a hash really as secure as common knowledge implies?

You'd think this is a solved problem: you use a framework which uses libraries. Secondly, the hash protect the passwords in case that the hashes leak out. Your site does not provide access to the password database, so this situation should ideally not even arise. The salts help to defend the password database as a whole in that event. If the attacker is focused on a single password out of that database, then it doesn't make much difference. View topic - Restore Partition Table from MyBook 3TB (encrypted TC) Hi dear community, i would please like to request help from an expert.

View topic - Restore Partition Table from MyBook 3TB (encrypted TC)

I hope you can understand my english(im no native speaker). I used TestDisk and it is a very nice tool, but it cant find any old partition table from my HDD even with deep search. I have an external WD MyBook 3 TB HDD(WDBACW0030HBK-04). As far as I investigated it WD uses advanced formating (MBR instead of GPT and 4k sector size as factory setting).I used the NTFS Partition from created with the factory setting and ecrypted the whole partition with True Crypt NTFS. OpenSSL: PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE.

Search results for '0xf347e0eb47ac70d6' Validating a Certificate Path with OpenSSL. Validating a Certificate Path with OpenSSL With 4 certificates created in the previous section, we are ready to test the "openssl verify" command: 1.

Validating a Certificate Path with OpenSSL

Verify the shortest certification path, one certificate only: Ssl - How to convert .crt to .pem. Which VPN Services Take Your Anonymity Seriously? 2014 Edition. To prevent their IP-addresses from being visible to the rest of the Internet, millions of people have signed up to a VPN service.

Which VPN Services Take Your Anonymity Seriously? 2014 Edition

Using a VPN allows users to use the Internet anonymously and prevent snooping. Unfortunately, not all VPN services are as anonymous as they claim. Following a high-profile case of an individual using an ‘anonymous’ VPN service that turned out to be not so private, TorrentFreak decided to ask a selection of VPN services some tough questions. By popular demand we now present the third iteration of our VPN services “logging” review. In addition to questions about logging policies we also asked VPN providers about their stance towards file-sharing traffic, and what they believe the most secure VPN is. DeepSec 2010: All your baseband are belong to us by Ralf Philipp Weinmann. A "Grey Hat" Guide.

A computer security researcher who has inadvertently violated the law during the course of her investigation faces a dilemma when thinking about whether to notify a company about a problem she discovered in one of the company’s products.

A "Grey Hat" Guide

By reporting the security flaw, the researcher reveals that she may have committed unlawful activity, which might invite a lawsuit or criminal investigation. On the other hand, withholding information means a potentially serious security flaw may go unremedied. There are no easy answers for the ethical hacker who has wandered off the straight and narrow into the legal thicket of computer offense laws. Among a set of undesirable choices, the ethical hacker may choose to reconstruct her research using software, devices and networks to which she has authorized access and report based on this whitewashed reenactment of the discovery.

Computer Fraud and Abuse ActAnti-Circumvention Provisions of the DMCACopyright lawOther state and international laws. NSA-proof your e-mail in 2 hours. You may be concerned that the NSA is reading your e-mail.

NSA-proof your e-mail in 2 hours

Is there really anything you can do about it though? After all, you don’t really want to move off of GMail / Google Apps. And no place you would host is any better. Except, you know, hosting it yourself.