"The first rule of PAKE is: nobody ever wants to talk about PAKE. The second rule of PAKE is that this is a shame, because PAKE — which stands for Password Authenticated Key Exchange — is actually one of the most useful technologies that (almost) never gets used. It should be deployed everywhere, and yet it isn’t."
Easily and securely send things from one computer to another
croc is a tool that allows any two computers to simply and securely transfer files and folders. AFAIK, croc is the only CLI file-transfer tool does all of the following:
allows any two computers to transfer data (using a relay)
provides end-to-end encryption (using PAKE)
enables easy cross-platform transfers (Windows, Linux, Mac)
allows multiple file transfers
Filesystem deduplication is a sidechannel
It's always a DNS problem. Wait, not quite...
Critical DNS Bug Opens Windows Server to Infrastructure Takeover
Microsoft gives the ‘wormable’ flaw a security rating of 10 – the most severe warning possible.
Qualcomm Bugs Open 40 Percent of Android Handsets to Attack
Researchers identified serious flaws in Qualcomm’s Snapdragon SoC and the Hexagon architecture that impacts nearly half of Android handsets.
The #Signal dev process in a nutshell
Sondes de détection : performances, évaluations et biais
Does anyone in Fediland have any experience using the new Mozilla VPN?
@nolan >Tech Enthusiasts: Everything in my house is wired to the Internet of Things! I control it all from my smartphone! My smart-house is bluetooth enabled and I can give it voice commands via alexa! I love the future!
>Programmers / Engineers: The most recent piece of technology I own is a printer from 2004 and I keep a loaded gun ready to shoot it if it ever makes an unexpected noise.
"Should I use KeePass 2, KeePassX, or KeePassXC?"
✔️ Use KeePass 2 – this is the original KeePass, primarily developed for Windows. However, it can be used on Linux, too.
✔️ Use KeePassXC – this password manager indirectly originates from KeePass 2. Most features are similar to KeePass 2.
❌ Don't use KeePassX – development ceased in 2016.
#Olvid, une messagerie chiffrée se voulant sécurisée, a publié il y a deux mois sa spec technique https://olvid.io/assets/documents/2020-05-09_Olvid-specifications.pdf
J'ai pas encore lu ; je découvre ce matin. Qqn a déjà fait le tour ?
Java1.5 in a bigass "nutshell". Just found this in an old box under my bed. I'm not getting younger. Damn.
A lengthy and very detailed blog post by Matthew Green on why #Signal PINs are problematic: https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/
#Linux will no longer refer to masters, slaves or blacklists.
In their place coders will use alternatives such as “primary” & “secondary”, or “leaders” & “followers”, or even “directors” & “performers”.
Blacklists are to become either “denylists” or “blocklists” and whitelists will become “allowlists” or “passlists”.
This is illuminating...and potentially frightening.
This is a fascinating read. Let this sink in: law enforcement compromised the network of a secure chat solution and pushed malware to all endpoints in order to read all the messages. All that on the premise that the majority of the users were criminals, even though some weren't.