Domain: sebsauvage.net
Stories and comments across the archive that link to sebsauvage.net.
Comments · 15
-
Re:There are some problems with it
Also where is the key stored? Expect the government to investigate and interrogate whoever has the keys.
According to the ZeroBin website, the key is not "stored;" it is part of the URL string (which never goes to the server). For example:
http://sebsauvage.net/paste/?e4af05540340d85a#zLtQuuHWSJgl3z12lIAJy3ZZeyTdC3dVarlGH8R+TZ4=
You give the link to your friends. The link contains both a paste ID as well as a key. You and your friends' browsers use the key to decrypt the data for the given paste ID.
Also, there's no inherent reason to distrust Javascript running on an "Anonymous"-run website any more than you'd distrust any other site's Javascript (or pastebin.com's, for example). In any case, the source is open (and if you have the technical ability to analyze it for holes/backdoors/weaknesses, you can). -
Re:There are some problems with it
It runs on ZeroBin, which uses client side javascript to generate a random 256bit AES key, then compress and encrypt the text before sending it to the server. Comments are also compressed and encrypted. The key is never seen by the server, so the server can't decrypt your data.
It uses the Stanford Javascript Crypto Library for its AES code, and its codebase is available on github.
The system is vulnerable to an MITM attack, also a server admin may be able to reveal the poster's identity, but not the post's content
Revealing the posters identity is worse than revealing the posters content! That is a huge security hole.
Also where is the key stored? Expect the government to investigate and interrogate whoever has the keys.
-
Woao.
Woao. My name on the front page of Slashdot. Now I can die.
:-D
If you don't trust AnonPaste, you can just install ZeroBin (the opensource software AnonPaste is based on) on your own website. -
Re:There are some problems with it
It runs on ZeroBin, which uses client side javascript to generate a random 256bit AES key, then compress and encrypt the text before sending it to the server. Comments are also compressed and encrypted. The key is never seen by the server, so the server can't decrypt your data.
It uses the Stanford Javascript Crypto Library for its AES code, and its codebase is available on github.
The system is vulnerable to an MITM attack, also a server admin may be able to reveal the poster's identity, but not the post's content
-
PaperBak anyone ?
PaperBak anyone ? http://ollydbg.de/Paperbak/
It gives you this kind of prints:
http://sebsauvage.net/i/ccm/paperback_a4.png
http://sebsauvage.net/i/ccm/paperback_detail.png
I save my private GPG key on paper this way. -
PaperBak anyone ?
PaperBak anyone ? http://ollydbg.de/Paperbak/
It gives you this kind of prints:
http://sebsauvage.net/i/ccm/paperback_a4.png
http://sebsauvage.net/i/ccm/paperback_detail.png
I save my private GPG key on paper this way. -
Re:DRM and Sliverlight down your throat
"Where did the "not authorized to talk about MSE" bit come from?"
In the french version of the license agreement: http://sebsauvage.net/rhaa/images/rha_20090929_antivirus_test.png -
Re:This is why I backup my Gmail with G-Archiver
How about 23 lines of Python ? (opensource, of course)
Not that hard to review for a backdoor :-)
My pleasure. -
Re:Since when is Old Tech == Bad Tech?
imagine if HTTP and FTP had been mandated at the application layer. Would we have ever had Bittorrent?
Yes. There's always a higher layer. You can encapsulate anything in HTTP, if you really have to. People do it all the time, for firewall evasion.
An example: http://sebsauvage.net/punching/ -
Re:exactly
-
Re:Time for SSL mod for BitTorrent.
SSL Tunnels are widely used for legitimate transactions, including online shopping and banking. SSL tunnels are SO widely used, that even though they are a feature of corporate firewalls that make it very easy to break through the firewall and essentially ignore all of its rules, and even though corporations are well aware of this risk, they still include HTTPS-proxying because it's so useful to the average person. Others aren't going to clamp down on HTTPS tunnels any time soon either.
-
Re:AARON
Just my two cents:
There's also:
- webCollage (http://www.jwz.org/webcollage/)
- debris (http://www.badmofo.org/debris/)
- webGobbler (http://www.sebsauvage.net/python/webgobbler/)
(webGobbler is my own creation - Comments are welcome...)
Still, I would not pretend this is art.
-
Re:Give this as a gift for the holidays
For French-speaking users, there is also this nice document.
-
Re:OpenBSD's Authpf or an equivalent
This is true... within reason. However, the original poster only wanted to implement a proxy. A good approach to a complex problem usually involves condering a hierachy of potential solutions. At the very least, we can make the effort to intrude intensive enough to discourage the casual and intermediate hacker. The reality is that anyone with sufficient dedication will eventually surpass the most severe battery of defenses. Its not aways the fault of the solution provider! Mitnick made a (criminal) career of proving the most complex security solution often falls to the dumpster dive/user disclosure/Social Engineering/OSI Layer 1.
A proxy is simply not enough. Its absurdly easy to tunnel what ever you want (with a bias towards TCP) through a proxy (or any unfiltered port). Heres a brief rundown. Beside a proxy, a firewall and a desktop/server lockdown, I'd suggest you add the Big Brother approach of trend analysis, metrics, pattern recognition and scare tactics i.e. an IDS, IPS! We can hope the effort to circumvent the measures will teach as well as hamper. The question is who you are teaching and hampering!
Network security was an engineering afterthought. Its ironic considering the military built the Internet. We live with the aftermath. Encapsulation and spoofing have practical uses beside the malicious! -
Re:Easy
If you understand french, here is a tutorial to install a free (like beer) PDF printer on Windows using GhostScript, RedMon and the Adobe Poscript drivers.