Check tresorit tresorit.com, dead simple as dropbox, files are encrypted and key is not known by the operator nor NSA, supports groups and other interesting stuff related rights and sharing, backend is some cloud storage.
The question is: What if other already used similar method to send messages to us? How would you find that out? Anybody tried to find it out? Considering the possibility we are not alone...
Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics in Hungary, which discovered the threat, analyzed the malware and wrote a 60-page report, naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates. Symantec, based on the CrySyS report, continued the analysis of the threat, which it called "nearly identical to Stuxnet, but with a completely different purpose", and published a detailed technical paper on it with a cut-down version of the original lab report as an appendix. Symantec believes that Duqu was created by the same authors as Stuxnet, or that the authors had access to the source code of Stuxnet.
More likely Duqu==Stuxnet==Stars. Same guys, different vulns, different tools. Duqu is an instance made from a lego-kit.
CrySys Lab released a new open-source toolkit to detect duqu traces (possibly some file left after duqu uninstalled itself after 30-36 days) and running Duqu instances.
http://www.crysys.hu/duqudetector/ Our tool combines heurestic and signature based approach, e.g. it calculates entropy for.PNF files and reports those suspiciously random ones.
There should be some mistake or missing information in the article. E.g. cubic meter is not the same as cubic kilometer, and cubic meter does not mean cubic meter per capita...
I just scanned these articles, but just from the fact I don't see a single occasion to talk about crypto modes, such as ECB,CBC,OFB,CFB,CTR etc., I'm unhappy.
20+ years old knowledge, probably badly designed software, some special attack against very bad design, and then a panic-like hype against encryption.
So please, tell the newspaper writers to learn somewhat about security and only after that start to write hype-like articles.. Sad.
There are a number of projects to design a working and secure method to achieve the goal. Check the SeVeCom project, for example, they're working on the security of the vehicular communication.
Currently, There is no better way than store a backup on DVD and store the main data on a raid-1 disk set. Move the raid disk set to new disks every few years.
All the other technologies are more expensive, and even possibly more dangerous (loss of data due incompatibilies or for any other reason).
I'm just hoping that the firefox effect won't spread out on the electrical grid and break down the barriers of the jurassic park or whatever. So as long as only the record is not achieved, I'm still fine with the situation:)
If we only count basic O/S errors, eg. standard windows installation and linux kernel with a bash shell, we found
-0 patches and discovered vulnerabilities for Linux -5 for windows
No it won't get through, o.k., I get it:
If we count all the O/S errors and all the optional packages
-824234627876884595 (excluding minor ones) patches and 45348475623599439543534598245 serious errors for windows (including all the ported linux programs, e.g. cygwin based stuff also)
-591 errors for linux
no, no, that's a no go result.
Ok, wait,
Just mix the two together.
We found 0 O/S errors for windows and fount 591 errors in linux including optional garbage nobody takes care and neighter installs them.
In Hungary, one of the leading parties is suspected to crack the other party's server this spring. The 'stolen' password was 'pirosvirag' == 'redflower'. Actually the logo of the cracked party is a red flower, a red carnation. Anyhow they got the password, it is still a shame.
We have a mandatory id card in Hungary, and our biggest concern is that policemen are always have the right to ask You to show Your id. Why? Nobody knows. In Hungary, sometimes a policemen comes into the bar and checks the id card of everybody, without any reason. In contrast to the U.S., nobody checks age limit at the doors, but policemen can ask you every time to show your pass. Back in the 50's if somebody did not have the id card nearby (e.g. riding a bike), they arrested You for a night. Nowtimes other parties might identify You for the policemen and the driving licence is also o.k. for that. What an advance - You can say. But: If I go into my bank, they still ask for my id card at every transaction and they don't trust the driving licence. Therfore everybody takes all his neccessary cards in their pockets, because it is a daily, regular use for EACH of them:
-ID card -card officially stating your home address (this data is no more on the ID card) -Tax card -Driving licence (card) -Health card (for any health issue) -EU health card (If you leave the border...)
-Credit/Debit cards -Paper based traffic card -Card for the ownership/traffic eligibility of your car -Parking card (in the city)
-Dicount cards and entry cards for specific stores (e.g. Shell Smart card, Supershop discount card, etc.) -Parking card or remote for your office
-Cards stating the id number for your company at a store to get company receipt in a "fast" way - minutes with a card... You should get paper receipt for the name of the company every time...
And almast every place in my country is in 50 mile reach of some country border, if You leave the country and it's not in the Eu., You'll have to use passport, international driving licence,...
Yes I know You have a lots of cards too, but mainly for the same reason, as membership and discount cards, or bank cards, but such a mess of cards is simply frustrating. What do You do if somebody steals your cards? It takes monthes to get new ones. Besides You will be the owner of some fake companies etc.
My baby is only some weeks old. He already has -official paper about his birth -health card -eu health card -card stating his home address -passport -tax card
Good, eh? It took days to get those, with queues of 50.
How do You get all these cards? All at a different office, and they have introduced internet based check-in (date reservation) lately in the last year... For some cards you bring your photo. For some other they make it personally. For some cards, you have to go to the post office to pay for it, for some you don't have to.
So - the mandatory id card is just a piece of dust, nobody cares.
There's only one question every time. How much light/W does it produce (lm/W)? And what is the price for the 'OLED bulb'.
And... do not compare it to traditional light bulbs. Traditional light bulbs are dead.
Of course, LEDs have achieved a lot in producing more and more light, but currently it is some 10s or 100s fold differends between the price of the fluorescent light sources and a LED based one, and the fluorescent light source (mostly) produces more light than the LED.
Yes, I hope that OLEDs will be the ones who can reach the barrier, but until that this article is very-very optimistic:)
You are absolutely right. If I compress my disk into a simple.tar and transfer it dailty by rsync, it's more than 1/25th comression. Not too much change every day, most of it is static data.
Hungarian regulation is similar to the one in Canada. E-mail address is personal information if You can bind the information to a specific person (e.g. info@something might not be a personal information, but rocco.s@private is a personal information)
In Hungary, You are not allowed to deal with personal data (store, collect, sell, use, anything) except with the prior permission of the owner.
If somebody violates the law, you can push it to the Ombudsman ("Parliamentary Commissioner for Data Protection and Freedom of Information"), who has right to do much, like personally check the workflow of the violator, but generally he just sends a letter to the violator to stop storing my email address. He generally does not say to stop collecting ANY email address and to destroy all the database collected.
The other problem is with law enforcment. Beside the Ombudsman you can go to the court to enforce the law and stop the violator. You won't reach to much, the court will say: you are not allowed to that, please stop it, it won't set a fine or something. The only thing you can reach is that the violator will pay the bill (price) of the court, e.g $300. But if it happens once, tha violator can fear the people of setting thousands of cases at the court and thus getting thousand times the cost of $300... In Hungary a typical court case takes 2-3 years (!)...
The only problem with all that stuff, that it DOES NOT WORK.
There was not a single case of spamming / e-mail address harvesting at the hungarian courts, and the legislation was introduced for about 3 year!
Not a single lawyer got enought courage to do something (pro-bono) for such a important goal as privacy...
There are several places where you HAVE TO send your e-mail address and some government organizations put this information on the web. At least in Hungary: E.g. If You are a lawyer, you'll get into the index of lawyers and you have to send personal/business related information to the government, e.g. your e-mail address.
The government publishes Your e-mail address WITH THE GOAL that someone can CLEARLY IDENTIFY valid lawyers in the state.
You, and the spammers are not allowed to use this data except from the previously mentioned goal.
So how to avoid spams if you have to enter valid information into such mandatory database?
But until they rewrite the rules, are we allowed to take the lab equipment (with trypods, industrial laser sources, generators and the home-brew linux-cluster for calculations) to a casino with the white coat stuff and funny glasses?
check my old comment: http://slashdot.org/comments.pl?sid=1019 59&cid=869 1466
" Actually their said one beutyful girl was from Hungary with two serb guys. They said they used a mobile-shaped laser-scanning device, but they don't know if it is prohibited.
http://index.hu/tech/tudomany/ritz040323/ in hungarian.
Later they said, that this device cannot exist, as such a device would be least a pc large and needs a calibration of some hours and at least NASA technique to make it.
So at last, they said, that there are a number of people who actually can figure out what is the winning number from the spinning of the wheel by her own eye.
The article also mentions, that after all, they don't really need to now the EXACT target of the ball, if they can close out 2 numbers, they can earn an average of 3% per round.
So anyway, it's a weird weird story with SCI-FI elements..."
New articles, like http://index.hu/politika/bulvar/kaszcs041205 /
say, they had a laser-scanner build in a phone, the results were sent back to a bigger computer for calculations, finally the results arrive on the phone, play & profit.
Stable is for anyone who needs security support. Stable is for people who need an unchanging system.
What to do if I both want security support and less-than-three-years-old stuff in my box?
At least, an 'alert' list for 'testing' security related holes should be available, checking bugtraq twice a day and trying to analyze wether my system is affected is _not_ a long-term solution.
Any more details about this issue? Any backported patches to 2.4.27? Any idea if 2.4.28 is o.k. for sure or should we wait for 2.4.50?
Do You have any idea when can I stop upgrading the kernel every month ? This is the 5-9th kernel realease from November 2003 when the first-in-the-row (first of a burst...) kernel security holes began. I do not like to update kernels with all the patches neccessary to do that and all the fuzz with remote updating hosted stuff...
Slashdot Mirror
Check tresorit tresorit.com, dead simple as dropbox, files are encrypted and key is not known by the operator nor NSA, supports groups and other interesting stuff related rights and sharing, backend is some cloud storage.
The author on Ars is Dan Goodin, not Goodwin.
The question is: What if other already used similar method to send messages to us? How would you find that out? Anybody tried to find it out? Considering the possibility we are not alone...
http://en.wikipedia.org/wiki/Duqu
Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics in Hungary, which discovered the threat, analyzed the malware and wrote a 60-page report, naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.
Symantec, based on the CrySyS report, continued the analysis of the threat, which it called "nearly identical to Stuxnet, but with a completely different purpose", and published a detailed technical paper on it with a cut-down version of the original lab report as an appendix. Symantec believes that Duqu was created by the same authors as Stuxnet, or that the authors had access to the source code of Stuxnet.
More likely Duqu==Stuxnet==Stars. Same guys, different vulns, different tools. Duqu is an instance made from a lego-kit.
CrySys Lab released a new open-source toolkit to detect duqu traces (possibly some file left after duqu uninstalled itself after 30-36 days) and running Duqu instances. .PNF files and reports those suspiciously random ones.
http://www.crysys.hu/duqudetector/
Our tool combines heurestic and signature based approach, e.g. it calculates entropy for
There should be some mistake or missing information in the article. E.g. cubic meter is not the same as cubic kilometer, and cubic meter does not mean cubic meter per capita...
They also use hawks here, in Hungary, Eu.
The nice thing about hawks is that they don't strike.
I just scanned these articles, but just from the fact I don't see a single occasion to talk about crypto modes, such as ECB,CBC,OFB,CFB,CTR etc., I'm unhappy.
20+ years old knowledge, probably badly designed software, some special attack against very bad design, and then a panic-like hype against encryption.
So please, tell the newspaper writers to learn somewhat about security and only after that start to write hype-like articles..
Sad.
There are a number of projects to design a working and secure method to achieve the goal.
Check the SeVeCom project, for example, they're working on the security of the vehicular communication.
http://www.sevecom.org/
Currently, There is no better way than store a backup on DVD and store the main data on a raid-1 disk set. Move the raid disk set to new disks every few years.
All the other technologies are more expensive, and even possibly more dangerous (loss of data due incompatibilies or for any other reason).
I'm just hoping that the firefox effect won't spread out on the electrical grid and break down the barriers of the jurassic park or whatever.
So as long as only the record is not achieved, I'm still fine with the situation
And when Microsoft sues You...
Ruby in Jails ?
If we only count basic O/S errors, eg. standard windows installation and linux kernel with a bash shell, we found
-0 patches and discovered vulnerabilities for Linux
-5 for windows
No it won't get through, o.k., I get it:
If we count all the O/S errors and all the optional packages
-824234627876884595 (excluding minor ones) patches and 45348475623599439543534598245 serious errors for windows (including all the ported linux programs, e.g. cygwin based stuff also)
-591 errors for linux
no, no, that's a no go result.
Ok, wait,
Just mix the two together.
We found 0 O/S errors for windows
and fount 591 errors in linux including optional garbage nobody takes care and neighter installs them.
http://maps.google.com/maps?f=q&hl=en&q=budapest&i e=UTF8&z=18&ll=47.478812,19.058779&spn=0.002252,0. 007381&t=k&om=1&iwloc=addr
This is the educational reactor of the Budapest University of Technology and Economics, it is not pixelized.
In Hungary, one of the leading parties is suspected to crack the other party's server this spring.
The 'stolen' password was 'pirosvirag' == 'redflower'. Actually the logo of the cracked party is a red flower, a red carnation. Anyhow they got the password, it is still a shame.
We have a mandatory id card in Hungary, and our biggest concern is that policemen are always have the right to ask You to show Your id.
Why?
Nobody knows.
In Hungary, sometimes a policemen comes into the bar and checks the id card of everybody, without any reason.
In contrast to the U.S., nobody checks age limit at the doors, but policemen can ask you every time to show your pass.
Back in the 50's if somebody did not have the id card nearby (e.g. riding a bike), they arrested You for a night. Nowtimes other parties might
identify You for the policemen and the driving licence is also o.k. for that.
What an advance - You can say. But: If I go into my bank, they still ask for my id card at every transaction and they don't trust the driving licence. Therfore everybody takes all his neccessary cards in their pockets, because it is a daily, regular use for EACH of them:
-ID card
-card officially stating your home address (this data is no more on the ID card)
-Tax card
-Driving licence (card)
-Health card (for any health issue)
-EU health card (If you leave the border...)
-Credit/Debit cards
-Paper based traffic card
-Card for the ownership/traffic eligibility of your car
-Parking card (in the city)
-Dicount cards and entry cards for specific stores (e.g. Shell Smart card, Supershop discount card, etc.)
-Parking card or remote for your office
-Cards stating the id number for your company at a store to get company receipt in a "fast" way - minutes with a card... You should get paper receipt for the name of the company every time...
And almast every place in my country is in 50 mile reach of some country border, if You leave the country and it's not in the Eu., You'll have to use passport, international driving licence,...
Yes I know You have a lots of cards too, but mainly for the same reason, as membership and discount cards, or bank cards, but such a mess of cards is simply frustrating. What do You do if somebody steals your cards? It takes monthes to get new ones. Besides You will be the owner of some fake companies etc.
My baby is only some weeks old. He already has
-official paper about his birth
-health card
-eu health card
-card stating his home address
-passport
-tax card
Good, eh? It took days to get those, with queues of 50.
How do You get all these cards? All at a different office, and they have introduced internet based check-in (date reservation) lately in the last year... For some cards you bring your photo. For some other they make it personally. For some cards, you have to go to the post office to pay for it, for some you don't have to.
So - the mandatory id card is just a piece of dust, nobody cares.
There's only one question every time. How much light/W does it produce (lm/W)? And what is the price for the 'OLED bulb'.
:)
h tmlu/lightdintro2.htmlh tmlu/lightdintro.html0 4_LED_Paper.pdf
And... do not compare it to traditional light bulbs. Traditional light bulbs are dead.
Of course, LEDs have achieved a lot in producing more and more light, but currently it is some 10s or 100s fold differends between the price of the
fluorescent light sources and a LED based one, and the fluorescent light source (mostly) produces more light than the LED.
Yes, I hope that OLEDs will be the ones who can reach the barrier, but until that this article is very-very optimistic
check
(figure:)
http://europa.eu.int/comm/energy_transport/atlas/
articles:
http://europa.eu.int/comm/energy_transport/atlas/
http://www.lumileds.com/pdfs/TP40_IESNA_July%2020
You are absolutely right. If I compress my disk into a simple .tar and transfer it dailty by rsync, it's more than 1/25th comression. Not too much change every day, most of it is static data.
Hungarian regulation is similar to the one in Canada. E-mail address is personal information if You can bind the information to a specific person (e.g. info@something might not be a personal information, but rocco.s@private is a personal information)
In Hungary, You are not allowed to deal with personal data (store, collect, sell, use, anything) except with the prior permission of the owner.
If somebody violates the law, you can push it to the Ombudsman ("Parliamentary Commissioner for Data Protection and Freedom of Information"), who has right to do much, like personally check the workflow of the violator, but generally he just sends a letter to the violator to stop storing my email address. He generally does not say to stop collecting ANY email address and to destroy all the database collected.
The other problem is with law enforcment. Beside the Ombudsman you can go to the court to enforce the law and stop the violator. You won't reach to much, the court will say: you are not allowed to that, please stop it, it won't set a fine or something. The only thing you can reach is that the violator will pay the bill (price) of the court, e.g $300. But if it happens once, tha violator can fear the people of setting thousands of cases at the court and thus getting thousand times the cost of $300... In Hungary a typical court case takes 2-3 years (!)...
The only problem with all that stuff, that it DOES NOT WORK.
There was not a single case of spamming / e-mail address harvesting at the hungarian courts, and the legislation was introduced for about 3 year!
Not a single lawyer got enought courage to do something (pro-bono) for such a important goal as privacy...
So, good luck in other countries.
There are several places where you HAVE TO send your e-mail address and some government organizations put this information on the web. At least in Hungary: E.g. If You are a lawyer, you'll get into the index of lawyers and you have to send personal/business related information to the government, e.g. your e-mail address.
The government publishes Your e-mail address WITH THE GOAL that someone can CLEARLY IDENTIFY valid lawyers in the state.
You, and the spammers are not allowed to use this data except from the previously mentioned goal.
So how to avoid spams if you have to enter valid information into such mandatory database?
But until they rewrite the rules, are we allowed to take the lab equipment (with trypods, industrial laser sources, generators and the home-brew linux-cluster for calculations) to a casino with the
white coat stuff and funny glasses?
check my old comment:
http://slashdot.org/comments.pl?sid=101
"
Actually their said one beutyful girl was from Hungary with two serb guys. They said they used a mobile-shaped laser-scanning device, but they don't know if it is prohibited.
http://index.hu/tech/tudomany/ritz040323/
in hungarian.
Later they said, that this device cannot exist, as such a device would be least a pc large and needs a calibration of some hours and at least NASA technique to make it.
So at last, they said, that there are a number of people who actually can figure out what is the winning number from the spinning of the wheel by her own eye.
The article also mentions, that after all, they don't really need to now the EXACT target of the ball, if they can close out 2 numbers, they can earn an average of 3% per round.
So anyway, it's a weird weird story with SCI-FI elements..."
New articles, like
http://index.hu/politika/bulvar/kaszcs04120
say, they had a laser-scanner build in a phone, the results were sent back to a bigger computer for calculations, finally the results arrive on the phone, play & profit.
Stable is for anyone who needs security support.
Stable is for people who need an unchanging system.
What to do if I both want security support and less-than-three-years-old stuff in my box?
At least, an 'alert' list for 'testing' security related holes should be available, checking bugtraq twice a day and trying to analyze wether my system is affected is _not_ a long-term solution.
http://www.derkeiler.com/Mailing-Lists/VulnWatch/2 004-11/0007.html
Any more details about this issue? Any backported patches to 2.4.27? Any idea if 2.4.28 is o.k. for sure or should we wait for 2.4.50?
Do You have any idea when can I stop upgrading the kernel every month ? This is the 5-9th kernel realease from November 2003 when the first-in-the-row (first of a burst...) kernel security holes began. I do not like to update kernels with all the patches neccessary to do that and all the fuzz with remote updating hosted stuff...
At last,
I do not like to reboot every month
Yeah, and my dvr-108 is already installed in my computer for weeks. so what is the news about 4x DL writing?