-
Why is Wire/Signal rated above riot.im?
It even lists some of their major flaws:
**Signal**:
Warning: Requires a mobile number to register but you can securely use a disposable number.
**Wire**…
-
And before you laugh at me, here are some leading experts in infosec, cryptography, ... advising against it because of its laughable security:
@dguido [emphasis mine]
> There’s a couple …
ghost updated
5 years ago
-
- Prove stake to join libp2p network
- Block unproven clients
This will be done in a bootstrap node.
Proving stake here can start with sending the staking address to the bootstrap node, signe…
-
Ratelimit uses md5 (a broken hash function). This allows an adversary to forge ip addresses or usernames and trigger a rate limit for another user or ip.
This way the targeted user or ip cannot acc…
-
https://citizenlab.org/2016/03/shifting-tactics/
Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans
March 10, 2016
Tagged: Malware, Phishing, Targeted Threats, Tib…
-
the core offers easy methods to verify groups and contacts out-of-band (aka two-factor-auth) via QR codes.
the general flow is:
- one device, the "inviter", shows a QR code with the string cont…
-
If UUIDs are used at scale, or worse, in security-sensitive environments, it becomes important to have a cryptographically strong PRNG, which `Random.State` isn't.
Shouldn't the `uuidm` library use…
-
We've talked about this a lot for a while, but I think this should be discussed in earnest here.
The intention of the server ID was to ensure that the specific server machine a client connects to i…
-
>>> from attackcti import attack_client
>>> lift = attack_client()
>>> all_enterprise = lift.get_all_enterprise()
Traceback (most recent call last):
File "", line 1, in
File "*********\attac…
-
We've been asked by Google to change the name of the organisation, all repositories and also all packages on npm. This is by no means a small feat, but we will do our best to comply.
_Before_ we do…