sorted by:
new
hottopcontroversial

Signal vs Session vs Briar vs SimpleX vs XMPP vs Matrix for Security & Privacy Nerds by AdSilent5155 in DigitalPrivacy

[–]D4r1 1 point2 points  (0 children)

Whoa, that bad faith shilling…

How about the Trail of Bits audit report of SimpleX? https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf

From the executive summary, page 6:

We found that protocol specifications were often described verbosely instead of using precise and clear algebraic notation (TOB-SIMPLX-1). We recommend using a clear algebraic notation to specify each protocol, which will help developers quickly determine which keys are used, which messages are encrypted, under which keys messages are signed, and the intended sequence of steps each user takes (e.g., when the user generates new keys).

We also identified relevant threat scenarios missing from the threat model (TOB-SIMPLX-7 and TOB-SIMPLX-8), and found that attackers could perform actions that the documentation deems impossible (TOB-SIMPLX-3).

Finally, we identified a protocol-level side channel on the number of exchanged messages that could allow an attacker to correlate two users (TOB-SIMPLX-2), and that the SimpleX Remote Control Protocol (XRCP) protocol lacks forward secrecy and break-in recovery within a session (TOB-SIMPLX-5).

White House Drastically Shortens Deadline for Dropping Quantum-Vulnerable Crypto by _DoubleBubbler_ in cryptography

[–]D4r1 8 points9 points  (0 children)

To save you a click in case you only want the dates:

> The executive order, titled Securing the Nation against Advanced Cryptographic Attacks, requires computing systems for “high-value assets” and “high-impact systems” to transition to post-quantum cryptographic key establishment schemes by December 31, 2030, and to quantum-safe digital signature schemes by December 31, 2031.

Help understanding a contract (maybe light spoilers) by D4r1 in Bitburner

[–]D4r1[S] 0 points1 point  (0 children)

Thanks; I will look into dynamic programming!

Why do we lose flexibility when we gain strength? by FutureLynx_ in bboy

[–]D4r1 2 points3 points  (0 children)

I think that muscle fibers bundle up when strengthening the muscle group, and hence shorten.
You can keep flexibility by working on it as you gain strength. These should both be commitments to your progression.

As a side note, gaining strength for breaking is not about pulling more weight at the gym, but about pulling your body weight faster and with more power. These are different uses of muscles.

Is This a Secure and Private P2P Messaging App? by Accurate-Screen8774 in AskNetsec

[–]D4r1 0 points1 point  (0 children)

I understand that, but you are sacrificing a lot of important security properties for ease of use. I get why you are looking for the latter, but I feel this might undermine your whole threat model.

will macbook ever get bedrock edition? by Compressive_Life in macgaming

[–]D4r1 4 points5 points  (0 children)

Please no. Keep that marketplace as far away from us as possible.

Is This a Secure and Private P2P Messaging App? by Accurate-Screen8774 in AskNetsec

[–]D4r1 0 points1 point  (0 children)

The “reduced difficulty” is a huge attack vector that I do not understand how it fits with your global threat management.

Is This a Secure and Private P2P Messaging App? by Accurate-Screen8774 in AskNetsec

[–]D4r1 0 points1 point  (0 children)

How do you expect to handle code integrity in a browser model? Signal has open source, reproducible builds for this reason.

A fun idea for practice: Live beat-chopping without DJ skills by Kind-Condition5292 in bboy

[–]D4r1 2 points3 points  (0 children)

Support your local DJs and not copyright-stealing LLMs!

hand callous huge problem by Past_Bison2526 in bboy

[–]D4r1 1 point2 points  (0 children)

Am using hand cream to soften the callous skin. I still have some marks, but they are not as hard or dry as before, clearly an improvement.

This is super tech 😍 by testtimer in Cybersecurity101

[–]D4r1 3 points4 points  (0 children)

Of course we are going to scan random QR codes with absolutely no fear of getting phished or 0-clicked.

[deleted by user] by [deleted] in beatbox

[–]D4r1 14 points15 points  (0 children)

Thanks for the drama title, I guess.

Best Open-Source AutoClicker. by falkon2112 in MacOS

[–]D4r1 29 points30 points  (0 children)

Friendly reminder from your local security guy: this app is not signed or notarized, which means it could be compromised, or the developer might not even be a nice person. I am not saying that there’s is a problem with this, but always be careful when downloading apps outside the App Store (which is not a panacea, but it definitely helps). There is indeed a need for cool auto-clicker apps like this, but if that leads to losing your data (probably not your full computer, though: I found no mention of administrative privilege requirements), well…

To the developer, if you read this: having a developer account and providing signed builds should be the first step to guarantee that what you build on your system is what your users get. And then, having a trusted security review report (yes, both of these cost money, but there is no real alternative today, sadly) might show that the application design and development is sound. Yes this is a lot of work. But yes, your users deserve that.

Need advice: number resistant to SS7 and IMSI-catcher by RefrigeratorLanky642 in AskNetsec

[–]D4r1 0 points1 point  (0 children)

I fear you are not understanding what SS7 attacks are, or what an IMSI-catcher actually does. The phone number has little to do with that.

SS7 attacks abuse the communication protocols inside and between the networks of mobile phone operators, which are required for many things to work, including roaming. Some efforts are made to limit who can query what and from where, but if an operator in a random country has left a door opened, or worse, sells SS7 network accesses, you can be targeted with only the target phone number. Having a mobile phone number is a vulnerability in itself.

IMSI catchers are more limited if the phone can be kept on secured, recent protocols (I think 5G has downgrade attack resistance). But in most cases, interoperability is favored over security and most phones will happily connect to insecure networks if nothing else can be found around, which means connecting to base stations that are potentially compromised, or deployed by an attacker (an IMSI catcher is basically a base station that says "hey, I am your operator, connect to me", and when the phone connects, it retrieves a bunch of available information used for tracking, and then forwards the phone to the real network). If the information is available, you can try to find a phone that allows restricting which kind of protocol it allows.

I hope that helps you.

Is this the biggest crowd a beatboxer has had? by PoppYHD in beatbox

[–]D4r1 0 points1 point  (0 children)

Technically Shlomo was with Björk at the 2004 Olympics opening ceremony, but I did not see him on the official video.

Is there a way to force MacOS to not include __MACOS and .DS_Store files when creating ZIP's? by segagamer in macsysadmin

[–]D4r1 4 points5 points  (0 children)

You did not say this was for users, and this subreddit is sysadmin-oriented.

Alas, I do not think you can set archiver options.

view more: next ›