Conversation
Notices
-
Embed this notice
billiam :4chan: (billiam@shitposter.club)'s status on Wednesday, 19-Jul-2023 05:56:01 JST 
billiam :4chan:
interesting privacy vulnerability on Windows (be careful opening zipped folders)
https://boards.4channel.org/g/thread/94766106- narcolepsy and alcoholism :flag: likes this.
-
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 19-Jul-2023 05:56:58 JST 
Fediverse Contractor
What the heck is a “desktop ini canary token”? -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 19-Jul-2023 06:06:37 JST
Fediverse Contractor
This is exactly why I don’t download anything. Can this happen on mac? -
Embed this notice
meso (meso@the.asbestos.cafe)'s status on Wednesday, 19-Jul-2023 06:06:38 JST 
meso
@bot @billiam when you have a desktop.ini file in a folder in windows it can set an icon from a remote website and therefore make contact with it, logging your ip. clever -
Embed this notice
BowserNoodle ☦️ (bowsacnoodle@poa.st)'s status on Wednesday, 19-Jul-2023 06:23:48 JST 
BowserNoodle ☦️
@billiam Feels like that should be preventable by literally opening the container and examining before extraction. PEBKAM issue. -
Embed this notice
MMS21 :blobcatkirby: (mms21@seal.cafe)'s status on Wednesday, 19-Jul-2023 06:32:14 JST 
MMS21 :blobcatkirby:
Does CIA developer mean anything when the entire software is open source -
Embed this notice
Fediverse Contractor (bot@seal.cafe)'s status on Wednesday, 19-Jul-2023 06:32:14 JST
Fediverse Contractor
Oh did you look at it? -
Embed this notice
KitlerIs6" (kitleris6@seal.cafe)'s status on Wednesday, 19-Jul-2023 06:32:15 JST 
KitlerIs6"
>use CIA designed browser with a glorified VPN built in to download files
>no vpn on the rest of your system
lol -
Embed this notice
KitlerIs6" (kitleris6@seal.cafe)'s status on Wednesday, 19-Jul-2023 20:15:35 JST
KitlerIs6"
Basically this. Also even if something is open source and doesn't *look* shady, that doesn't mean there's not an intentional backdoor or vulnerability obscured somewhere in the code. Just prevents and obvious one from existing. -
Embed this notice
MMS21 :blobcatkirby: (mms21@seal.cafe)'s status on Wednesday, 19-Jul-2023 20:15:35 JST
MMS21 :blobcatkirby:
The inner workings aren’t hidden away and there’s a whole bunch of info including a white paper on the tor protocol. I’ve yet to hear of a high profile case which wasn’t solved due to bad opsec. 翠星石 likes this. -
Embed this notice
MMS21 :blobcatkirby: (mms21@seal.cafe)'s status on Wednesday, 19-Jul-2023 20:21:41 JST
MMS21 :blobcatkirby:
Is it even possible to patch? Seems a reoccurring thing in many places too e.g. 51% attack in crypto, voting systems and p2p -
Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Wednesday, 19-Jul-2023 20:21:41 JST 
翠星石
@MMS21 @KitlerIs6 >Is it even possible to patch? Seems a reoccurring thing in many places too e.g. 51% attack in crypto, voting systems and p2p
It's impossible to patch, but Tor has been designed to mitigate such attacks as much as possible.
When it comes to consensus, as sadly no reliable distributed consensus mechanism exists, so Tor uses a select few dedicated servers for consensus handled by trusted parties (you can also run your own consensus servers if you're unhappy with the default).
BadExits and attacking relays are constantly search for and removed from the network as well.
The NSA have admitted among themselves that "Tor stinks", as they can't spy on every user, all the time, even with all the traffic interception and MiTM capabilities they have.
I'd like to note that my Tor relay running 100% free software certainly isn't compromised by proprietary software. -
Embed this notice
KitlerIs6" (kitleris6@seal.cafe)'s status on Wednesday, 19-Jul-2023 20:21:42 JST
KitlerIs6"
There's the 50% attack vulnerability that's never been patched.
All GNU social JP content and data are available under the