Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/david_chisnall/statuses/112795731208184076">David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Tuesday, 16-Jul-2024 19:37:51 JST</a><a href="https://infosec.exchange/@david_chisnall" title="david_chisnall@infosec.exchange"><img src="https://gnusocial.jp/avatar/241214-48-20240302204654.webp" width="48" height="48" alt="David Chisnall (*Now with 50% more sarcasm!*)" style="position: absolute; left: 0; top: 0;">David Chisnall (*Now with 50% more sarcasm!*)</a><div><a href="https://infosec.exchange/@patrickcmiller/112795157896170739" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://infosec.exchange/@patrickcmiller">@patrickcmiller</a> </p><p>End-to-end encryption to protect all keystrokes and cursor movement in real time.</p><p>Is this satire?  What is the remote 'end' to which keystrokes and cursor movements are being sent that needs encryption?  And why are keystrokes and cursor movements being sent anywhere?</p><p>Do they just mean that they use TLS for their web apps (in which case, that's table stakes)?</p><p>For keystrokes and mouse movements encryption isn't sufficient, you need to add noise or traffic analysis can reconstruct them with high probability.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3381675#notice-6654838">In conversation</a><time datetime="2024-07-16T19:37:51+09:00" title="Tuesday, 16-Jul-2024 19:37:51 JST">about a year ago</time> <span>from <span><a href="https://infosec.exchange/@david_chisnall/112795731208184076" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@david_chisnall/112795731208184076">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: time.is</div><h5><a href="http://time.Is/">Time.is - 正確な時刻、どんな時間帯でも</a></h5><div></div></header><div>7百万地点、57言語、原子時計と同期。</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
David Chisnall (*Now with 50% more sarcasm!*) (david_chisnall@infosec.exchange)'s status on Tuesday, 16-Jul-2024 19:37:51 JSTDavid Chisnall (*Now with 50% more sarcasm!*)
in reply to
- Patrick C Miller :donor:
@patrickcmiller
End-to-end encryption to protect all keystrokes and cursor movement in real time.
Is this satire? What is the remote 'end' to which keystrokes and cursor movements are being sent that needs encryption? And why are keystrokes and cursor movements being sent anywhere?
Do they just mean that they use TLS for their web apps (in which case, that's table stakes)?
For keystrokes and mouse movements encryption isn't sufficient, you need to add noise or traffic analysis can reconstruct them with high probability.
In conversationabout a year ago from infosec.exchangepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: time.is
  Time.is - 正確な時刻、どんな時間帯でも
  7百万地点、57言語、原子時計と同期。

Public

Embed Notice

HTML Code

Corresponding Notice