With the recent removal of the 140-character limit in Direct Messages by Twitter, DM's have now become a much more useful platform for communicating between individuals and groups. Sadly, DM's are still sent in plaintext between users and Twitter has no plans currently on encrypting these messages, at least as of August 2015. Since these are stored in plaintext at rest, an adversary can see the content of the message you are sending, which the two parties might not wish to happen. Fortunately as a few applications with basic Twitter support which also have excellent support for OTR, all hope isn't lo
#include <stdio.h> | |
#include <string.h> | |
#include <stdlib.h> | |
#include <gmp.h> | |
char * polynomial="-74101463560860539810482394216134472786413399/404009590666424903383979388988167534591844018460526499864038804741201731572423877094984692537474105135297393596654648304117684895744000000000000000000000*x^99 + 1786563401621773217421750502452955853226339781/1943688752347061390850759947022111850270039951356484879070977067483444756705819339975871373032521468004867185688372878439054154137600000000000000000000*x^98 - 27321291157050372775340569532625689973429185264741/12024094960310264981666053243695462339042976739896622019763059664916718201560234437350734896948634081407660523709959770955883479040000000000000000000000*x^97 + 4936870031754926645682423836151042176171669450909/1336493173680525187613977630110369004256312194947800263402124063124652591386915768177479078216982141485276408003996973457735680000000000000000000000*x^96 - 24473118674386691114350902920738421254018653211816783/55093218603941649400531744530105211175454647 |
This is a collection of snippets, not a comprehensive guide. I suggest you start with Operational PGP.
Here is an incomplete list of things that are different from other approaches:
- I don't use keyservers. Ever.
- Yes, I use Gmail instead of some bespoke hipster freedom service
Short version: I strongly do not recommend using any of these providers. You are, of course, free to use whatever you like. My TL;DR advice: Roll your own and use Algo or Streisand. For messaging & voice, use Signal. For increased anonymity, use Tor for desktop (though recognize that doing so may actually put you at greater risk), and Onion Browser for mobile.
This mini-rant came on the heels of an interesting twitter discussion: https://twitter.com/kennwhite/status/591074055018582016
Superfish uses an SDK from Komodia to do SSL MITM. That's probably known by now. | |
Superfish isn't the only product to use that sdk. there's others too. | |
Each product that uses the Komodia SDK to MITM, has its OWN CA cert and private | |
key pair. Seems a lot of people think they all use the superfish cert. That is | |
NOT the case. | |
First thing I checked was komodia's own parental control software, | |
Keep My Family Secure. (mentioned on komodia's own website). |
#!/usr/bin/env python3 | |
import sys | |
import getopt | |
from PIL import Image | |
xterm256colors = [ # http://pln.jonas.me/xterm-colors | |
(0, (0x00, 0x00, 0x00)), # SYSTEM | |
(1, (0x80, 0x00, 0x00)), # SYSTEM | |
(2, (0x00, 0x80, 0x00)), # SYSTEM | |
(3, (0x80, 0x80, 0x00)), # SYSTEM |
$foo = array(-1, NULL, 0, NULL, 0, NULL, -1); | |
echo "unsorted\n"; | |
print_r($foo); | |
sort($foo); | |
echo "sorted once\n"; | |
print_r($foo); |
# Inspired by the following sentence that I ran across this morning: | |
# | |
# "f_lineno is the current line number of the frame - writing to | |
# this from within a trace function jumps to the given line | |
# (only for the bottom-most frame). A debugger can implement a | |
# Jump command (aka Set Next Statement) by writing to f_lineno." | |
# | |
# https://docs.python.org/2/reference/datamodel.html | |
# | |
# There is an older implementation of a similar idea: |
This is a guide on how to email securely.
There are many guides on how to install and use PGP to encrypt email. This is not one of them. This is a guide on secure communication using email with PGP encryption. If you are not familiar with PGP, please read another guide first. If you are comfortable using PGP to encrypt and decrypt emails, this guide will raise your security to the next level.
I wasn't first to get the key. Nor was I second, third, or even fourth. I'm probably not even the | |
10th to get it (ok, looks like I was the 8th.) But I'm happy that I was able to prove to myself | |
that I too could do it. | |
First, I have to admit I was a skeptic. Like the handful of other dissenters, I had initially | |
believed that it would be highly improbable under normal conditions to obtain the private key | |
through exploiting Heartbleed. So this was my motivation for participating in Cloudflare's | |
challenge. I had extracted a lot of other things with Heartbleed, but I hadn't actually set out to | |
extract private keys. So I wanted to see first-hand if it was possible or not. |