Deleted tweet detection is currently running at reduced
capacity due to changes to the Twitter API. Some tweets that have been
deleted by the tweet author may not be labeled as deleted in the PolitiTweet
interface.
Showing page 92 of 151.
Joanna Rutkowska @rootkovska
RT @micahflee: Something happened to the activist technology collective @riseupnet, but it hasn't been compromised https://t.co/dA6GutyWNQ — PolitiTweet.org
Joanna Rutkowska @rootkovska
@akochkov Intel already has an infrastructure to replace the coding with encryption for the flash content. Then what? — PolitiTweet.org
Joanna Rutkowska @rootkovska
More technical discussion: https://t.co/wtyteDCBPp I share the pessimism with Peter Stuge from this thread. — PolitiTweet.org
Joanna Rutkowska @rootkovska
TLDR: removes a bunch of optional ME modules from the flash, but ME still operates (ROM code + a few hundred KBs of… https://t.co/ByuDLvGy0w — PolitiTweet.org
Trammell Hudson ⚙ @qrs
Glad to see my work on disabling the Intel Management engine is being widely reported. Just say No to HW rootkits!… https://t.co/CNEmUHTln7
Joanna Rutkowska @rootkovska
Beware of *very* bright programmers. https://t.co/pYCaXJU0rg — PolitiTweet.org
JP Aumasson @veorq
reading Rust code, sometimes looks like authors' goal is to use as many Rust features as possible and make the code unreadable /cc @dchest
Joanna Rutkowska @rootkovska
This looks really cool. But I worry how it leaves unique RF fingerprints. Is there a way to do that safely? https://t.co/oGLhI91sb6 — PolitiTweet.org
Joanna Rutkowska @rootkovska
@dlmetcalf @micahflee I guess this would require registration of an uri scheme handler, and then we could use e.g.: https://t.co/dvl5TWPm5Z — PolitiTweet.org
Joanna Rutkowska @rootkovska
@dlmetcalf @micahflee Exactly. Say, I'd like to tell my Chrome to open all http:// links in another VM (or DispVM). — PolitiTweet.org
Joanna Rutkowska @rootkovska
Sometimes I like Tweeter a lot :) https://t.co/ddFCrRVtxE — PolitiTweet.org
Peter Todd @peterktodd
@rootkovska Another option is to use single-use-seals... Which I happen to be writing an article on right now. :) I'll add logging to it.
Joanna Rutkowska @rootkovska
@MarioVilas No worries, if I find something meaningful, I will likely post it ;) @azonenberg — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc But perhaps the timestamp resolution (~10 mins?) might be too coarse-grained for this? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc Before the incident, the attack had no keys to spoof the log events, and after (when she got the keys), unable to timestamp? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc Assuming the attacker captures the log-signing key only after causing some events to be logged, this should be fine, right? — PolitiTweet.org
Joanna Rutkowska @rootkovska
RT @petertoddbtc: @rootkovska Though you have to be careful, because timestamp proofs don't prove uniqueness - attacker can timestamp fake… — PolitiTweet.org
Joanna Rutkowska @rootkovska
@petertoddbtc Perhaps something that exposes itself as a syslog-like service, then time-stamps, signs (+encrypts?), and saves to a file? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@LauriLoveX And how does Tahoe-LAFS achieved it? In one tweet? ;) — PolitiTweet.org
Joanna Rutkowska @rootkovska
@LauriLoveX And how do I implement it on a dropbox-like untrusted service? (Or git-hosting untrusted service)? — PolitiTweet.org
Joanna Rutkowska @rootkovska
Hm, perhaps we can have both when using some kind of time-stamping service, e.g. the one @petertoddbtc recently ann… https://t.co/Ilq3s1gg7d — PolitiTweet.org
Joanna Rutkowska @rootkovska
@azonenberg I.e. we either must trust log-producing servers, or the log-keeping filesystem, right?
Joanna Rutkowska @rootkovska
@andydixon How does this compare to encfs? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@azonenberg Not just network -- might also be dropped by the server implementing the filesystem keeping the logs. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@azonenberg I.e. we either must trust log-producing servers, or the log-keeping filesystem, right? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@azonenberg Sure. Your threat model is also very tempting, but I'm afraid we can't have both? — PolitiTweet.org
Joanna Rutkowska @rootkovska
@azonenberg Yes, of course. But in my case I assumed the servers to be trusted, and the fs where the logs are (e.g. Dropbox) untrusted. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@azonenberg Of course it can. If you additionally use signed tags (git tag -s). — PolitiTweet.org
Joanna Rutkowska @rootkovska
@azonenberg Yes. If the last msg I see verifies ok, then I'm sure no previous message was lost. — PolitiTweet.org
Joanna Rutkowska @rootkovska
@hanno Yeah, but git is hard when I'd like to set it on e.g. encfs-on-Dropbox and then have multiple (concurrently) pushing "users". — PolitiTweet.org
Joanna Rutkowska @rootkovska
(Yes, I'm aware of journalctl FSS, but it requires a specialized server, and I want this usable with *any* fs) — PolitiTweet.org
Joanna Rutkowska @rootkovska
Is there any logging software with forward integrity protection that could be used over an arbitrary fs (e.g. Dropbox)? — PolitiTweet.org
Joanna Rutkowska @rootkovska
Reverse re-assembly of your dinner: https://t.co/GJUy6TtG9s — PolitiTweet.org
Joanna Rutkowska @rootkovska
(And, admittedly, I'm one of those who fell into this fallacy also, years ago). — PolitiTweet.org
