8
web_digger в телеграме. Постинг разрешён всем, ограничений по тематике нет.
https://tjournal.ru/67124-v-norvegii-vypustili-marki-s-fallosom-na-liteynom-mostu
Читать полностью…
Прошла половина избирательного дня. На данный момент на моем участке явка 22%. Обычными 99% и не пахнет
Читать полностью…
ceForge:
1. We have had no contact with the TrueCrypt project team (and thus no complaints).
2. We see no indicator of account compromise; current usage is consistent with past usage.
3. Our recent SourceForge forced password change was triggered by infrastructure improvements not a compromise. FMI see http://sourceforge.net/blog/forced-password-change/
Thank you,
The SourceForge Team communityteam@sourceforge.net
TrueCrypt developers are unknown and currently there is no way to know who is who and who should we listen to.
From wikileaks twitter https://twitter.com/wikileaks/status/471769936038461440:
(1/4) Truecrypt has released an update saying that it is insecure and development has been terminated http://truecrypt.sf.net
(2/4) the style of the announcement is very odd; however we believe it is likely to be legitimate and not a simple defacement
(3/4) the new executable contains the same message and is cryptographically signed. We believe that there is either a power conflict..
(4/4) in the dev team or psychological issues, coersion of some form, or a hacker with access to site and keys.
From Matthew Green (one of TrueCrypt auditor) twitter https://twitter.com/matthew_d_green/status/471752508147519488:
@SteveBellovin @mattblaze @0xdaeda1a I think this is legit.
TrueCrypt Setup 7.1a.exe:
sha1: 7689d038c76bd1df695d295c026961e50e4a62ea
md5: 7a23ac83a0856c352025a6f7c9cc1526
TrueCrypt 7.1a Mac OS X.dmg:
sha1: 16e6d7675d63fba9bb75a9983397e3fb610459a1
md5: 89affdc42966ae5739f673ba5fb4b7c5
truecrypt-7.1a-linux-x86.tar.gz:
sha1: 0e77b220dbbc6f14101f3f913966f2c818b0f588
md5: 09355fb2e43cf51697a15421816899be
truecrypt-7.1a-linux-x64.tar.gz:
sha1: 086cf24fad36c2c99a6ac32774833c74091acc4d
md5: bb355096348383987447151eecd6dc0e
Diff between latest version and the hoax one: https://github.com/warewolf/truecrypt/compare/master...7.2
Screenshot: http://habrastorage.org/getpro/habr/post_images/da1/1bf/6a5/da11bf6a5225fa718987ba4e54038fc1.png
Other interesting thoughts and information: http://www.reddit.com/r/crypto/comments/26px1i/truecrypt_shutting_down_development_of_truecrypt/chu5bhr
http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/comment-page-1/#comment-255908
http://bradkovach.com/2014/05/the-death-of-truecrypt-a-symptom-of-a-greater-problem/
http://boingboing.net/2014/05/29/mysterious-announcement-from-t.html
http://steve.grc.com/2014/05/29/an-imagined-letter-from-the-truecrypt-developers/
Topics and articles: https://news.ycombinator.com/item?id=7812133
http://www.reddit.com/r/netsec/comments/26pz9b/truecrypt_development_has_ended_052814/
http://www.reddit.com/r/sysadmin/comments/26pxol/truecrypt_is_dead/
http://www.reddit.com/r/crypto/comments/26px1i/truecrypt_shutting_down_development_of_truecrypt/
http://arstechnica.com/security/2014/05/truecrypt-is-not-secure-official-sourceforge-page-abruptly-warns/
http://krebsonsecurity.com/2014/05/true-goodbye-using-truecrypt-is-not-secure/
http://www.pcworld.com/article/2241300/truecrypt-now-encouraging-users-to-use-microsofts-bitlocker.html#tk.twt_pcworld
http://www.coindesk.com/popular-encryption-tool-truecrypt-mysteriously-shuts/
http://business.kaspersky.com/truecrypt-unexplained-disappearance/
http://www.forbes.com/sites/jameslyne/2014/05/29/open-source-crypto-truecrypt-disappears-with-suspicious-cloud-of-mystery/ — that is a good one
http://news.softodrom.ru/ap/b19702.shtml
http://pastebin.com/7LNQUsrA — some more info about developers
Twitter stream: https://twitter.com/search?q=truecrypt&src=typd
You may join IRC #truecrypt@irc.freenode.net, although there is no OPs right now.
https://www.youtube.com/playlist?list=PLEXIiC3q94eO992TlwBD98Zast0gret1r
Читать полностью…
короче ITS TIME TO YANVARSKOYE KROVAVOYE VOSKRESENYE
Читать полностью…
бля, я думал сегодня. Смотрю медузу и не понимаю почему новостей про митинги нет, лол
Читать полностью…
https://www.youtube.com/channel/UCXFxgPppcehs2LoiKhkakQg
Читать полностью…
https://www.youtube.com/watch?v=UbQgXeY_zi4&index=3&list=RDYgGzAKP_HuM
Читать полностью…
Journalist: President Putin is this your daughter? shows photograph
Putin: Is this yours? shows photograph
Journalist: I mean, of course that's not your daughter.
Journalist: Oh my... on second thought I just remembered that you don’t have a daughter.
Putin: Really? That’s funny, I just thought the same thing about you.
https://www.cryptonator.com/hc/en-us/categories/200829259
Читать полностью…
Сижу в инете через ВПН.
Контекстная реклама предлагает купить новый автомобиль, познакомиться с незамужними дамами, взять карту АмерикенЭкспресс и отдохнуть в Майами.
Отключил.
Выборы-хуиборы, новости о карателях, кодирование от алкоголизма и святые мощи в шаговой доступности.
Сижу в инете через ВПН...
http://usatodayhss.com/2018/mack-beggs-transgender-wrestler-booed
Читать полностью…
Developers have responded:
https://www.grc.com/misc/truecrypt/truecrypt.htm | https://twitter.com/stevebarnhart/status/472192457145597952
Steven Barnhart (@stevebarnhart) wrote to an eMail address he had used before and received several replies from “David.” The following snippets were taken from a twitter conversation which then took place between Steven Barnhart (@stevebarnhart) and Matthew Green (@matthew_d_green):
TrueCrypt Developer “David”: “We were happy with the audit, it didn't spark anything. We worked hard on this for 10 years, nothing lasts forever.”
Steven Barnhart: (Paraphrasing) Developer “personally” feels that fork is harmful: “The source is still available as a reference though.”
Steven Barnhart: “I asked and it was clear from the reply that "he" believes forking's harmful because only they are really familiar w/code.”
Steven Barnhart: “Also said no government contact except one time inquiring about a ‘support contract.’ ”
TrueCrypt Developer “David”: Said “Bitlocker is ‘good enough’ and Windows was original ‘goal of the project.’ ”
Quoting TrueCrypt Developer David: “There is no longer interest.”
────────
The binary on the website is capable only to decode encrypted data, not encode, and may contain trojan (seems like it doesn't, but don't believe me). The binary is signed with the valid (usual) key. All old versions are wiped, the repository is wiped too.
────────
Assumption #1 The website is presumed hacked, the keys are presumed compromised. Please do not download or run it. And please don't switch to bitlocker.
Latest working version is 7.1a. Version 7.2 is a hoax
On the SourceForge, the keys were changed before any TrueCrypt files uploaded, but now they are deleted and the old keys got reverted back.
Why I think so: strange key change, why bitlocker?
────────
Assumption #2 Something bad happened to TrueCrypt developers (i.e. take down or death) or to TrueCrypt itself (i.e. found the worst vulnerability ever) which made them do such a thing. So this version is legit
Why I think so: all files are with valid signatures, all the releases are available (Windows; Linux x86, x86_64, console versions, Mac OS, sources), the binaries seems like was built on the usual developer PC (there are some paths like c:\truecrypt-7.2\driver\obj_driver_release\i386\truecrypt.pdb, which were the same for 7.1a). License text is changed too (see the diff below).
Why is it ridiculous for TrueCrypt developers to suggest moving to BitLocker? Well, TrueCrypt was strictly against of using TPM because it may contain extra key chains which allow agencies like NSA to extract your private key. Although I find TPM to be a great solution in some cases (like embedded systems where you can't return to OS from fullscreen application) and used it a lot as a developer, I can't imagine why would TrueCrypt developers suggest such a thing and not other open-source alternatives. It looks like a clear sign that the developer can't say he's in danger so he did this. As many suppose, this could be the sort of warrant canary
Assumption #2 is more likely true than assumption #1. Sad but true.
────────
Assumption #3 7.1a is backdoored and the developer wants all users to stop using it.
Why I think so: there is a website http://truecryptcheck.wordpress.com which contains all the hash sums for TrueCrypt 7.1a. Is has only 1 blog record from August 15, 2013, only for TrueCrypt and only for 7.1a. It's a bit strange to make a website with the hash sums for only one program and only one version of it.
And another one thing: http://truecrypt.org.ua/news
April 12, 2014: Site is set to read-only mode. All the user accounts are deleted. Thanks everybody for participating in the project!
More assumptions here: http://www.etcwiki.org/wiki/What_happened_to_Truecrypt_-_May_2014
────────
SourceForge sent emails on 22 May, they said they changed password algorithms and everybody should change their passwords.
SourceForge claims everything is as usual (from https://news.ycombinator.com/item?id=7813121):
Providing some details from Sour
Радует, когда люди читают книги, ещё больше радует, когда применяют в жизни прочитанное.
Полгода назад ко мне обратился знакомый предприниматель, он планировал расширять бизнес и ему был необходим более масштабный директор по продажам. Посоветовал ему троих. С одним срослось. Почти. Кандидат, когда дело дошло до предложения, отказался и в ответ выдвинул свои условия. Сначала одни, потом другие, следом третьи. Предприниматель был крайне заинтересован именно в этом человеке и пытался включить в новые версии предложения все пожелания соискателя. Я поинтересовался у кандидата, что за ерунда? Оказалось он прочитал книги Дональда Трампа, и избрал его стратегию быть неудобным переговорщиком, чтобы получить своё и по-максимуму. Перетягивание каната продолжалось полтора месяца. А потом владелец компании неожиданно прекратил переговоры и всякое общение с кандидатом, к великому неудовольствию русского Трампа. Мне было любопытно и я поинтересовался у предпринимателя, почему он столь резко прервал процесс. Оказалось, прочитал книгу Роберта Саттона "Не работайте с мудаками".
https://ru.wikipedia.org/wiki/%D0%A1%D0%B8%D0%BD%D0%B8%D0%B9_%D1%87%D1%83%D0%BB%D0%BE%D0%BA
Читать полностью…
сидит и говорит "братан, завтра митинг, 14, тверская, если в москве. А если ты из питера, то 14, какая-то площадь (нет не марсово поле)"
Читать полностью…
Специально для @skvirskiy. Помимо шатров для оргий на Burning Man есть тысячи способов себя занять. Ежедневно сотни диджеев, тысячи костюмов, сотни шуб поверх купальников
Читать полностью…
