lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun Apr 23 15:04:01 2006
From: davek_throwaway at hotmail.com (Dave "No, not that one" Korn)
Subject: Re: Re: Who Do I Contact?

john kalergis wrote:

>>   So, let's see.... Washington... Virginia.... Ohio.... Illinois....
>> Missouri....
>>
>>   You're in Kansas, right?


> wow....everybody here is more than impressed
>

  Well, I don't suppose *everybody* has had a sense of humour bypass.  And 
there's a valid point I was making about how information can leak in 
unexpected ways; they guy doesn't want to give away anything that could 
reveal the .edu in question, but the combination of his geo location from 
his posting IP and the fact that he's revealed that his own ssn is on the 
list and hence it's his own school and hence can be assumed to be 
geographically local to him allow us to deduce something that we couldn't 
have known from his words alone and allow any potential attacker to 
massively reduce the search space.

  IOW I was illustrating the point that if you want to discuss something 
openly but really, really, *really* want to keep the lid on any information 
that could identify it, you need to post through a proxy.  And how's that - 
a legitimate use for posting through anonymous proxies!

  So there :-P~~~


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ