lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <A7043C74B6DA4842BD57E4449F43BB1B028FCD@shiro.oicinc.com>
From: schoe at oicinc.com (Sung J. Choe)
Subject: Cryptome Hacked!

> Third, the best method of ensuring the integrity of software right now
> is signed crypographic checksums from someone you trust.
What would you use to generate that checksum?  Can you trust the software
used to generate the checksum?  How can you trust that software?  Please
do not give some simple-minded answer like "cryptographic checksums" since
that does not answer my specific question.  As for your other comments,
refer
to my reply to the original post.


.--------------------------------------------------.
| Sung J. Choe <schoe[at]oicinc.com>, TICSA        |
| Systems Administrator, Facility Security Officer |
.--------------------------------------------------.----.
                    | Oceanic Imaging Consultants, Inc. |
                    | Phone #: (808) 539-3634 x3634     |
                    .-----------------------------------.

568D CAD6 53A0 92E6 4A2A  4E87 3BA0 5F90 37BB 8EE7

> -----Original Message-----
> From: batz [mailto:batsy@...our.net]
> Sent: Wednesday, February 26, 2003 2:30 PM
> To: Sung J. Choe
> Cc: 'full-disclosure@...ts.netsys.com'
> Subject: Re: [Full-Disclosure] Cryptome Hacked!
> 
> 
> On Wed, 26 Feb 2003, Sung J. Choe wrote:
> 
> :Cryptome.org, a site for privacy enthusiasts and leftists alike, was
> :apparently hacked today.  Their server is up but "all files 
> were deleted".
> :Besides the usual anti-American/anti-government vitriol that 
> is usually
> :found at Cryptome.org, they also distribute crypto software. 
>  This brings up
> :the following question: What is the best method for ensuring 
> the integrity
> :of software which require a high level of trust?  I am 
> almost sure that any
> :crypto software distributed by such extremists as John Young 
> (operator of
> :cryptome.org) has been tampered with in some way.  Does 
> anybody else share
> :this opinion? 
> 
> 
> First, I should state that the paradox of following up flamebait with 
> a message calling it flamebait is not lost on me. 
> 
> Second, It is not accurate or useful to call people who 
> contribute to cryptome anti-American, though anti-Stupid-American
> might not be far from the truth. 
> 
> Third, the best method of ensuring the integrity of software right now
> is signed crypographic checksums from someone you trust. While we're
> on the topic of stupid, how did you find out about this list without
> considering this? 
> 
> Fourth, I hope for your sake that you come to appreciate the irony of 
> making shrill and frothing accusations of extremism in public forums. 
> 
> That's a shame about cryptome, but who would have the motive? 
> The NSA? Aliens? Geographers? Maybe Hallmark has a sympathy 
> card we can send to people who get 0wned. 
> 
> Get well soon cryptome! 
> 
> 
> -- 
> batz
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030226/8a1072e3/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: schoe.vcf
Type: application/octet-stream
Size: 284 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030226/8a1072e3/schoe.obj

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ