lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 09 Oct 2007 23:20:00 +0200
From: Fabio Pietrosanti <lists@...osecurity.ch>
To: full-disclosure@...ts.grok.org.uk
Subject: Who still trust filevault? Finally TrueCrypt for
	Mac OS X!

Dear guys,

****************************************************************
We are looking for funding for the porting, in full opensource, of
Truecrypt encrypted volume software to Mac OS X operating system.
                      http://www.osxcrypt.org
                        Now read the story.
****************************************************************

all of you own a fucking good macbook machine to do all your hacking
stuff, when you started using Mac OS X you implicitly decided to lower
your privacy strenght in terms of your personal data protection.

Why?

Because you started trusting the very usable and easy to use filevault
user home directory. One password and that's all. It's encrypted.

Still, in whatever best practice you feel your privacy protection (and
paranoia) religion oriented, the user logon password to your computer
and the password required to unlock your private data is different.

Oh, yes yes, with filevault you can create yourself other DMG AES
encrypted image. But what? But are all fucking stuff somehow integrated
in your keychain tool.
So you start trusting your keychain tool.

And now?

If someone compromises your keychain tool you are fucked up!

Not only this! Remember that in fancy countries like england you are, by
law, now required to surrender your password or face up to five years of
jail [1] .

Must i remember you that the only effective tool that by now handle
hidden volumes is TrueCrypt [2] ?


So, truecrypt it's a fantastic opensource tool that work on windows and
linux platform and manage encrypted volumes with very advanced
functionalities.

One of those functionality is the "hidden volumes". Hidden volumes and
volumes hidden insider other encrypted volume.
Those hidden volumes can contain whatever your prefer (porn, mp3, divx,
fake hacklog, your family photo, etc).

When some bad guy comes to you, armed with his authority enforced by law
or by a gun on your head like a russian roulette game, and ask for your
password what do you do?

Do you provide him the super secret archive volumes password that
contains the proof of kennedy 's murdering and THAT fake warner bros
lunar landing film
OR
you would prefer to give them a password, save your ass, and give them
full access to all your very selected collection of japanese scat porn
hentai videos ?

Sincerly, i would prefer the second one, i mean, saving my ass, not the
japanase scat porn hentai videos (well but it depends on the cartoons...).

So, how all the fucking hackers that are now using this fancy unix
operating system named Mac OS X, can get a chance of getting in this
wonderful realm of ass-saviors?

To achieve this we need someone who develop the porting of Truecrypt to
Mac OS X.

We found the guy, a good guy that came from the ReactOS environment of
strong windows ninja coders, that would be able to provide his effort to
achieve our goal.

Getting truecrypt to work on Mac OS X .

We tried very hard to move that stoney Easter island faces of the
truecrypt project leaders, even alluding to some sort of bribery.

But no, nothing to do. They preferred to stand still to look the ocean!

So, now, we, the hackers community need to react (OS?) !

We are looking for funding for the porting, in full opensource, of
Truecrypt encrypted volume software to Mac OS X operating system.

We will fork the original project, we break the rule!

We need to collect 1.500 USD to have our voluntary very expert coder to
the job and make the porting (along with the Mac OS X Truecrypt
community website and project, mailing lists and stuff).

Please donate something in order to get the new truecrypt for Mac OS X
to your really protect your mac machine.

The funding website is at http://www.osxcrypt.org .
When funding will be completed we will move the website with all the
sources, updates on the porting, the wiki page.

[1] http://blogs.techrepublic.com.com/tech-news/?p=1281
and
http://arstechnica.com/news.ars/post/20071001-uk-can-now-demand-data-decryption-on-penalty-of-jail-time.html

[2] http://www.truecrypt.org


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ