[pp.int.general] pp.international.general Digest, Vol 19, Issue 24
Core TX
coretx at gmail.com
Fri Sep 19 14:38:16 CEST 2008
MITM oon SSL, is oldschool, and something I always laugh about.
Especially when talking to "security professionals" trying to sell a
expensive security apliance wich is managable useing a ssl enabled website.
( Creating a huge weak link )
Well, talking about such classics, i like to share the following _OLD_
paper.
http://www.milw0rm.com/papers/223 ( The Pirate Bay
un-SSL<http://www.milw0rm.com/papers/223>)
And don't forget to check
http://en.wikipedia.org/wiki/Man-in-the-middle_attack for some basic
background information.
Loads of portable devices like for example a iphone use SSL over a USB
connection. We all know how THAT worked out.
In general, security systems get cracked because of wrong implementation,
not because of bad design.
2008/9/19 <pp.international.general-request at lists.pirateweb.net>
> Send pp.international.general mailing list submissions to
> pp.international.general at lists.pirateweb.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> http://lists.pirateweb.net/mailman/listinfo/pp.international.general
> or, via email, send a message with subject or body 'help' to
> pp.international.general-request at lists.pirateweb.net
>
> You can reach the person managing the list at
> pp.international.general-owner at lists.pirateweb.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of pp.international.general digest..."
>
>
> Today's Topics:
>
> 1. Re: pp.international.general Digest, Vol 19, Issue 19
> (Christian Hufgard)
> 2. Re: Press Release: Member of German Pirate Party raided
> (Kaj Sotala)
> 3. Re: Free Software or Open Source? (machado at sociologia.de)
> 4. Talk like a pirate day (Andrew Norton)
> 5. Re: pp.international.general Digest, Vol 19, Issue 19
> (Richard M. Stallman)
> 6. Re: Free Software or Open Source? (Wybo Wiersma)
> 7. Re: Free Software or Open Source? (Valentin Villenave)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 18 Sep 2008 17:04:34 +0200
> From: Christian Hufgard <christian.hufgard at piratenpartei-hessen.de>
> Subject: Re: [pp.int.general] pp.international.general Digest, Vol 19,
> Issue 19
> To: rms at gnu.org, Pirate Parties International -- General Talk
> <pp.international.general at lists.pirateweb.net>
> Message-ID: <48D26E02.4010902 at piratenpartei-hessen.de>
> Content-Type: text/plain; charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Richard,
>
> > These two points make an interesting contrast. Skype is also non-free
> > software (thus tailor-made for such abuse).
> >
> > Posting your skype account is as much as saying "Please use Skype" to
> > the rest of the list. Is that a good idea?
>
> Well... Skype is neat - unless you are the firewall adminstrator. But
> there are enough other ways to communicate with others via voice...
>
> > and Man-In-The-Middle-Attacks to break
> > > >>>>> SSL-Encryption),
> >
> > Can someone say where I could get more info in English about this
> > vulnerability in SSL? I thought SSL certificates were supposed to
> > prevent this.
>
> There was no SSL vulnerability used. At least the document says, the
> man-in-the-middle-attack is only possible with Firefox and Internet
> Explorer. The skype-capturing was available for Windows 2000 and Windows
> XP. So our guess is, that they just hacked the ssl libraries for Firefox
> and IE.
> This way, the grab the data before/after encoding and your browser does
> not even realize, that something is going wrong.
>
>
> Christian
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iD8DBQFI0m4CxGyXP1L6p88RApJDAJ94kte9of+6TAx5Pfq48m7gGhrgygCdHAfE
> nagxqkY6XPSbG1RHcmvQXEU=
> =zFQy
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 18 Sep 2008 18:24:36 +0300
> From: "Kaj Sotala" <kaj.sotala at piraattipuolue.fi>
> Subject: Re: [pp.int.general] Press Release: Member of German Pirate
> Party raided
> To: "Pirate Parties International -- General Talk"
> <pp.international.general at lists.pirateweb.net>
> Message-ID:
> <6a13bb8f0809180824i7d4bfcbbv80509ca20394a591 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Wed, Sep 17, 2008 at 5:09 PM, Andreas Popp <andreas.popp at gmx.de> wrote:
> > Hello folks,
> >
> > a translation of todys press release, you might be interessed
> >
> > http://wiki.piratenpartei.de/Press_release_2008-09-17
>
> Piraattipuolue in Finland has issued its own press release concerning the
> topic:
>
>
> http://blog.piraattipuolue.fi/2008/09/pp-tiedote-saksan-piraattipuolueen-tiedottaja-ratsattu-lahdesuoja-on-pian-vain-muisto/
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 18 Sep 2008 14:31:50 -0300
> From: "machado at sociologia.de" <machado at sociologia.de>
> Subject: Re: [pp.int.general] Free Software or Open Source?
> To: Pirate Parties International -- General Talk
> <pp.international.general at lists.pirateweb.net>
> Message-ID: <48D29086.4030906 at sociologia.de>
> Content-Type: text/plain; charset=us-ascii; format=flowed
>
> Hi folk,
>
> I think Stallman has appointed a very important question. In Brazil (and
> maybe in all South America) we use mainly the term "free software"
> because of the political implications of FREEDOM. I see "open source" as
> a term of the "business world". I suggest for all "pirates" to use
> always the term "free software" ir order to have a coherent and
> progressive political discourse. We cannot forget that the central point
> is not just the code, but the freedom!
>
> All the best,
>
> Jorge
> Brazil
>
>
>
> Richard M. Stallman escreveu:
> > The reason why I talked about Ubuntu and codecs in the first place is
> > because, while I see many columns celebrating the choice of the
> French
> > Parliament to make the switch to GNU/Linux, people often tend to
> > forget that this move was made immediately after the *very same*
> > parliament voted a bunch of laws that could have been directly
> written
> > by the RIAA and Microsoft (actually they were, but that's another
> > story).
> >
> > I think it is the practice of saying "open source" (rather than "free
> > software" or "logiciel libre") which allows this to happen.
> >
> > The term "open source" represents a choice to focus on everthing
> > _except_ the ethical issue of freedom to share and control the
> > software you use. No wonder that success in convincing someone
> > to convert to "open source" does not win their support for freedom.
> >
> > People justify this choice by arguing that it is easier to convince
> > people of the open source ideas. And it may be true that you can get
> > more people to take the "open source" step -- because they have not
> > gone very far.
> >
> > And if the free software movement is hidden behind "open source", they
> > will probably never see anything to suggest that they go any further.
> >
> >
> > ____________________________________________________
> > Pirate Parties International - General Talk
> > pp.international.general at lists.pirateweb.net
> > http://lists.pirateweb.net/mailman/listinfo/pp.international.general
> >
> >
>
>
>
> ------------------------------
>
> Message: 4
> Date: Thu, 18 Sep 2008 15:04:30 -0400
> From: Andrew Norton <andrew.norton at pirate-party.us>
> Subject: [pp.int.general] Talk like a pirate day
> To: Pirate Parties International -- General Talk
> <pp.international.general at lists.pirateweb.net>
> Message-ID: <48D2A63E.6050303 at pirate-party.us>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Tomorrow's Talk like a pirate day, anyone got any plans for activities
> etc. to mark it?
>
> http://www.talklikeapirate.com/ is the site
>
> it can be a good PR way to get some people interested.
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 18 Sep 2008 15:15:52 -0400
> From: "Richard M. Stallman" <rms at gnu.org>
> Subject: Re: [pp.int.general] pp.international.general Digest, Vol 19,
> Issue 19
> To: Christian Hufgard <christian.hufgard at piratenpartei-hessen.de>
> Cc: pp.international.general at lists.pirateweb.net
> Message-ID: <E1KgOym-0005q4-Lw at fencepost.gnu.org>
> Content-Type: text/plain; charset=ISO-8859-15
>
> Well... Skype is neat
>
> I would guess that you're judging this at a practical level only.
> On that level, I have no opinion.
> I was talking about the ethical level: it's not free software.
>
> Of course, Windows XP isn't free software either,
> but lots of people realize that Windows is bad.
> Many of them don't realize that the Skype software raises the same issue.
>
>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 18 Sep 2008 23:53:19 +0200
> From: Wybo Wiersma <wybo at logilogi.org>
> Subject: Re: [pp.int.general] Free Software or Open Source?
> To: Pirate Parties International -- General Talk
> <pp.international.general at lists.pirateweb.net>
> Message-ID: <20080918215319.GB4950 at logilogi.org>
> Content-Type: text/plain; charset=us-ascii
>
> I fully subscribe to this, ultimately Freedom is the most important
> issue here, not code that is open to many eyeballs. And not because of
> anti-business sentiments, but because the free market also thrives best
> for society as a whole with freedom.
>
> Wybo
>
> PS: And don't use Skype, there are alternatives like Ekiga Softphone :)
>
> > Hi folk,
> >
> > I think Stallman has appointed a very important question. In Brazil (and
> > maybe in all South America) we use mainly the term "free software"
> > because of the political implications of FREEDOM. I see "open source" as
> > a term of the "business world". I suggest for all "pirates" to use
> > always the term "free software" ir order to have a coherent and
> > progressive political discourse. We cannot forget that the central point
> > is not just the code, but the freedom!
> >
> > All the best,
> >
> > Jorge
> > Brazil
>
> ---
>
> ::Student:
> - Informatiekunde (computer linguistics, IR, webtech), History and
> Philosophy
> - Member of the Center for Metahistory Groningen (
> http://www.rug.nl/let/cmg)
>
> ::Free Software and Open Source Developer:
> - Active in the LogiLogi Foundation (http://foundation.logilogi.org)
> - http://www.LogiLogi.org, Cumulative, shared commenting, publication and
> idea sharing: Where insight comes together...
> - http://www.OgOg.org, RSS feed articles rating, a meritocracy...
> - ComLinToo, a computational linguistics toolset written in Perl
>
>
> ------------------------------
>
> Message: 7
> Date: Fri, 19 Sep 2008 08:25:03 +0200
> From: "Valentin Villenave" <v.villenave at gmail.com>
> Subject: Re: [pp.int.general] Free Software or Open Source?
> To: "Pirate Parties International -- General Talk"
> <pp.international.general at lists.pirateweb.net>
> Message-ID:
> <eefe316d0809182325p7b45c1a8j2d2c9d2afa8a92b3 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> 2008/9/18 Wybo Wiersma <wybo at logilogi.org>:
>
> Hi Wybo,
>
> > PS: And don't use Skype, there are alternatives like Ekiga Softphone :)
>
> And on the non-SIP side: Mumble, Jabbin, Wengo,... it's a long list! :-)
>
> Cheers,
> Valentin
>
>
> ------------------------------
>
> _______________________________________________
> pp.international.general mailing list
> pp.international.general at lists.pirateweb.net
> http://lists.pirateweb.net/mailman/listinfo/pp.international.general
>
>
> End of pp.international.general Digest, Vol 19, Issue 24
> ********************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.pirateweb.net/pipermail/pp.international.general/attachments/20080919/a0533eea/attachment-0001.htm
More information about the pp.international.general
mailing list