Re: [gentoo-user] Internet security.

2013-09-09 Thread Mick
On Monday 09 Sep 2013 20:24:56 Michael Orlitzky wrote: > On 09/09/2013 02:07 PM, Mick wrote: > > On Monday 09 Sep 2013 14:42:28 Michael Orlitzky wrote: > >> On 09/09/2013 01:28 AM, Mick wrote: > >>> Are you saying that 2048 RSA keys are no good anymore? > >> > >> They're probably fine, but when yo

Re: [gentoo-user] Internet security.

2013-09-09 Thread Pavel Volkov
On Monday 09 September 2013 10:00:25 Michael Orlitzky wrote: > No. There's a GLEP for some of these issues: > > https://www.gentoo.org/proj/en/glep/glep-0057.html > > The relevant part is, > > ...any non-Gentoo controlled rsync mirror can modify executable code; > as much of this code is p

Re: [gentoo-user] Internet security.

2013-09-09 Thread Michael Orlitzky
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2013 02:07 PM, Mick wrote: > On Monday 09 Sep 2013 14:42:28 Michael Orlitzky wrote: >> On 09/09/2013 01:28 AM, Mick wrote: >>> Are you saying that 2048 RSA keys are no good anymore? >> >> They're probably fine, but when you're making them you

Re: [gentoo-user] Internet security.

2013-09-09 Thread Mick
On Monday 09 Sep 2013 14:42:28 Michael Orlitzky wrote: > On 09/09/2013 01:28 AM, Mick wrote: > > Are you saying that 2048 RSA keys are no good anymore? > > They're probably fine, but when you're making them yourself, the extra > bits are free. I would assume that the NSA can crack 1024-bit RSA[1],

Re: [gentoo-user] Internet security.

2013-09-09 Thread Michael Orlitzky
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2013 01:36 PM, Pavel Volkov wrote: > > I noticed there's another GLEP which eliminates the mirror problem: > http://www.gentoo.org/proj/en/glep/glep-0058.html > > It's marked as accepted. I hope they'll implement it in reasonable > time. >

Re: [gentoo-user] Internet security.

2013-09-09 Thread thegeezer
On 09/09/2013 05:04 PM, Hinnerk van Bruinehsen wrote: > On Mon, Sep 09, 2013 at 04:30:31PM +0100, thegeezer wrote: >> >> Interesting, I didn't realise LSM provisioned hooks for SELinux - >> thought it it was more modular (and less 'shoehorned') than that. >> I need to go read about that some more

Re: [gentoo-user] Internet security.

2013-09-09 Thread Dale
Dale wrote: > Someone found this and sent it to me. > > http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations-020838711--sector.html > > > SNIP > > Am I right on this, wrong or somewhere in the middle? > > Dale > > :-) :-) > I got this in my email today. https:

Re: [gentoo-user] Internet security.

2013-09-09 Thread thegeezer
>> i read in slashdot that there is a question mark over SELinux because it came >> from the NSA [4] but this is nonsense, as it is a means of securing processes >> not network connections. i find it difficult to believe that a backdoor in a >> locked cupboard in your house can somehow give access

Re: [gentoo-user] Internet security.

2013-09-09 Thread Hinnerk van Bruinehsen
On Mon, Sep 09, 2013 at 04:30:31PM +0100, thegeezer wrote: > >> i read in slashdot that there is a question mark over SELinux because it > >> came > >> from the NSA [4] but this is nonsense, as it is a means of securing > >> processes > >> not network connections. i find it difficult to believe

Re: [gentoo-user] Internet security.

2013-09-09 Thread Hinnerk van Bruinehsen
On Mon, Sep 09, 2013 at 10:36:09AM +0100, thegeezer wrote: > There's a lot FUD out there and equally there is some truth.  the NSA "we can > decrypt everything" statement was really very vague, and can easily be done if > you have a lot of taps (ala PRISM) and start doing mitm attacks to reduce the

Re: [gentoo-user] Internet security.

2013-09-09 Thread Michael Orlitzky
On 09/09/2013 03:19 AM, Pavel Volkov wrote: > On Mon, Sep 9, 2013 at 6:05 AM, Michael Orlitzky > wrote: > > The CA infrastructure was never secure. It exists to transfer money away > from website owners and into the bank accounts of the CAs and browser > m

Re: [gentoo-user] Internet security.

2013-09-09 Thread Michael Orlitzky
On 09/09/2013 02:50 AM, Adam Carter wrote: > [2] > > http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php > . > > > I like to state some of what you say here as "website certificates are > only as trusted as the LEAST trustworthy CA in the trusted certificat

Re: [gentoo-user] Internet security.

2013-09-09 Thread Michael Orlitzky
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2013 01:28 AM, Mick wrote: > > Are you saying that 2048 RSA keys are no good anymore? > They're probably fine, but when you're making them yourself, the extra bits are free. I would assume that the NSA can crack 1024-bit RSA[1], so why not

Re: [gentoo-user] Internet security.

2013-09-09 Thread thegeezer
> When a top-post is that long did you read it before noticing? > > Well, if you opened this email, "All ur base r belong to us!" :$ oops, was more focussed on my rant than the etiquette

Re: [gentoo-user] Internet security.

2013-09-09 Thread Bruce Hill
On Mon, Sep 09, 2013 at 10:36:09AM +0100, thegeezer wrote: > There's a lot FUD out there and equally there is some truth. the NSA > "we can decrypt everything" statement was really very vague, and can > easily be done if you have a lot of taps (ala PRISM) and start doing > mitm attacks to reduce t

Re: [gentoo-user] Internet security.

2013-09-09 Thread thegeezer
There's a lot FUD out there and equally there is some truth. the NSA "we can decrypt everything" statement was really very vague, and can easily be done if you have a lot of taps (ala PRISM) and start doing mitm attacks to reduce the level of security to something that is crackable. for 'compatibi

Re: [gentoo-user] Internet security.

2013-09-09 Thread Pavel Volkov
On Mon, Sep 9, 2013 at 6:05 AM, Michael Orlitzky wrote: > The CA infrastructure was never secure. It exists to transfer money away > from website owners and into the bank accounts of the CAs and browser > makers. Security may be one of their goals, but it's certainly not the > motivating one. > W

Re: [gentoo-user] Internet security.

2013-09-08 Thread Adam Carter
> > [2] > > http://michael.orlitzky.com/articles/why_im_against_ca-signed_certificates.php > . > I like to state some of what you say here as "website certificates are only as trusted as the LEAST trustworthy CA in the trusted certificate store"

Re: [gentoo-user] Internet security.

2013-09-08 Thread Mick
On Monday 09 Sep 2013 02:33:48 Dale wrote: > Someone found this and sent it to me. > > http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations > -020838711--sector.html > > > I'm not to concerned about the political aspect of this but do have to > wonder what this means when

Re: [gentoo-user] Internet security.

2013-09-08 Thread Mick
On Monday 09 Sep 2013 03:05:57 Michael Orlitzky wrote: > On 09/08/2013 09:33 PM, Dale wrote: > > Someone found this and sent it to me. > > > > http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelatio > > ns-020838711--sector.html > > > > > > I'm not to concerned about the politi

Re: [gentoo-user] Internet security.

2013-09-08 Thread Michael Orlitzky
On 09/08/2013 09:33 PM, Dale wrote: > Someone found this and sent it to me. > > http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations-020838711--sector.html > > > I'm not to concerned about the political aspect of this but do have to > wonder what this means when we use si

[gentoo-user] Internet security.

2013-09-08 Thread Dale
Someone found this and sent it to me. http://news.yahoo.com/internet-experts-want-security-revamp-nsa-revelations-020838711--sector.html I'm not to concerned about the political aspect of this but do have to wonder what this means when we use sites that are supposed to be secure and use HTTPS.