curiousity
Member Profile
Bio:
Just a man trying to juggle work, school, and personal studies. And overflowing with curiosity...

(The above three have taken an increasing amount of time making it impossible to be an active videosift member, but I'll be back once things slow down.)
Member Since: 2007-12-04
Last Power Points used: 2008-04-04 • Available: now
Max Power Points: 1
Comments
I always hit arstechnica.com, slashdot.org, techdirt.com, and wired.com for security news. I like wired and arstechnica, they have obscure topics covered. Digg has a bit here and there but, its more about social networking.

Security is a fun place for the grey hats.

In reply to this comment by curiousity:
ahh... I didn't realize you meant it as a joke.

No problem, its cool to talk about these things.

Have you looked at the way that ZRTP (VoIP protocol by Phil Zimmermann) handles Man in the Middle attacks? Seems like it would be effective.

Of course, most of this is new to me. I'm working my way into the field. Getting down basic knowledge and skills while trying to get familiar with the security community.

Thanks for your response!

In reply to this comment by NordlichReiter:
All software is victim of Obfuscation in network security, and in cryptography it is better to obfuscate the passphrase. AES Encryption works, thats been proven its a government standard. However no encryption is safe from Man in the Middle. No software that you distribute is safe from reverse engineering.

Security through obscurity is a joke, ( i meant it as a joke). Once the application has made it to the testing phase it can be broken. As for as the Encryption you have to have the pass phrase to decrypt it. A 20 character pass phrase may take a while to brute force. Even though you know how the program works you still have to know the pass phrase, considering the hash is in someone else's memory.

In reply to this comment by curiousity:
I don't know C# yet. It's in the plan though.

I'm not a big fan of "security through obsurity." I'm not saying that your system is insecure just that I'm not a fan of the obsurity method for security in matters like this.

Kerckhoff's Principle

Bruce Schneier, author of Applied Cryptography, "if the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."


In reply to this comment by NordlichReiter:
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.


written by NordlichReiter  | 3 weeks 5 days ago | CH
 0  | flag spam (0)
All software is victim of Obfuscation in network security, and in cryptography it is better to obfuscate the passphrase. AES Encryption works, thats been proven its a government standard. However no encryption is safe from Man in the Middle. No software that you distribute is safe from reverse engineering.

Security through obscurity is a joke, ( i meant it as a joke). Once the application has made it to the testing phase it can be broken. As for as the Encryption you have to have the pass phrase to decrypt it. A 20 character pass phrase may take a while to brute force. Even though you know how the program works you still have to know the pass phrase, considering the hash is in someone else's memory.

In reply to this comment by curiousity:
I don't know C# yet. It's in the plan though.

I'm not a big fan of "security through obsurity." I'm not saying that your system is insecure just that I'm not a fan of the obsurity method for security in matters like this.

Kerckhoff's Principle

Bruce Schneier, author of Applied Cryptography, "if the strength of your new cryptosystem relies on the fact that the attacker does not know the algorithm's inner workings, you're sunk. If you believe that keeping the algorithm's insides secret improves the security of your cryptosystem more than letting the academic community analyze it, you're wrong. And if you think that someone won't disassemble your code and reverse-engineer your algorithm, you're naive."


In reply to this comment by NordlichReiter:
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.


written by NordlichReiter  | 3 weeks 6 days ago | CH
 0  | flag spam (0)
http://www.videosift.com/video/Philip-Zimmermann-on-PGP-Pretty-Good-Privacy#addcomment

hey do you know any thing about c# ?

I wrote an windows form that does basically the same thing as PGP, but its not as user friendly.(security through obscurity) I use an SMTP Server, AES encryption, creatable passphrase. This was a private project, that I havent uploaded to the creative commons area yet, I'm lazy.

Its really very easy, I used a couple of methods from C# friends to mash it together. Only problem is, some email banks.. (AOL ) do not like encrypted emails.


written by NordlichReiter  | 4 weeks ago | CH
 0  | flag spam (0)
In reply to this comment by curiousity:
Glad you enjoyed it. It's an issue that seems to whimper through the night unless it is your property they are taking.



I never thought I would be interested in eminent domain, but the video was exciting, perhaps it was the personality of the debaters?

I have a housing forclosure crisis playlist here on videosift, and I like CSPAN type stuff.

So do you just browse through the FORA website to find stuff? or what focused you on the eminent domain issue?


written by marinara  | 4 months 2 weeks ago | CH
 0  | flag spam (0)
finally got the time to watch Cato Institute Debate: Property Rights(21st Century America)

if you get anymore like this let me know


written by marinara  | 4 months 2 weeks ago | CH
 0  | flag spam (0)
Great start on the Sift! I look forward to seeing more of your posts.


written by fissionchips  | 5 months 1 week ago | CH
 1  | flag spam (0)
Submit Comment
log in or register to submit new comment


1
Text Advertisements

Technics DJ-Equipment

Forex MetaTrader Indicator

Nouveau Riche University

Advertise Here
Airline Revenue Accounting
Yuarel.com - Create Custom URLs