Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Anonymous Builds New Haven For Stolen Data
Newest First  |  Oldest First  |  Threaded View
bhunji
50%
50%
bhunji,
User Rank: Apprentice
4/21/2012 | 8:48:32 AM
re: Anonymous Builds New Haven For Stolen Data
anti-privacy slant : you focused your article on the doxing purpose of such a tool, while this is only 1 possible side of the story. Would you present knives as mean machines designed to pierce hearts and cut throats ? Because this is exactly what you're doing here with ZeroBin and AnonPaste. You absolutely focus on the potential harm (or "arguable harm according to administrations who like their offenses to remain secret").

Vouching for Savage's software : His name's "Sauvage" not "Savage", and yes I support his tool as well as the guy. Your article brushes very quickly on the privacy side of things which is the core reason for Sauvage creating ZeroBin. When he release the first version of it, he mentioned clearly the reason. But you are sweeping everything under the rug in order to present YOUR truth, and how evil it is to not accept embedding a governmental camera in your butt 24/7 so that authorities can spy on you... oh wait ! I meant to say "so that authorities can make sure that you're not a terrorist, a pedophile, or maybe even worse... an anti-war or anti-corruption activist".

And BTW you did not answer my remark about privacy being trampled for the past 10 years. Do you deny it? Or are you not aware of it? if that is the case, you don't belong in the tech news industry. But if you spin the reality along the lines of authority's claims, well... for the sake of politeness, let's just say it would be bad. And you not mentioning this aspect of things in an article covering a ZeroBin installation is already lame (or politically oriented).

Sauvage's software hasn't been stress-tested ? Of course not ! it is a brand new thing and you should know that if you had read Sauvage's website. But have you read ANYTHING beyond Sauvage's CV on his website, despite how irrelevant that may be compared to technical aspects ? Have you cared to look at how it works and why it provides privacy ? It provides privacy because the server doesn't know what the data is about. All encryption happens within the browser. And if you don't trust it, it is all javascript... meaning it is on your computer and you can read the code.
Mathew
50%
50%
Mathew,
User Rank: Apprentice
4/20/2012 | 12:45:22 PM
re: Anonymous Builds New Haven For Stolen Data
Bhunji, not sure where you're finding the anti-privacy slant. So, are you vouching for Savage's software? Some Anonymous participants have seized on -- in your words -- a two-week-old tool to handle submissions in a way that they say will maintain anonymity. Given the tool's immaturity, it's obviously not been stress-tested for these types of scenarios, and what's to say it can't be surreptitiously subverted? Why should it be trusted (yet) to provide privacy?
bhunji
50%
50%
bhunji,
User Rank: Apprentice
4/20/2012 | 8:37:35 AM
re: Anonymous Builds New Haven For Stolen Data
This article is a joke and so is its author. So you've been checking Sebastien Sauvage's CV but you did not care to read what he wrote about ZeroBin, even though this piece of software has been created (and therefore commented upon) barely 2 weeks ago ? So you go to ridiculous lengths to assume that the beta status of the software is due to whichever reason your cognitive dissonance is gonna make up so as to fit the White House's propaganda ? Go read what Seb Sauvage freaking wrote about it !!! FFS, it's all on his website ! But no ! Obviously you, Matthew, enjoy gargling Obama's balls.

And you'll spread the word how Anonymous are evil, and how ZeroBin is made for evil H4x0r when you seem to ignore how privacy (you heard about it, right? you know that regular normal non-hacking people used to have a right to privacy?) has been beaten to a pulp for the past 10 years online and offline ?

You're a moron and sellout, Matthew !
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
4/20/2012 | 2:06:48 AM
re: Anonymous Builds New Haven For Stolen Data
Anyone who honestly believes that these anonymous systems don't collect data about where the submissions come from should really consider buying this bridge that I have for sale in Brooklyn.

Once information it digitized, it can be tracked if it is transmitted. Period, end of story. And honestly, perhaps the software was designed in a way as to not track where submissions come from, but anyone looking at the logs of the server that the software runs on and/or the logs of an upstream router will be able to figure all of that out.

Andrew Hornback
InformationWeek Contributor


Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26895
PUBLISHED: 2020-10-21
Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions. This can be exploited by any peer with an open channel regardless of the victim situation (e.g., routing node, payment-receiver,...
CVE-2020-26896
PUBLISHED: 2020-10-21
Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database. While claiming on-chain a received HTLC output, it didn't verify that the corresponding outgoing off-chain HTLC was already settled before releasing the preimage. In the case of a hash-and-amount collis...
CVE-2020-5790
PUBLISHED: 2020-10-20
Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5791
PUBLISHED: 2020-10-20
Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.
CVE-2020-5792
PUBLISHED: 2020-10-20
Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.