https://www.youtube.com/watch?v=bT_k06Xg-BE
Without exploit mitigations and with an insecure-by-default design,
writing malware for FreeBSD is a fun task, taking us back to 1999-era
Linux exploit authorship. Several members of FreeBSD's development
team have claimed that Capsicum, a capabilities/sandboxing framework,
prevents exploitation of applications. Our in-depth analysis of the
topics below will show that in order to be effective, applying
Capsicum to existing complex codebases lends itself to wrapper-style
sandboxing. Wrapper-style sandbox is a technique whereby privileged
operations get wrapped and passed to a segregated process, which
performs the operation on behalf of the capsicumized process. With a
new libhijack payload, we will demonstrate that wrapper-style
sandboxing requires ASLR and CFI for effectiveness. FreeBSD supports
neither ASLR nor CFI. Tying into the wrapper-style Capsicum defeat,
we'll talk about advances being made with libhijack, a tool announced
at Thotcon 0x4. The payload developed in the Capsicum discussion will
be used with libhijack, thus making it easy to extend. We will also
learn the Mandatory Access Control (MAC) framework in FreeBSD. The MAC
framework places hooks into several key places in the kernel. We'll
learn how to abuse the MAC framework for writing efficient rootkits.
Attendees of this presentation should walk away with the knowledge to
skillfully and artfully write offensive code targeting both the
FreeBSD userland and the kernel.
https://twitter.com/lattera/status/989602709950029824
Shawn Webb is a cofounder of HardenedBSD, a hardened downstream
distribution of FreeBSD. With over a decade in infosec, he dabbles in
both the offensive and defensive aspects of the industry. On the
advisory board for Emerald Onion, Shawn believes in a more free and
open Internet. His whole house is wired for Tor. Getting on the Tor
network is only a network jack away!
https://www.youtube.com/user/CarolinaConVideos/videos
CarolinaCon was started in 2005 and has been held every year since.
With each passing year the conference continues to grow and attract
more attendees and speakers. As has always been the case, CarolinaCon
is put together and run by an all-volunteer staff. CarolinaCon is
proudly brought to you by "The CarolinaCon Group". The CarolinaCon
Group is a non-profit organization registered in the state of NC,
dedicated to educating the local and global communities about
technology, information/network/computer security, and information
rights.
The CarolinaCon Group is also closely associated with various 2600
chapters across NC, SC, TN, VA, LA, DC, GA, PA and NY. Many of the
volunteers who help develop and deliver CarolinaCon come from those
chapters.
http://www.latimes.com/local/lanow/la-me-citizens-ice-20180427-htmlstory.ht…
Immigration and Customs Enforcement agents repeatedly target U.S.
citizens for deportation by mistake, making wrongful arrests based on
incomplete government records, bad data and lax investigations,
according to a Times review of federal lawsuits, internal ICE
documents and interviews.
Since 2012, ICE has released from its custody more than 1,480 people
after investigating their citizenship claims, according to agency
figures. And a Times review of Department of Justice records and
interviews with immigration attorneys uncovered hundreds of additional
cases in the country’s immigration courts in which people were forced
to prove they are Americans and sometimes spent months or even years
in detention.
https://www.youtube.com/results?search_query=ice+am+i+being+detained
Even forgetting website admins and the whole third party
recaptcha cloudflare debacle, where so many users are
just closing their tabs on those sites and going elsewhere,
for the moment,
The fact that Google itself does this censoring, enslavement, tracking
and data mining / brokering in front its own search service [1] that
service marketed as benefit the whole worlds users... except
obviously in particular to tor users which they know are using
tor exits, and even already have a solved cookie for, but still
block their browser's search again and again after that...
is totally absurd and hypocritical lie. And the typical wishy
washy silent corporate stance on such things.
Who is not to analysis and then declare that situation similar to...
"fuck google... they've been evil since day one."
[1] https://www.google.com/
Anyone wanting to start new services based on new
honorable models, including privacy, micropay, donations, etc...
thanks to this "free" abuse for decades by all the big services,
there is much oppurtunity out there to startup better ideas
in that vacuum.
On Sun, Apr 8, 2018 at 10:59 AM, John Levine <johnl(a)iecc.com> wrote:
>>No such jurisdiction beyond themselves.
>
> The RBI regulates all the banks in India
Only their banks, not biz or people.
Maybe their govt too, lol.
> this will shut down any
> cryptocurrency exchanges in India
Both exchanges and citizens can still open foreign account.
And local exchanges can still reasonably operate using cash
or all that Indian gold, or cows, contracts, etc.
> the banks, who do not want to
> annoy their regulator
The banks, who are in business to make money, should
throw out their regulators so they can try to do that, subject
to the free market.
Then again, one of cryptocurrency's messages...
https://www.youtube.com/watch?v=xWAwK2fHArc
> if Indians want to buy or sell cryptocurrencies, they're back to the
> pre-Mt.Gox situation of trying to find someone local who'll trade them
> for cash.
Indian markets are diverse and interconnected as any other, this is
not a problem. And cryptocurrency is used in both directions.
> Keep in mind that there are only about 10 million Bitcoin wallets in
> the world
There are 55 Million UTXO's, down from the 67M that were
uneconomical to consolidate no thanks to BTC's issues.
That's just for BTC, not all the other coins and tokens.
Wallet estimates are harder to pinpoint.
Feel free to link to some good papers on that.
> and I doubt as many as a million of them are in India.
> There are over a billion people in India so we're talking about under
> 0.1% of the Indian population... a poor country, where rural phone ladies
> rent mobile phones
Even if that, not a bad adoption rate so far, and the
guerrilla networking, love the ingenuity from necessity, ftw.
> 15c for a few minutes of data.
Transactions are relayed in under that time. Probably quite
the deal for larger / distant transactions compared to
other forms, including shipping gold and Rupees around.
> Even if cryptocurrencies were a good idea, which they aren't
Unsubstantiated FUD.
Sad to see on one of the lists where cryptocurrencies were born.
At least cryptography is still agnostic, at least until cryptographers
start taking the knee and advertising the fake backdoored crypto
they can concoct as "strong crypto" to serve their masters.
> India doesn't have the infrastructure to use them other than
> by rich people in cities.
FUD. Cities have the infrastructure, anyone in a city is
at least enough to be alive there, internet cafes and p2p
relations work fine and more efficiently there as well,
for rich and poor.
> Since the badly handled withdrawal of high value banknotes in November
> 2016 (I was there, same week as the US election) Indian banks have
> pushed hard to provide conventional electronic payments with credit
> and debit cards. I was impresssed how many of the stalls at markets
> had handheld card terminals.
Paying the mandatory extra card tax and high interest to middlemen
pockets regardless of network operation costs for nothing in return
that cryptocurrency can't provide for less, and freely.
Unless you count the chargeback and tx censorship babysitting
that keeps people and systems down from independance, and
the "free money" advertising that keeps from choosing ownership.
Yes they have to 'push hard' because the people smartly
resist back against it....
>>RBI stock price drops on news as competitors move in.
>
> The RBI is run by the Indian government, does not issue stock, and
> since it is the central bank, has no competitors.
...ahh yes, yet another monopoly artificially propped up
upon force of death at gunpoint, how delightful.
They offer you no choice. Cryptocurrency does.
> Were we saying something about fake news?
"Stock in faith" has a price too, the worldwide adoption of
cryptocurrency to date says fiat [itself / systems / entities] been
dropping quite a bit, both in faith and into cryptocurrency forex.
Nothing fake there.
On Fri, Apr 27, 2018 at 9:47 AM, Phillip Hallam-Baker
<phill(a)hallambaker.com> wrote:
> On Mon, Apr 23, 2018 at 12:03 PM, Ubicorn via cryptography
> <cryptography(a)metzdowd.com> wrote:
>>
>> I posted some weeks ago regarding my Universal Basic Income Cryptocurrency
>> project and I just finished a Whitepaper draft that can be seen here:
>> https://github.com/UBIC-repo/Whitepaper
>> If someone has a suggestions he or she is free to open a pull request or
>> send me an email.
>
>
> UBI is something that anyone serious about tech needs to be thinking about
> because our current capitalist economy is based on the assumption that labor
> is a scarce resource and is structured to allocate it efficiently (by some
> measure).
>
> As Karl Marx pointed out, the system will fall when automation reaches the
> Malthus... Puritans... Theresa May...
> ...
> [snip 500 word essay]
Hey thanks for getting your posts about
"the technical, social, political, security, privacy, legal,
multinational aspects of cryptosystems"
posted to this list.
That means such discussions relating to same are infact fully approved,
and yet another resubmittal per that is warranted,
again witnesseth cypherpunks.
On Sun, Apr 15, 2018 at 7:33 PM, <cryptography-owner(a)metzdowd.com> wrote:
> "This thread is dead as it was an admitted fake news article."
The OP posted snippets of junk journalism.
Another poster corrected it with links to source docs
and much better journalism.
Then another poster posted yet more flaky content.
For which a proper counter / alternative is warranted.
There's lots of other material relavant to
"technical, social, political, security, privacy, legal, multinational
aspects of cryptosystems'
in that to be completed thread for which
the list could ponder lively, and should given
cryptocurrency is the newest mass critical cryptosystem
out there.
Also, "Will We Ever Learn", "The Bob Morris Worm",
"Unicode", "Speculation" and many other threads over
time questionably met charter as barely mentioning any
applied / underlying cryptographic / topical element in them.
It's being reposted, witnesseth cypherpunks.
Do what you want with it.
