[liberationtech] Comments from Chile

Nadim Kobeissi nadim at nadim.cc
Tue Jul 31 18:03:03 PDT 2012 

Hello,
I am a lead developer from the Cryptocat Project. Responding to the claim
that Cryptocat chats have been transcribed:

   - It is overwhelmingly likely that local spyware/keyloggers would be
   responsible for the transcription. This scenario is rendered highly
   plausible due to the mention that the computers were previously
   confiscated, allowing for spyware to be installed to capture
   screenshots/keystrokes/etc. While this is outside of Cryptocat's threat
   model, it is still an unfortunate threat to many, and we will be responding
   by including a tutorial on how to use Tails <https://tails.boum.org/> in
   conjunction with Cryptocat in order to mitigate this threat.
   - As an ancillary measure, and even though a non-spyware compromise is
   relatively unlikely in this scenario, we will be rotating all of our keys
   (SSL and otherwise) within 48 hours.
   - As an ancillary measure, we will be studying our network for evidence
   of compromise, and we will be migrating our servers to Iceland simply
   because we can and it's likely to be a good idea in the long-term.

Furthermore, I would like to mention that the Cryptocat Project's next
major release, Cryptocat 2, which is scheduled this month, will be deployed
in a largely decentralized fashion, getting rid of the server as a possible
compromise point. More information can be found at the Cryptocat
Development Blog: https://blog.crypto.cat.

Given the circumstances of this particular incident, I believe that this is
very likely a local spyware compromise. However, due to it being easily
within our capacity to take thorough measures, we will.

Warm regards,
NK

_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu

Should you need to change your subscription options, please go to:

https://mailman.stanford.edu/mailman/listinfo/liberationtech

If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"

You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech

Should you need immediate assistance, please contact the list moderator.

Please don't forget to follow us on http://twitter.com/#!/Liberationtech

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list