[liberationtech] Comments from Chile
Nadim Kobeissi
nadim at nadim.cc
Tue Jul 31 18:03:03 PDT 2012
Hello,
I am a lead developer from the Cryptocat Project. Responding to the claim
that Cryptocat chats have been transcribed:
- It is overwhelmingly likely that local spyware/keyloggers would be
responsible for the transcription. This scenario is rendered highly
plausible due to the mention that the computers were previously
confiscated, allowing for spyware to be installed to capture
screenshots/keystrokes/etc. While this is outside of Cryptocat's threat
model, it is still an unfortunate threat to many, and we will be responding
by including a tutorial on how to use Tails <https://tails.boum.org/> in
conjunction with Cryptocat in order to mitigate this threat.
- As an ancillary measure, and even though a non-spyware compromise is
relatively unlikely in this scenario, we will be rotating all of our keys
(SSL and otherwise) within 48 hours.
- As an ancillary measure, we will be studying our network for evidence
of compromise, and we will be migrating our servers to Iceland simply
because we can and it's likely to be a good idea in the long-term.
Furthermore, I would like to mention that the Cryptocat Project's next
major release, Cryptocat 2, which is scheduled this month, will be deployed
in a largely decentralized fashion, getting rid of the server as a possible
compromise point. More information can be found at the Cryptocat
Development Blog: https://blog.crypto.cat.
Given the circumstances of this particular incident, I believe that this is
very likely a local spyware compromise. However, due to it being easily
within our capacity to take thorough measures, we will.
Warm regards,
NK
_______________________________________________
liberationtech mailing list
liberationtech at lists.stanford.edu
Should you need to change your subscription options, please go to:
https://mailman.stanford.edu/mailman/listinfo/liberationtech
If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
Should you need immediate assistance, please contact the list moderator.
Please don't forget to follow us on http://twitter.com/#!/Liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list