Cryptome has been leaking its user logs for over a year
Razer
Rayzer at riseup.net
Thu Oct 8 09:02:31 PDT 2015
Steve Kinney wrote the only thing I've read so far worth a damn.
YOU are responsible for YOUR OWN opsec, and global distribution has the
effect of precluding the kind of misuse feared... Unless of course you
have something to hide. In which case do like Osama, who disappeared off
SIGINT radar in 1998. Use paper, pencil, and trusted couriers.
They'll still get you if the want you bad enough.
What was it some old Bolsheveik or another said?
> "Revolutionaries are dead men on furlough."
RR
On 10/08/2015 04:18 AM, Steve Kinney wrote:
> The overall message I get from JYA's impressionistic essays on
> network security is that in his view there ain't no such animal.
> Add to this the well established security axiom across all
> contexts, "a trusted entity is one that can break your security
> model." In the present context, trusting Cryptome to protect your
> privacy is a sucker bet: Either you don't care, or your own OpSec
> is up to that task, or you are screwed. This context makes the
> issue at hand an object lesson in stating the obvious.
>
> A rented, public facing, vendor configured and maintained web
> server instance appears to be 'leaking' its http logs to world +
> dog. That would mean data that is supposed to be available only
> to a few dozen intelligence services, tech support guise and
> marketing departments is world readable. A level playing field
> with equal access for all is worse than one where access is
> monopolized by a clusterfuck of privileged players why?
>
> :o)
>
>
>
>
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151008/d206f040/attachment-0002.sig>
More information about the cypherpunks
mailing list