What is Digg?58 Comments
- Aloyarc, on 10/12/2007, -1/+59You'll regret that when some creep comes and sits down at your table in Pizza Hut.
- EGOvoruhk, on 10/12/2007, -1/+37"Who Dugg or Blogged This?"
...
mfoley (0) - gitrplaya4u, on 10/12/2007, -4/+27aww...too bad. mark foley coulda used this
- gbm85, on 10/12/2007, -1/+24The problem with IM encryption is that both parties must set it up. Most of my contacts can't even install Office, let alone configure an encryption solution.
- venom8599, on 10/12/2007, -0/+8*****...then they know about my weapons grade plutonium stockpile...
- kevnaca, on 10/12/2007, -0/+8Yeah that is effed up. Hilarious as hell though watching the live convo from another comp. I haven't been im-ing in a long time so i've forgot about some the crazy stuff that goes on. Trillian is pretty good for encrytion.
- fjc8, on 10/12/2007, -0/+7Since Skype is closed-source (as is its protocol), how can you be sure that your conversations are safe and that they've implemented security properly? You can't.
- alephsmith, on 10/12/2007, -0/+6If only Saddam used AIM.
- Lane5slacker, on 10/12/2007, -6/+11I'm not worried. The extent of my IM uses is planning a night out with some freinds.
- widman, on 10/12/2007, -0/+5I wouldn't sign my messages. Specially with so many people having logging on. Also forwards secrecy.
http://www.cypherpunks.ca/otr/
Deniability
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised. - widman, on 10/12/2007, -0/+5The author is clueless. Gaim-encryption is not safe and has a terrible record. OTR is the only one usable and it also has a proxy for non-gaim programs. It's gaining momentum and it's being supported by many programs by default like Audium (for Mac).
http://www.securityfocus.com/bid/7182
http://www.cypherpunks.ca/otr/ - inactive, on 10/12/2007, -1/+5http://www.secway.fr/us/products/simplite_msn/tech.php
"SimpLite-MSN authenticates your contacts using RSA keys up to 2048 bits. Encryption is done using the following algorithms: AES (up to 128 bits) or Twofish."
Not as strong as Gaim-encryption (4096), but still very good. If you're truly worried about 2048 bit RSA being cracked then you would have to be targeted by a government power. Unless of course they've already developed an efficient primary key factoring algorithm, then key strength won't help and we've got much bigger problems; but this isn't likely:
http://www.pgp.net/pgpnet/pgp-faq/pgp-faq-security-questions.html#security-against-nsa - warbird, on 10/12/2007, -1/+5Stopped using anything but skype for calls and im's. And btw:
Skype uses AES (Advanced Encryption Standard) – also known as Rijndael – which is also used by U.S. Government organizations to protect sensitive, information. Skype uses 256-bit encryption, which has a total of 1.1 x 1077 possible keys, in order to actively encrypt the data in each Skype call or instant message. Skype uses 1024 bit RSA to negotiate symmetric AES keys. User public keys are certified by the Skype server at login using 1536 or 2048-bit RSA certificates. - toorus, on 10/12/2007, -0/+4gaim + OTR = pretty decent privacy (key logging excluded of course).
- Klaue, on 10/12/2007, -0/+4so you have nothing to hide?
http://www.youtube.com/v/cuO_blmuGmI - neondiet, on 10/12/2007, -0/+3@fjc8
If you're really curious about how Skype security works (and want some confidence) then read this report of a 4 month long study into Skype security:
http://www.skype.com/security/files/2005-031%20security%20evaluation.pdf
Skype is my IM of choice for business use, and I know a lot of other people who feel the same way. It takes the headache out of IM encryption because its designed into the product from the ground up. - NinjaBoy, on 10/12/2007, -0/+3I Agree iv seen bots take over one of our corporate locations and use the info to send AIM ads to another contact. Maybe it wasn't all that harmful to get ads directed at what type of paper we use. But it could have been a lot worse. Iv caught more than one executive using aim to send passwords. Since then we have started using IP Sec and cisco programs with our own messenger server. But that costs LOTS of money.
- scullder, on 10/12/2007, -0/+3I use Jabber and gpg support with kopete, psi or gajim, and it works well =)
- pjsk8, on 10/12/2007, -1/+4@apo11o16:
Yes, AIM lets you sign in twice, but as soon as you log on the second (or how ever many) time, "AOL System Msg" sends you an IM that says you're logged in from more than one location and to reply with "1" to log you out from the other locations. - blackmagician, on 10/12/2007, -0/+3I use CSpace for encrypting my IMs
- Klaue, on 10/12/2007, -0/+3hell, just use jabber with SSL-connection to the server, GnuPG for encryption and TOR for anonymity = anonymous, secure chatting.
- inactive, on 10/12/2007, -1/+3Though your post was likely ment as a joke, it wouldn't have helped him since he was IMing the pages and presumably would want them to be able to decrypt his messages. Encrypting IMs etc protect them from being intercepted by a third party it doesn't protect against disclosure by the intended recipient (part of the reason DRM will never work).
- kyeetza, on 10/12/2007, -1/+3Although not free, a .Mac (dot mac) subscription includes iChat encryption with other .Mac members.
- widman, on 10/12/2007, -1/+2@hessian
Key size is not the only important thing. You should check for holes on what you are going to use.
(pun intended, but it is real, don't use gaim encryption, use OTR or similar) - williamdyer, on 10/12/2007, -0/+1True, you can't audit the sources, but Skype intercepts have never been used in any court case I know of. So unless you are doing something that might get you some national security attention, Skype should be good enough to stop corporate and law enforcement snoops.
- williamdyer, on 10/12/2007, -0/+1We have an authoritarian snoop-crazed chimp in the White House. EVERYBODY needs better crypto.
- inactive, on 10/12/2007, -2/+3On the list SimpLite is the best.
- alephsmith, on 10/12/2007, -1/+2@prh99 That is what OTR is for-> plausible deniability.
- DucoNihilum, on 10/12/2007, -0/+1Because the government reads all of our instant messaging conversations.
National Security adviser: Mr. President..... Josh is dating Stephanie.... when he is already Katies girlfriend....
Bush: Oh... My.... God!
Stop being so paranoid. - m4v1s, on 10/12/2007, -0/+1I have been looking for somthing like for years, i use trillian but most of my contacts use AIM or GAIM, so there is no reliable way for us to communicate securely. This was a breeze to install and configure. The only con is if you use it as a proxy you have to have an extra application running. Hopefully they will add the ability to minimize it to the tray soon.
- toorus, on 10/12/2007, -1/+2correct me if I am wrong, but isn't meebo just voluntarily submitting your conversation to a third party?
- GrendelT, on 10/12/2007, -4/+5I use PuTTY to create an SSH tunnel off campus (where the most prying eyes would be).
When I want to run gaim securely, I set my localhost:port to the Tunnel I've setup in putty.
SSH encrypted IMs to a shared SSH server, relative security through obscurity. - achnet, on 10/12/2007, -0/+1I can't believe it took this long for someone to say this. This combination has to be the best of everything.
- widman, on 10/12/2007, -0/+1The author of that "article" didn't even read the FAQ. http://www.cypherpunks.ca/otr/#faqs
How is this different from the gaim-encryption plugin?
The gaim-encryption plugin provides encryption and authentication, but not deniability or perfect forward secrecy. If an attacker or a virus gets access to your machine, all of your past gaim-encryption conversations are retroactively compromised. Further, since all of the messages are digitally signed, there is difficult-to-deny proof that you said what you did: not what we want for a supposedly private conversation!
How is this different from Trillian's SecureIM?
SecureIM doesn't provide any kind of authentication at all! You really have no idea (in any kind of secure way) to whom you're speaking, or if there is a "man in the middle" reading all of your messages. - middleman, on 10/12/2007, -0/+1Ive been using trillian for a while now and any of my freinds that have it and know what there doing, turn on the encryption espcially since im on a college campus.
I say that now even if I simply use it to feel somewhat secure knowing that any skilled hacker could break the encryption easily if they wanted. The security only works if another friend has a secureable client anyways. I use it becuase I can. - zdtsz, on 10/12/2007, -0/+1ssh or PuTTy will work.
You can do many things with ssh.
Set for example your browser to use SOCKS4 and localhost:8000
Put squid proxy on your home base pc.
If behind a router, port forward port 22.
Make sure your router is set to allow anonymous pings and that you have set up a 'strong' password'.
On your local machine, you can have GAIM configured to use the proxy above.
start up your ssh connection with:
$ssh -C -o CompressionLevel=9 username -D:8000 ip_of_home_pc
You should get a prompt for a password and establish a ssh connection.
Now you can browse the internet and IM with tunneled ssh forwarding all activities to your home pc endpoint.
Or, just download NX and ssh over to your home Linux Desktop (www.nomachine.com)
Oh, if you are using Windows on both ends of your connection NX won't be any good to you (NX provides a windows client to access Linux X Windows Desktops), but you can ssh tunnel Windows Terminal Server rdp (on Windows XP with Remote Administration enabled) with:
ssh -L 3389:local_ip:3389 user_name@home_ip
Thanks - m0shen, on 10/12/2007, -0/+1SILC is pretty damn good for chat (very close to IRC).
http://silcnet.org/ - inactive, on 10/12/2007, -1/+2a decent solution is using Gtalk via gmail (if you believe google's Do not Evil)
it supports https. - t3hX, on 10/12/2007, -0/+1Adium (close enough to Gaim) + OTR + SSL Jabber on MY server = pretty close to secure :)
- m0shen, on 10/12/2007, -0/+1A (somewhat) more comprehensive list of secure chat clients/protocols:
http://www.infoanarchy.org/en/Encrypted_Chat_Clients
dugg the article, excellent information on setup. - xevious, on 10/12/2007, -0/+1Adium for Mac includes encryption in the standard package and works with all the major chat protocols also using the OTR method compatible with gaim and Trillian.
http://trac.adiumx.com/wiki/AboutAdium
http://www.cypherpunks.ca/otr/ - Javamancer, on 10/12/2007, -2/+2^^Truesay.
You'll be changing your tune when someone intercepts your IMs, finds out where you're going to be this friday night, hops on a plane, sits in the corner of your pub of choice, remembers he has no idea what you look like, and goes home, shoulders hunched, his bottle of rohypnol still factory sealed. A lucky escape, this time. - badgergrad2001, on 10/12/2007, -0/+0Any suggestions on encrypting IM conference chat?
- middleman, on 10/12/2007, -1/+1Better safe then sorry.
- thetaco82, on 10/12/2007, -1/+1http://en.wikipedia.org/wiki/ECHELON
Q.E.D. - americamatrix, on 10/12/2007, -0/+0ScatterChat anyone?
ScatterChat > GAIM Encryption
http://www.scatterchat.com - fjc8, on 10/12/2007, -3/+2It doesn't give you that notification if you're logging in from the same IP address
- synapseattack, on 10/12/2007, -2/+1Anyone that lacks a life so much that they need to read my IMs I would like to do you a favor. Below are some snaps shots of recent IMs. I hope this saves you some time.
Conversation 1:
Mike: Hi Ron
Me: Hi Mike
Mike: How about them Mets?
Me: Their a baseball team right?
Mike: Nevermind.
End Conversation 1
Conversation 2:
Creepy Internet Person (CIP): Hello
Me: Hello... Who are you?
CIP: Would you like to cyber?
Me: God no.
CIP: Why not?
Me: Cause your some 45 year old creepy guy pretending to be a girl...
CIP: Who said anything about being a girl?
End Conversation 2
Conversation 3
Co-worker: Hey Ron
Me: Yes?
Co-worker: I have a couple ideas I would like to run by you.
Me: Send them in an email.
Co-Worker: Why?
Me: Because if we ever need it there is a easier trail to follow.
End Conversation 3
I hope this both saved you time and highlighted the fact that my IMs are nothing worth reading. - bdpf, on 10/12/2007, -1/+0Fm: Old crypto freek
To: ALL
Subj: CLASSIFIED
Unclass;
Use off-line encryption methods for all e-mails.
Change keys daily for all un-classified mesages.
Double or triple encrypt all "Your Eyes Only" messages.
Remember Big Brother Sees All.
Better to meet face to face for secure conversations... Maybe!
IM and simular connections are not secure.
End Un-class;
End - BluKnight, on 10/12/2007, -2/+1I gotta agree with you on that one. Best part is you can use it with your current IM client. If you're using GAIM, Trillian or the MSN Messenger client, it's all the same to SIMP.
-
Show 51 - 58 of 58 discussions
© Digg Inc. 2009
— Content created and posted by Digg users is