The non-repudiation of Trump by many Americans is actually worse when you think about it.

If not for Covid-19 and the resulting deaths and probably mainly the economic uncertainty that came with it, Trump would probably have won in a landslide.

Somewhat sobering to think it took 250 thousand dead and near economic collapse to convince a few more people this time to vote against him.

πŸ‘︎ 26
πŸ“°︎ r/neoliberal
πŸ’¬︎
πŸ‘€︎ u/Chaelsonnen_42069
πŸ“…︎ Nov 06 2020
🚨︎ report
What are the comparison between TeamViewer and OpenSSH that reflects on Authentication, Access Control, Data Confidentiality, Data integrity and Non-Repudiation? Also what would you pick in term of Confidentiality, Integrity and Availability?
πŸ‘︎ 2
πŸ“°︎ r/AskReddit
πŸ’¬︎
πŸ‘€︎ u/papiblue
πŸ“…︎ Dec 29 2020
🚨︎ report
[question] asymmetric encryption and non-repudiation

I am hoping someone could help me understand the process around encryption and non-repudiation as it is kinda doing my head in.

I understand that Alice uses her private key to encrypt and send a message to Bob and Bob uses Alice's public key to decrypt. But because Alice's public key is "public", Sam can also intercept the message and decryptsit. Correct?

So if Alice wanted to send a message that only Bob can read, she would encrypt her message with Bob's public key, send it and then only Bob would be able to decrypt it using his private key? However this means that someone can impersonate Alice?

So.... If Alice wants to send a message that only Bob can read

  1. Alice hashes the message "meet me at the corner in 10 minutes" using Alice's private key
  2. Alice encrypts the message using Bob's public key
  3. Alice sends the email to Bob
  4. Bob decrypts the message using Bob's private key
  5. Bob verifies the hash of the message using Alice's public key.

If the hashes align, then the message has been sent by Alice and Bob is the only one able to read it?

Is this correct or am I way off mark?

Cheers

πŸ‘︎ 2
πŸ“°︎ r/netsecstudents
πŸ’¬︎
πŸ‘€︎ u/happyjerboa
πŸ“…︎ Apr 20 2020
🚨︎ report
One-Time Passwords Do Not Provide Non-Repudiation techblog.bozho.net/one-ti…
πŸ‘︎ 2
πŸ“°︎ r/programming
πŸ’¬︎
πŸ‘€︎ u/b0zho
πŸ“…︎ Jan 20 2020
🚨︎ report
Thorough round-up and repudiation of non-responses to Adm Mullen's opining for an end to "Don't Ask Don't Tell" nytimes.com/2010/02/07/op…
πŸ‘︎ 4
πŸ“°︎ r/politics
πŸ’¬︎
πŸ‘€︎ u/alexkillough
πŸ“…︎ Feb 07 2010
🚨︎ report
I need help for a script i making.

Hello im new to linux scripting.

I want to create a script to create self signed certificates for my lab. I made a script working with only one domain given on terminal.

this is how i check if the user supplied a domain:

if [ "$#" -ne 1 ]
then
  echo "Usage: Must supply at least one domain"
  exit 1
fi

and this how i get and use the domain inside my script

DOMAIN=$1

So i run ./myscript.sh example.com and it creates a certificate valid for example.com

I want my script to also support to be valid for multiple domains.

eg ./myscript.sh example.com example1.com example2.com

The question is how i can check if more more than one domain supplied on terminal and add them as DOMAIN2=$2 DOMAIN3=$3 ... DOMAINn=$n variables inside my script ?

So a user can create a certificate with 1 or 2 or 3 or more domains.

PS Sorry for my english.

Dimitris,

Thanks

Edit: I made some progress and the script working now. I know is not near best or efficient code.

I will post the code for anyone who want to help and give some suggestions to improve it.

Edit 2: Updated Code.

#!/usr/bin/env bash

DOMAIN=$1
DOMAINS=${@}
j=1
k=1

# The two-letter country code where your company is legally located.
CountryName="GR"
# The state/province where your company is legally located.
State="Athens"
# The city where your company is legally located.
LocalityName="Athens"
# Your company's legally registered name (e.g., YourCompany, Inc.).
OrganizationName="HomeLab"
# The name of your department within the organization. (You can leave this option blank)
OrganizationalUnitName="Org Unit Name"
# The fully-qualified domain name (FQDN) (e.g., www.example.com).
CommonName=$DOMAIN
# Your email address.
emailAddress="[email protected]"

if [ "$#" = 0 ];
then
  echo "Usage: Must supply at least one domain"
  exit 1
fi

ipvalid() {
  # Set up local variables
  local ip=${1:-1.2.3.4}
  local IFS=.; read -r -a a <<< "$ip"
  # Start with a regex format test
  [[ $ip =~ ^[0-9]+(\.[0-9]+){3}$ ]] || return 1
  # Test values of quads
  local quad
  for quad in {0..3}; do
    [[ "${a[$quad]}" -gt 255 ]] && return 1
  done
  return 0
}

for ALTNAME in ${DOMAINS[@]} ; do
... keep reading on reddit ➑

πŸ‘︎ 4
πŸ“°︎ r/linuxquestions
πŸ’¬︎
πŸ‘€︎ u/99dimitris
πŸ“…︎ Apr 05 2021
🚨︎ report
Judge My English

Hi everyone, I'm here again for the third time. I know that I have a thick accent and it's immediately noticeable but I was wondering if my pronunciation is good or if have to work on some specific sounds, other than my flow.

Here is the link: https://voca.ro/11eMhgVvxDZE

And here the passage:

>Cryptography is the practice and study of techniques for secure communication in the presence of third parties called adversaries. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, and physics.

Thank you!

πŸ‘︎ 4
πŸ“°︎ r/JudgeMyAccent
πŸ’¬︎
πŸ‘€︎ u/rustyjoee
πŸ“…︎ Jan 31 2021
🚨︎ report
What is the job on each file and command when creating self-signed certificate

Hello i had to create a self-signed certificate for client-server application

but i do not understand what each file and command means .

and how they work together the client and server to do the mutual SSL hand shake

i follow those commands :

creating csr.conf:

[req]

default_bits = 4096

prompt = no

encrypt_key = yes

default_md = sha256

req_extensions = v3_req

distinguished_name = req_distinguished_name

[req_distinguished_name]

emailAddress = [email protected]

CN = ${SERVICE}.${NAMESPACE}.svc

[ v3_req ]

basicConstraints = CA:FALSE

keyUsage = nonRepudiation, digitalSignature, keyEncipherment

extendedKeyUsage = serverAuth

subjectAltName = u/alt_names

[alt_names]

DNS.1 = ${SERVICE}

DNS.2 = ${SERVICE}.${NAMESPACE}

IP.1 = 127.0.0.1

Private Key based on our CSR

openssl genrsa -out ${TMPDIR}/vault.key 4096

create server.csr with our csr.conf and private key

openssl req -config ${TMPDIR}/csr.conf -new -key ${TMPDIR}/vault.key -subj β€œ//CN=${SERVICE}.${NAMESPACE}.svc” -out ${TMPDIR}/server.csr

also, what is pem file which i see that sometimes is created what is the difference between pem and ca files?
can you explain to in simple words what each part do ?

and how they do the mutual SSL between the client and server?

Thanks

πŸ‘︎ 2
πŸ“°︎ r/AskNetsec
πŸ’¬︎
πŸ‘€︎ u/umen
πŸ“…︎ Jan 26 2021
🚨︎ report
How To Renew Expired IPA Certificates & Fix Broken pki-tomactd

As I don't want to hijack another one's thread especially when the error messages are different so I'm going ahead & seeking help on this new thread.

I've inherited a FreeIPA installation from somebody used among 5 physical servers with one FreeIPA server (everything CA etc on it) while other 4 physical servers act as clients. Being someone very new at LDAP & FreeIPA, I tried to troublshoot by googling.

System / Server Info:

OS - CentOS 7.6, Installed IPA packages version - 4.6.4, Self-Signed CA 

Here are the issues that I'm facing & what steps I've taken so far.

  1. Before certificates were expired the pki-tomcatd service was failing & I see the following message in /var/log/pki/pki-tomcat/ca/debug:

    Error: netscape.ldap.LDAPException: Authentication failed (48)

After some googling I've found this RedHat link which asks to check if certificate blob & serial number in pkiuser matches to the 'subsystemCert cert-pki-ca' in our case both check out to be same & there was nothing to do, but we still get that error.

  1. Certificates have expired - Now the certificates have expired, they were not auto-renewed, was it because above (pki-tomcatd service failure)?, not sure.
  • For this I've tried to move back the date & tried to renew them through ipa-certupdate, the output says sucessfull but the certificates are not getting renewed. Here is the output of one such attempt (renamed domain to ourorg.com for privacy in the following output of ipa-certupdate -v command).

​

        ipapython.admintool: DEBUG: Not logging to a file 
        ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.remote_plugins.schema$5131ac65... 
        ipalib.plugable: DEBUG: importing plugin module ipaclient.remote_plugins.schema$5131ac65.plugins 
        ipalib.plugable: DEBUG: importing all plugin modules in ipaclient.plugins... 
        ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automember 
        ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.automount 
        ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.ca 
        ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.cert 
        ipalib.plugable: DEBUG: importing plugin module ipaclient.plugins.certmap 
        ipalib.plugable: DEBUG: importing plugin module ipaclient.plu
... keep reading on reddit ➑

πŸ‘︎ 2
πŸ“°︎ r/FreeIPA
πŸ’¬︎
πŸ‘€︎ u/anotherITadmin
πŸ“…︎ Feb 08 2021
🚨︎ report
CISSP Domain 3 MindMap / Review Video focused on Digital Certificates, Digital Signatures, PKI & Key Management

The next video on cryptography is up! This one focuses on Digital Certificates, Digital Signatures, PKI & Key Management: https://youtu.be/8XKdFSG3ua4

Topics covered include Digital Signatures (provide Integrity, Authenticity & Non-repudiation), Digital Certificates (Verify the owner of a Public Key), X.509, Replacement, Revocation (CRL & OCSP), Certificate Pinning, Public Key Infrastructure (PKI), Certificate Authority (Root of Trust), Registration Authority, Intermediate / Issuing CA, Certificate DB, Certificate Store, Key Management, Kerchhoff’s Principle, Key Generation, Key Distribution (Diffie-Hellmann, Out-of-band & Hybrid Cryptography), Key Storage (TPM & HSM), Key Rotation, Key Disposition, Crypto-shredding, Key Destruction, Key Recovery (Split Knowledge, Dual Control & Key Escrow)

Here are the other review / MindMap videos I have completed so far:

Domain 2

Domain 3

Domain 4

  • Coming soon(ish)!

Domain 5

Domain 6

Domain 7

Domain 8

I have also created a couple of deep dives into topics important to understand for the exam:

... keep reading on reddit ➑

πŸ‘︎ 20
πŸ“°︎ r/cissp
πŸ’¬︎
πŸ‘€︎ u/RWitchest
πŸ“…︎ Oct 20 2020
🚨︎ report
Why I'm happy today about the 2020 election results, and maybe you should be too

Like Andrew and many of you I believe in the rule of law, after all it is a legal podcast we all follow. Β I am also left center, more so than ever after the last four years. Β So I mainly wanted four things out of this election, importantly in this order of preference from most to least:

  1. Donald Trump to lose and not be president.

I wouldn't have been able to stand four more years of the (you name it here - e.g. lack of ethics, non-repudiation of white power movements, and 5 other things I'd rather not focus on right now for my sanity).

  1. The Democrats to take controls of the Senate.

I wanted Biden and the Democrats not to be inhibited in reformation of the courts, and to be able to repair a lot of the damage done to our institutions with as little interference from a Republican senate as possible.

  1. The Democrats to hold the House of Representatives.

While the Senate is required for courts and cabinet appointments, the House is required for legislative objectives in addition to the Senate.

  1. A general repudiation of Trump through as large margins and as many victories as possible across the board for Democrats.

This would have been the gravy on the top of #1 and a possible lesson to the Republican party to fight ethically and cleanly in the future.

Well, what I got was the #1 and #3 on my list already. Β And #2 is still possible. Β I didn't get #4. Β I know many of my political allies are upset because their expectations were so high based on polls to potentially get all 4, but this is still a victory and I am happy for what I did get. Β It could have been so much worse.

I am choosing to see this election as a repudiation of Trump, but not a repudiation of Republicans or conservatism. Β While that might be somewhat disappointing, I can live with the victories we did get. Β I live in a blue state (i.e. MA), but work in a Blue/purplish one (i.e. NH). Β I have friends with whom I can disagree politically and still respect them (much more so prior to Trump) and maybe with Trump going away we can go back to a less decisive political climate where we at least share a set of facts. Β So cheers to that Optimist Prime outlook, may all you fans of OA regain your fair share of mental health now that the worst of it is over.

I wish it were now time to relax for two months (we all enjoy the OA podcasts where Trump isn't mentioned), but we're not quite there yet. Β We still need to give intense scrutiny on what Trump does with hi

... keep reading on reddit ➑

πŸ‘︎ 26
πŸ“°︎ r/OpenArgs
πŸ’¬︎
πŸ‘€︎ u/mcg72
πŸ“…︎ Nov 07 2020
🚨︎ report
Few questions on crypto

Few questions... I need help for following stuff to understand... they make me confuse every time

  1. How we get integrity?... hashing
  2. How we get confidentiality?
  3. How we get authenticity?
  4. How we get non repudiation?... digital certification
  5. How we can prevent replay attack?
  6. How we can get privacy?
πŸ‘︎ 2
πŸ“°︎ r/cissp
πŸ’¬︎
πŸ“…︎ Jan 04 2021
🚨︎ report
CMMC IA.1.076 Identify information system users, processes acting on behalf of users, or devices.

Hi All....have a question. We use office 365 outlook on email. Basically the control states Businesses require unique identification of individuals in group accounts (e.g., shared privilege accounts) or for detailed accountability of individual activity. For example, countless enterprises have adopted digitally signed message policies for distribution group mailboxes. Moreover, digitally signed messages confirm to an email recipient that the message arrived from the actual sender. In this case, the sender is acting on behalf of the users within a distribution mailbox. Here the sender is uniquely identified acting on behalf of users within that distribution group. These technical controls enforce the principle of non-repudiation (that is, the sender can not claim the message was forged).

Here's the problem/Question...we have the ability to encrypt messages through Office 365 but not digitally sign? Does Office 365 have a feature to digitally sign emails? We can't encrypt group mail box messages unless.

We are all remote with our organization due to COVID-19.

πŸ‘︎ 2
πŸ“°︎ r/CMMC
πŸ’¬︎
πŸ‘€︎ u/gdorlexa
πŸ“…︎ Jul 01 2020
🚨︎ report
Blockchain in Healthcare

Meet Mr.Krishan.

He lives in Mumbai in India, and is 61 years old, after retirement he went to Delhi to continue his hobby of exploring the historical places. Mr.Krishan was exploring archeological sites in Delhi when he started feeling immense pain in his chest and experienced severe breathing problems. Some local guides called the ambulance and rushed him to the nearest hospital. Soon he was diagnosed with respiratory failure, and doctors started treatment.

Doctors asked some essential questions about his medical history, current medication, and allergies, but Mr. Krishan was too weak to answer their questions. All his medical records were at his local hospital in Mumbai, but the doctors in Delhi couldn't access those records. So doctors in Delhi hospital carried-on with testing Mr.Krishna from head to toe. After spending five days under observation and paying a hefty bill, he returned to Mumbai and canceled his further plans of exploring the historical sites.

This situation can happen to anyone and anywhere in the world. Let's face the truth; our healthcare system is corrupted, crippled, and lacks interoperability. Sometimes attempting to obtain or share medical records is an impeded and insecure process.

What is blockchain or blockchain technology?

Blockchain technology is already shaping the future as we speak and can be explained as a distributed ledger technology that provides shared and recorded information representing transactions, contracts, assets, and identities. Every new update is recorded in a block with a time-stamp and then added to the chain in sequential order, these entries are immutable, transparent, and traceable. Technological advancements like blockchain, IoT, AI, and other emerging technologies, play an essential role in transforming the healthcare industry. Blockchain technology enhances trust among members and ensures that data is tamper-proof in any manner. This aspect ensures non-repudiation and provides provenance of the assets exchanged within the network.

Why do we need blockchain technology?

We want the COVID 19 vaccine tomorrow, and we want it to be 100% authentic, but the reality is, it is not possible. The US economy dropped more than 30% in July 2020 that is worse than the great depression. People around the world are frightened due to losing their jobs, facing lockdowns, potential risk of viruses, losing their family members, and many other reasons.

People around the world are adopting digitization f

... keep reading on reddit ➑

πŸ‘︎ 2
πŸ“°︎ r/u_officialwscf
πŸ’¬︎
πŸ‘€︎ u/officialwscf
πŸ“…︎ Sep 02 2020
🚨︎ report
How does Smart Cards provide Integrity?

Smart Cards provide confidentiality, integrity, authentication, non-repudiation. I still don't know how a smart card support integrity, can you give an example?

πŸ‘︎ 3
πŸ“°︎ r/privacy
πŸ’¬︎
πŸ‘€︎ u/Methoo29
πŸ“…︎ Sep 11 2020
🚨︎ report
Intune/SCEP/AnyConnect help

Hello r/Intune,

Wondering if anyone has experienced similar problems as I am and have found a solution.

We have our MDM as Intune and have built out a SCEP infrastructure (using Microsoft's NDES implementation of the protocol) in order to seamlessly deliver identity certificates to iOS/Android devices in order for them to authenticate to our VPN using the AnyConnect.

I'm able to create a SCEP certificate profile within Intune, push it to my iOS device, and see the SCEP certificate show up in the Management Profile details within Settings.I'm also able to create a VPN profile within Intune specifying the SCEP certificate to be used for authentication and our internal PKI's root CA server cert as the root cert. And when the VPN profile pushes, I'm able to see the SCEP certificate available in AnyConnect > Diagnostics > Certificates.

But the problem is when I go to connect to my VPN using the VPN profile on the AnyConnect app. I get the error message saying 'This connection requires a client certificate, but no matching certificate is configured. Please modify the connection, choose a valid certificate, and try again.'

I worked with Cisco support and ended up getting the SCEP certificate issued to my iOS device from our internal PKI root CA server and putting it on my Windows machine. When using the Windows AnyConnect application I get the same error within the AnyConnect logs saying 'No valid certificates available for authentication.' What's weird is that when I set the certificate selection to manual, the only certificates I am presented with are certs in my user's personal store that have a private key associated with them, but I am under the assumption that private keys are not necessary for VPN authentication, that the ASA just checks that 1-the certificate is signed by a trusted ca cert and 2-it hasn't been revoked.

But Cisco support is emphatic that the cert needs a private key associated with it, and with the manual certificate selection mentioned in the previous paragraph, I'm wondering if they're right.**But** according to Microsoft Documentation (first paragraph - https://docs.microsoft.com/en-us/mem/intune/protect/troubleshoot-scep-certificate-device-to-ndes), in the SCEP flow the device generates a private key and a CSR and sends it to the NDES URL, so the iOS device should already have the private key on it...

Anyway, that's

... keep reading on reddit ➑

πŸ‘︎ 2
πŸ“°︎ r/Intune
πŸ’¬︎
πŸ“…︎ Apr 22 2020
🚨︎ report
Hiring DevOps to work on Network Infrastructure team of a new telecom project.

Hi,I'm a non-technical founding partner of a new WISP launching in Latam, using unlicensed spectrum. Our mission is to enable a wider access of the masses to internet. In the time of Covid, it became clear internet is a human right not a luxury. Yet too many people remain excluded, due to lack of options, infrastructures, or price.

We are envisioning what an internet provider will be like in 15 years, we aren't optimising a legacy infrastructure, we are revolutionising it.

We are building a light, scalable, adaptable, efficient infrastructure, using the latest 5G standards.

We are looking to add a Lead DevOps to our team to work on our software architecture.

Feedbacks on that post (mostly job requirements) are highly welcome, just as much as potential candidates.

Requirements:

- Develop and deploy database architecture for CRM, ERM, and Workforce Management including relational and non-relational DBs

  • Create, execute and maintain routing protocols
  • Define specs for Network virtualisation
  • Define server architecture
  • Deploy servers with continuous integration
  • Server maintenance
  • Load balancing
  • Maintaining and scaling APIs
  • Thorough understanding of application security concepts such as: authentication and authorisation mechanisms, data validity, data integrity, data confidentiality, data availability, logging and monitoring at different levels of the stack, and user non-repudiation
  • Account provisioning

Skills desired:

  • NoSQL
  • Knowledgeable about IP networks
  • Knowledge of the wifi protocols (802...)
  • Deep understanding of common web protocols (TCP/IP, HTTP, SSL/TLS), services (REST, SOAP), and supporting data formats (JSON, YAML and XML)
  • Deep expertise with telecommunications protocol
  • Spanish and English required
πŸ‘︎ 2
πŸ“°︎ r/jobs
πŸ’¬︎
πŸ‘€︎ u/blooswell
πŸ“…︎ Jun 24 2020
🚨︎ report
Self Signed Certs iOS/macOS Issue Solved

So I have been working on getting bitwarden_rs up and running in a homelab setting. No official domain so all certs were self signed and generated using openssl. I was having quite the issue with my iOS app and was following the steps laid out here https://github.com/dani-garcia/bitwarden_rs/wiki/Private-CA-and-self-signed-certs-that-work-with-Chrome . Turns out this is a little outdated for iOS 13 and macOS 10.15 as the actual cert can not be longer than 825 days and must include extendedKeyUsage flag https://support.apple.com/en-us/HT210176

so my ext file looked more like this

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = <local.domain>
DNS.2 = <vault.local.domain>

and my cert generation command looked like, 750 day (2 years) instead of the 3650 used in the example.

openssl x509 -req -in bitwarden.csr -CA <CA-issuer>.crt -CAkey <CA-issuer>.key -CAcreateserial -out bitwarden.crt -days 730 -sha256 -extfile bitwarden.ext

There we also a few steps I pieced together once I had the correct cert format/requirements.

  1. Copied the CA Issuer cert to my laptop
  2. shared the cert with my iPhone via airdrop, if not on a mac then you will need some other method of getting the cert to your phone
  3. Goto settings -> General -> Profiles . Here is where you should now see the cert you shared with your device. Click on it and go through the Install and Verify process.
  4. Goto Settings -> General -> About -> Certificate Trust Settings . Enable the cert you just installed as trusted, now any server cert that is signed by your local CA Authority should be trusted
  5. Get the server certificate to your device and Install in the same manner you did in step 1-3 for the issuer certificate. This time you will not need to do step 4 since the issuer is the trusted root

This should get you the full chain of trust from the root which is your CA Issuer to the intermediate which is the server certificate generated in the modified command I pasted above. I have learned quite a bit about TLS/SSL in the past couple days but still my weakest area of home labbing so pleas

... keep reading on reddit ➑

πŸ‘︎ 15
πŸ“°︎ r/Bitwarden
πŸ’¬︎
πŸ‘€︎ u/tshontikidis
πŸ“…︎ Jan 15 2020
🚨︎ report
Problem: Executive Secretary works with credentials from management

I found out that Executive Secretary works with the credentials from top management to approve workflows. Basically the top manager is often in a hurry and just approves documents on paper. The actual workflow is then approved by the Executive Secretary on the computer with the account of the manager. In my opinion and from a security point of view this should be changed. Furthermore if the manager is not in the office (e.g. business trip) this could also be a problem for non-repudiation.

The first thing would be an own account for the Executive Secretary (e.g. with an account name like "as representative of manager xyz", but this does not solve the problem that the acutal decision / approval has to be done by management and not by the Executive Secretary. I mean that the Executive Secretary must keep all approved paper documents in a personal archive for own personal protection.

Does someone else have a similar problem and a solution for this dilemma? Thank you in advance!

πŸ‘︎ 10
πŸ“°︎ r/ITdept
πŸ’¬︎
πŸ‘€︎ u/securely13
πŸ“…︎ Dec 01 2019
🚨︎ report
How would you go about archiving subreddit content in a trustworthy way? (geekery inside)

A project I've been kicking around, and finally have some time to devote to, will be an archiving tool (think like /u/snapshillbot) for use in meta subreddits. This isn't a new concept, but the concept of quarantined subreddits complicates issues somewhat:

  • You can't use third party archiving services, since you have to be on a logged-in account to see the content

  • Screenshots work, but are trivial to fabricate (inspect element)

  • Text is even easier to fabricate

Regarding text, I was thinking of doing something like capturing the raw source text at the time of the capture and then PGP signing that, which would give you both a timestamp and some degree of authenticity verification, but even that isn't foolproof.

Case in point, if I were evil enough, I could modify my tool's database by switching the captured text to something else, changing my computer's clock, re-signing it, and then posting the modified text, and nobody would be the wiser.

I'm aware of third party timestamp sources (basically, they sign a message saying that they signed X text at Y time), but AFAIK, there's no way to work these into a PGP signature that could be posted in plaintext example, so I think this option is dead as well.

My goals here with this tool are non-repudiation (this content verifiably existed on reddit at Y time) and integrity verification (the content captured was not modified in any way).

So really, I have two questions:

  • What, for you personally, does it take for a capture of a reddit post or comment to be trustworthy assuming lack of a neutral third party?

  • How would you achieve this as someone looking to make those captures when dealing with a quarantined subreddit?

πŸ‘︎ 15
πŸ“°︎ r/TheoryOfReddit
πŸ’¬︎
πŸ‘€︎ u/Shadilay_Were_Off
πŸ“…︎ Oct 16 2019
🚨︎ report
Potential risks of sharing a company cellphone.

Hello,

Our organization (which is 30,000 plus employees) has assigned has asked our team to be on-call for after hour emergency requests. We have one cell phone (with one line) which is rotated amongst different staff members bi weekly. The phone line and device is probably owned by our manager (we are not sure who owns it officially) but the phone is used by myself and my team mates on a biweekly basis. To me, right off the bat, I think that there is an issue of non-repudiation. The phone is under my manager's name, but is not being used by management , and then between our team it is being shared as well. I brought that up with management, but they don't seem to think it's a valid concern. What are your thoughts, and any other potential security risks with this model?

πŸ‘︎ 5
πŸ“°︎ r/cybersecurity
πŸ’¬︎
πŸ‘€︎ u/ladyinred1989
πŸ“…︎ Aug 07 2019
🚨︎ report
CISSP Domain 3 MindMap / Review Video focused on Cryptography

Hey all! After a long delay from my last video, the next one is finally up! This one focuses on Cryptography: https://youtu.be/LLRaa0kOMDM

Topics covered include Confidentiality, Integrity (Hashing), Authenticity, Non-Repudiation (Origin & Delivery), Access Control, Cryptographic terminology, Plaintext, Encryption, Key / Crypto variable, Decryption, Key clustering, Work factor, Initialization vector / Nonce, Confusion, Diffusion, Avalanche, Secret Writing, Hidden, Steganography, Null Cipher, Scrambled (Cryptography), One-way encryption, Hashing (MD5, SHA-1, SHA-2, SHA-3), Two-way encryption, Symmetric Cryptography, Block Ciphers (DES, 3DES, AES, Rijndael, CAST-128, SAFER, Blowfish, Twofish & RC5/RC6), Block Modes: (ECB, CBC, CBC, CFB, OFB & CTR), Stream Ciphers (RC4), Asymmetric Cryptography, Factoring, RSA, Discrete Logs, Diffie-Hellmann (key exchange), Elliptic Curve (ECC), El Gamal, DSA, Substitution (Caesar Cypher, Monoalphabetic, Polyalphabetic, Running & One-time Pads), and Transposition (Spartan Scytale & Rail Fence / zigzag)

Here are the other review / MindMap videos I have completed so far:

Domain 2

Domain 3

Domain 4

  • Coming soon(ish)!

Domain 5

Domain 6

Domain 7

Domain 8

I have also created a couple o

... keep reading on reddit ➑

πŸ‘︎ 27
πŸ“°︎ r/cissp
πŸ’¬︎
πŸ‘€︎ u/RWitchest
πŸ“…︎ Oct 15 2020
🚨︎ report

Please note that this site uses cookies to personalise content and adverts, to provide social media features, and to analyse web traffic. Click here for more information.