![]() Each offers different sensitivity, each of them quite accurate by itself, together meant to produce an highly accurate signal for entry and an early warning for open trades, 3 indicators, handpicked from literally hundreds I've tested. And by any means this is no advice, financial or otherwise. This entails, that bullish or bearish signals given in this series do not portray my sentiment towards any particular project. ![]() Against -that- kind of attack, key-exchange is easy.This is the cryptocurrency market outlook, based on my magical cocktail of purely technical indicators. With "more secure" in this context, I mean simply: the odds that the government of Syria will read the chat-contents, is lower.Įase of use *does* have value, and encrypted chat that works with zero installation is useful - yes you need to securely exchange keys, and that's a problem - but it's primarily a problem if you worry about being the victim of a *targeted* attack, and that's not the issue here, the worry is over passive sweeping passively eavesdropping on everything and grepping for interesting words kind of attack. It's reasonable to consider crypto-cat more secure than unencrypted chat. Trade-offs are the rule, not the exception in the real world. Yes I know about signatures on packages, but most windows-users don't, and even then you still need to trust the person signing the package. You say neither why it's a bad idea, nor what one should do instead.Ĭrypto-cat *does* suffer from quite a few problems, the biggest one I'm aware of being the need to somehow securely exchange keys, and the fact that you need to trust the folks running the website.īut those vulnerabilities exist in all programs - if I download Pidgin with OTR, I need to trust the folks creating pidgin and running the website I download it from. I'm not really seeing a scenario where Cryptocat actually delivers on the hype. If you're worried about someone that can hijack SSL sessions, then you're screwed anyways if you're using the website version, which is almost assuredly the version you'd be using on one of those machines. so basically anyone that isn't approaching the power of a nation state), then the SSL certificate alone would do a good enough job securing the communication (and many common chat protocols support SSL connections. For any casual malicious entities on the network (i.e. If it's the owner (or anyone else that can touch them) of each of those machines, you can simply forget about that to begin with, as a keylogger would easily defeat Cryptocat (and OTR, and everything else that didn't encrypt the data before it entered the computer). > chat privately from an internet bar, a kiosk, a computer in hotel,etcĮxactly who are you wanting privacy from? I'd imagine, though, it'd depend hugely on which client you used it with (I'm sure some are absolute nightmares). ![]() The few times I've bothered to use OTR, it was incredibly easy to setup (no more difficult than any program). To me, it was non-obvious that you could even retrieve the other party's key by clicking their name. Sadly, Cryptocat doesn't even bother to inform the users of this fact, so most users will probably not even realize they need to take such steps, and will just blindly assume the other party is the person they assume it is (and couldn't POSSIBLY be someone performing a MITM attack). Alternatively, if you manage to disable the auto update, you could end up stuck using a version with known security issues (hardly an ideal situation, either! but that's more so an issue with Chrome's model and sensitive data).Įven ignoring that avenue of attack, the users are still stuck with the classic problem of having to verify the other party's key via some trusted channel. I've not really looked at Cryptocat in a few months (not since the last time there was a lot of buzz about it), but back then, the Chrome 'app' wasn't entirely self contained, and was still grabbing a number of resources from remote sites (I don't believe any were javascript files, but still more than enough to do tracking and potentially other nasty things).Īlso, Chrome apps will automatically update themselves, so even if the current version is totally safe, there's no guarantee that it won't update itself 5 minutes later with a version that forwards all your messages to nsa.gov (or ).
0 Comments
Leave a Reply. |