@sb_51_ Plusieurs articles. Par exemple https://twitter.com/carmelatroncoso/status/1153628475619794944
Notices by Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr), page 24
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 17:19:48 EDT 
Stéphane Bortzmeyer
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 17:18:38 EDT
Stéphane Bortzmeyer
Now, technical plenary at #IETF105, on #privacy. Live at https://www.youtube.com/watch?v=VT4-xIZ-tNs
Arvind Narayanan and Steve Bellovin on stage.
Ted Hardie introducing Bellovin: "He was on Usenet. You may have heard of that."
Narayanan talks (very fast) about privacy measurements.
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 16:21:45 EDT
Stéphane Bortzmeyer
@bakaniko Et Thalès, alors ?
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 15:05:49 EDT
Stéphane Bortzmeyer
Currently listening to astronauts speaking from the moon. #IETF105 #Meetecho #garbled #remotePresentation #understandNothing
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:52:29 EDT
Stéphane Bortzmeyer
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:44:11 EDT
Stéphane Bortzmeyer
Some slides titles at #IETF105 are surprising:
"Privacy-conscious monitoring"
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:41:52 EDT
Stéphane Bortzmeyer
% curl -s http://rdap.db.ripe.net/ip/31.133.136.194 | jq .country
"CH" -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:38:59 EDT
Stéphane Bortzmeyer
@R1Rail @cstrotm curl and jq are certainly available on Debian testing :-}
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:32:05 EDT
Stéphane Bortzmeyer
@cstrotm "will replace". Well, may be, but whois already killed several contenders...
-
Carsten Strotmann (cstrotm@mastodon.social)'s status on Wednesday, 24-Jul-2019 14:31:20 EDT 
Carsten Strotmann
RDAP ( RFC 7480 - 7484) will replace the old WHOIS protocol this August for some gTLD/nTLD registries.
I found the tools from https://openrdp.org useful:
https://github.com/openrdap/rdap
Working here on xBSD, macOS and Linux. Probably also work on Windows (haven't tested)
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:30:42 EDT
Stéphane Bortzmeyer
Les exposés de chercheurs détaillant comment ils ont contourné le #chiffrement et découvert ce qu'il y a en dessous, c'est déprimant. #IETF105 #viePrivée #onVaTousMourir #tousÀPoil
-
Procrastination as a Service (1hommeazerty@mamot.fr)'s status on Monday, 22-Jul-2019 11:50:20 EDT 
Procrastination as a Service
Je vais en acheter une dizaine pour mettre sur les bornes WiFi des collègues. On va bien rigoler !
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 11:55:44 EDT
Stéphane Bortzmeyer
Performances of #DoH (#DNS over HTTPS) and #DoT (DNS over TLS). Does it have consequences on user experience?
DoH (and DoT) can be, in some cases, *faster* than traditional DNS, thanks to the use of TCP.
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 11:46:17 EDT
Stéphane Bortzmeyer
@tcit Yes, partially https://www.githubstatus.com/
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 11:39:31 EDT
Stéphane Bortzmeyer
Oblivious DNS, a protocol for protecting privacy on the #DNS
Existing privacy techniques do not protect against the resolver. The resolver stills sees everything.
Solution: encrypted DNS-over-DNS tunnel between the client and the Oblivious DNS server (which pretends to be auth. but is actually the real resolver). It will see the query but not the user, and the default resolver wll see the user but not the query.
Implemented in Go. Good performances.
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 11:24:38 EDT
Stéphane Bortzmeyer
7 % AS do it world-wide (17 % in China). So, it is common. Funnily, very often, responses are NOT tampered with.
Solutions: #DNSSEC validation on the client, encrypted DNS
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 11:24:16 EDT
Stéphane Bortzmeyer
#DNS interception: who is answering my queries?
Internet access providers, governments, antivirus software and of course malware intercept DNS requests and send false replies.
How to measure its prevalence? Check at the auth. server if there is a request and where does it come from. Careful: interception policy may depend on many things (qtype, TLD in the qname, DNS resolver, etc).
#ANRW19 #IETF105 -
Alexander Bochmann (galaxis@mastodon.infra.de)'s status on Monday, 22-Jul-2019 11:03:24 EDT 
Alexander Bochmann
Woah, #PaloAlto: Silently fixed a pre-authentication remote code execution vulnerability in their VPN portal a year ago, and did not notify their customer. Anyone who didn't update their PanOS during the past year is still vulnerable (CVE-2019-1579).
http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
-
Christine Lemmer-Webber (cwebber@octodon.social)'s status on Monday, 22-Jul-2019 11:00:05 EDT 
Christine Lemmer-Webber
Announcing ActivityPub Conf 2019! September 7th & 8th in Prague, immediately following Rebooting Web of Trust. https://dustycloud.org/blog/activitypub-conf-2019/
Space is limited, see post for details. We are also soliciting talks.
Hope to see you there!
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 10:57:39 EDT
Stéphane Bortzmeyer
"We will now see how to convert a password into an elliptic curve point." #cryptography #Dragonfly #ANRW19 #IETF105
All Jonkman Microblog content and data are available under the