@sb_51_ Plusieurs articles. Par exemple https://twitter.com/carmelatroncoso/status/1153628475619794944
Notices by Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr), page 24
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 17:19:48 EDT Stéphane Bortzmeyer
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 17:18:38 EDT Stéphane Bortzmeyer
Now, technical plenary at #IETF105, on #privacy. Live at https://www.youtube.com/watch?v=VT4-xIZ-tNs
Arvind Narayanan and Steve Bellovin on stage.
Ted Hardie introducing Bellovin: "He was on Usenet. You may have heard of that."
Narayanan talks (very fast) about privacy measurements.
-
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 16:21:45 EDT Stéphane Bortzmeyer
@bakaniko Et Thalès, alors ?
In conversation from mastodon.gougere.fr permalink -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 15:05:49 EDT Stéphane Bortzmeyer
Currently listening to astronauts speaking from the moon. #IETF105 #Meetecho #garbled #remotePresentation #understandNothing
In conversation from mastodon.gougere.fr permalink -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:52:29 EDT Stéphane Bortzmeyer
In conversation from mastodon.gougere.fr permalink -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:44:11 EDT Stéphane Bortzmeyer
Some slides titles at #IETF105 are surprising:
"Privacy-conscious monitoring"
In conversation from mastodon.gougere.fr permalink -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:41:52 EDT Stéphane Bortzmeyer
% curl -s http://rdap.db.ripe.net/ip/31.133.136.194 | jq .country
"CH"In conversation from mastodon.gougere.fr permalink -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:38:59 EDT Stéphane Bortzmeyer
@R1Rail @cstrotm curl and jq are certainly available on Debian testing :-}
In conversation from mastodon.gougere.fr permalink -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:32:05 EDT Stéphane Bortzmeyer
@cstrotm "will replace". Well, may be, but whois already killed several contenders...
In conversation from mastodon.gougere.fr permalink -
Carsten Strotmann (cstrotm@mastodon.social)'s status on Wednesday, 24-Jul-2019 14:31:20 EDT Carsten Strotmann
RDAP ( RFC 7480 - 7484) will replace the old WHOIS protocol this August for some gTLD/nTLD registries.
I found the tools from https://openrdp.org useful:
https://github.com/openrdap/rdap
Working here on xBSD, macOS and Linux. Probably also work on Windows (haven't tested)
In conversation from mastodon.social permalink Repeated by bortzmeyer -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Wednesday, 24-Jul-2019 14:30:42 EDT Stéphane Bortzmeyer
Les exposés de chercheurs détaillant comment ils ont contourné le #chiffrement et découvert ce qu'il y a en dessous, c'est déprimant. #IETF105 #viePrivée #onVaTousMourir #tousÀPoil
In conversation from mastodon.gougere.fr permalink -
Procrastination as a Service (1hommeazerty@mamot.fr)'s status on Monday, 22-Jul-2019 11:50:20 EDT Procrastination as a Service
Je vais en acheter une dizaine pour mettre sur les bornes WiFi des collègues. On va bien rigoler !
In conversation from mamot.fr permalink Repeated by bortzmeyer -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 11:55:44 EDT Stéphane Bortzmeyer
Performances of #DoH (#DNS over HTTPS) and #DoT (DNS over TLS). Does it have consequences on user experience?
DoH (and DoT) can be, in some cases, *faster* than traditional DNS, thanks to the use of TCP.
In conversation from mastodon.gougere.fr permalink -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 11:46:17 EDT Stéphane Bortzmeyer
@tcit Yes, partially https://www.githubstatus.com/
In conversation from mastodon.gougere.fr permalink -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 11:39:31 EDT Stéphane Bortzmeyer
Oblivious DNS, a protocol for protecting privacy on the #DNS
Existing privacy techniques do not protect against the resolver. The resolver stills sees everything.
Solution: encrypted DNS-over-DNS tunnel between the client and the Oblivious DNS server (which pretends to be auth. but is actually the real resolver). It will see the query but not the user, and the default resolver wll see the user but not the query.
Implemented in Go. Good performances.
In conversation from mastodon.gougere.fr permalink -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 11:24:38 EDT Stéphane Bortzmeyer
7 % AS do it world-wide (17 % in China). So, it is common. Funnily, very often, responses are NOT tampered with.
Solutions: #DNSSEC validation on the client, encrypted DNS
In conversation from mastodon.gougere.fr permalink -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 11:24:16 EDT Stéphane Bortzmeyer
#DNS interception: who is answering my queries?
Internet access providers, governments, antivirus software and of course malware intercept DNS requests and send false replies.
How to measure its prevalence? Check at the auth. server if there is a request and where does it come from. Careful: interception policy may depend on many things (qtype, TLD in the qname, DNS resolver, etc).
#ANRW19 #IETF105In conversation from mastodon.gougere.fr permalink -
Alexander Bochmann (galaxis@mastodon.infra.de)'s status on Monday, 22-Jul-2019 11:03:24 EDT Alexander Bochmann
Woah, #PaloAlto: Silently fixed a pre-authentication remote code execution vulnerability in their VPN portal a year ago, and did not notify their customer. Anyone who didn't update their PanOS during the past year is still vulnerable (CVE-2019-1579).
http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
In conversation from mastodon.infra.de permalink Repeated by bortzmeyer -
Christine Lemmer-Webber (cwebber@octodon.social)'s status on Monday, 22-Jul-2019 11:00:05 EDT Christine Lemmer-Webber
Announcing ActivityPub Conf 2019! September 7th & 8th in Prague, immediately following Rebooting Web of Trust. https://dustycloud.org/blog/activitypub-conf-2019/
Space is limited, see post for details. We are also soliciting talks.
Hope to see you there!
In conversation from octodon.social permalink Repeated by bortzmeyer -
Stéphane Bortzmeyer (bortzmeyer@mastodon.gougere.fr)'s status on Monday, 22-Jul-2019 10:57:39 EDT Stéphane Bortzmeyer
"We will now see how to convert a password into an elliptic curve point." #cryptography #Dragonfly #ANRW19 #IETF105
In conversation from mastodon.gougere.fr permalink