hackerfactor.bsky.social
Computer security specialist, forensic researcher, and founder of FotoForensics. Sleep is not necessary.
49 posts
77 followers
5 following
Regular Contributor
Active Commenter
comment in response to
post
Leopards! Faces!
comment in response to
post
Wow. Definitely rewriting history.
comment in response to
post
"Courts are adversaries"? I disagree. They are supposed to be impartial. It's up to the prosecution and defense to show evidence. Email can be used as evidence. What's the problem here?
comment in response to
post
Wait... I don't get it. Doesn't publishing the old secret keys mean that someone (anyone) can backdate any email and make it appear is if it was sent? That's going to seriously impact legal cases that include email as evidence.
comment in response to
post
Today, most spam is either from:
(A) A domain lacking both SPF and DKIM. (Many mail servers outright reject these emails.)
(B) A compromised mail server.
(C) A server that didn't authenticate/validate their users very well (KYC) and permits relaying spam.
comment in response to
post
The caveat is that DKIM signs as the server, not the user. Any user who is allowed to use the server can get a valid DKIM signature. But that's the KYC problem.
comment in response to
post
SPF and DKIM dramatically reduce spam.
SPF ensures that the sender is allowed to send.
DKIM prevents MitM alterations, IP hijacking, and ensures that the email really did come from the sender.
comment in response to
post
Looking at my mail logs. Every single email that has invalid DKIM is spam. My DMARC emails regularly receive reports of unauthorized senders who failed the SPF and DKIM checks.
While DKIM isn't perfect, it dramatically reduces spam.
comment in response to
post
Do Russian airplanes have balconies? "Accidentally" falling off balconies seems like the #1 cause of death in Russia. They should have better building regulations.
comment in response to
post
Going by statistics of airplane vs car. You're less likely to be involved in an accident in an airplane. However, you are more likely to survive an accident in a car.
comment in response to
post
Here's a link to the larger (readable) diagram. Very interesting! media.springernature.com/m2048/spring...?
comment in response to
post
It's been 3 years. (That Starling Labs picture is from April 2021.) *None* of the issues demonstrated by that picture have been resolved today.
comment in response to
post
I just noticed that @adamrose.bsky.social is the COO of Starling Labs. Starling Labs' C2PA demonstration authenticated a picture that had alterations and inconsistent metadata. What they did by accident can easily be used for intentional fraud.
hackerfactor.com/blog/index.p...
comment in response to
post
More reviews:
hackaday.com/2023/11/30/f.... Hackaday describes how to use Adobe's C2PA solution to create authenticated forgeries.
comment in response to
post
Sample external reviews:
spectrum.ieee.org/meta-ai-wate... Article says Meta's AI Watermarking, but talks about C2PA's approach. "Flimsy, at best".
www.technologyreview.com/2023/07/31/1... MIT Tech review says C2PA will "not stem the harm of machine-generated misinformation."
comment in response to
post
SEAL is based on the publicly reviewed and widely adopted DKIM for securing email. There are few independent reviews of C2PA, and they are all negative -- C2PA does not provide validation. (My own blog repeatedly demonstrates weaknesses in the C2PA solution.)
comment in response to
post
In response to a challenge by C2PA's chief architect to come up with a different solution, I created SEAL. SEAL provides a tamper-proof signature, authenticates the signer, and prevents signature impersonations. SEAL is also smaller, faster, and supports more file formats than C2PA.
comment in response to
post
Hello Adam Rose and Bots Don't Cry,
I just saw this thread.
C2PA is an Adobe-centric solution that does not validate content, metadata, or signatures. Because it is based on "trust", it does nothing to prevent forgeries or false attribution.
comment in response to
post
Can you make sure it streams on Roku? Sometimes your tech folks forget...
comment in response to
post
Thank you!
comment in response to
post
It's not just leopards eating faces. They all have leopards.
comment in response to
post
Another option: Check the copyright page in the book. (It's usually the 4th printed page.) There should be a credit for the cover art.
But I agree: he should take this up with the publisher before making public accusations on Bluesky.
comment in response to
post
One interesting fact: Authors almost never have a say about the cover artwork. That's all from the publisher. (I'm definitely no John Scalzi, but I had no say in my books titles and little influence over the cover art. I was allowed to reject one cover art one time.) Talk to the publisher.
comment in response to
post
Hold up... You're a "micro celebrity"? I thought I only followed "big names". Does this mean one of the cats is the real celebrity? (And if so, which one?????)
comment in response to
post
Wait... your spouse GAVE YOU MONEY for it? That only happens to me along with the phrase "now will you leave me alone?"