"After approximately 30 person hours, we concluded that the combination of incorrect directions, errors in provided scripts, and complicated design make it unreasonable for regular system administrators to set up DeadDrop correctly."
Sad. From the @ioerror/Schneier/Czeskis review of DeadDrop (now SecureDrop): http://homes.cs.washington.edu/~aczeskis/research/pubs/UW-CSE-13-08-02.PDF
Scorpio20, Mike Linksvayer likes this.
Mike Linksvayer, Matt Molyneaux, Christopher Allan Webber shared this.
Show all 8 replies
I wonder about the
fukken tab key. Anyway, I wonder about metadata stripping complaints. Consider the snowden leaks – he leaked the actual documents as they were created, not images of documents, not screenshots of documents, not something he himself wrote. The metadata is thus part of the leak, making it more credible. Stripping that makes the leak less credible. (OTOH, some leakers will of course take phone images etc.)
about the 1TB zip, they say "this attack is of independent interest as it goes beyond, to our knowledge, previous compression attacks", so a problem with accepting zip files at all.
unhammer: re zip attack, yeah, that's a known problem with zip files. You have to build in special logic to any upload that automatically unzips them looking for it. See: https://en.wikipedia.org/wiki/Zip_bomb
re metadata: have people analyzed the metadata of the Snowden files? I haven't downloaded anything but one or two of the redacted files, so I don't know how useful it is in this case (the only ones to see the metadata being the journalists, which aren't really equipped to judge authenticity).
re metadata: have people analyzed the metadata of the Snowden files? I haven't downloaded anything but one or two of the redacted files, so I don't know how useful it is in this case (the only ones to see the metadata being the journalists, which aren't really equipped to judge authenticity).