Outfits that haven't installed patches since February are getting popped in May by a vuln that was published in January.

Unable to decrypt message

Unable to decrypt message

Unable to decrypt message

Unable to decrypt message

Unable to decrypt message

Unable to decrypt message

...

For non-profits (like 501(c)(3)'s) that's not unusual. Non-profits are more like specialized tools for the board of directors than like companies.

Source: First ten years of my career were at non-profits.

Destination port 123/udp isn't Tor. That's NTP.

Wow. That's certainly a creative take on things.

Oh, for fuck's sake... no. It isn't. And I find myself pondering whether or not the article's authors are themselves sapient.

You might want to reconsider patronizing Sticker Mule, especially if you're family.

Publishing everything on a blockchain means that everybody who's running a node has access to a copy. If confidentiality of communications is an issue, this may as well be a data breach with a few more steps. Also, how does giving everybody running a part of or monitoring the blockchain equate with "control over personal data?"

Centralized control: Only one entity can see it. Blockchain: Lots of third parties run a node, so every node can see it.

Each channel has a separate ledger: That makes surveillance of a particular communications channel much easier. Thanks. Also, each user has to have a keypair; great for pseudnonymity, lousy for repudiability.

Messages cannot be altered but they can be audited to prove their metadata. Did they learn nothing from the Obama administration? At this point in the paper I can't shake the feeling that this is a deliberate effort to invert all of the properties of privacy.

Smart contract: Yay, more deliberately memory unsafe programming. I guess they never played with Core Wars as kids, either.

An attacker would be unable to breach the network: An attacker would just have to stand up a node. If channels are side ledgers on a blockchain, and the network assumes that nodes can come and go (which they all do, as far back as bitcoind), any node can join, say "Hey, I'd like to join this channel," and get at the very least a pointer to the side ledger for that channel.

Long-term storage of communications is dangerous, mm'kay?

It's Apple.

What's the catch?

Oracle doesn't have customers, it has hostages.

More and more, companies are giving their sysadmins and coders Macbooks rather than Wintel laptops. It's been an upward trend in last eight or nine years. I've always thought it was to head 'em off at the pass so they won't install un-remotely managed and un-monitored Linux distros on company equipment. At any rate, a lot of proprietary stuff winds up on corporate Macbooks, which means targets worth going after. As for availability of exploits for OSX, folks have been hoarding them for this kind of situation. These days, you wait for an optimum target environment before you unleash your 0-days.

I'm going on professional year 24 of clients requiring that IPv6 be deactivated on every device in their network. Whee.