Tuesday, May 29, 2012

Open JavaScript

Javascript is now uncompressed and easy to read so that you can confirm what is happening to your data. If you are using Chrome, just right click on the screen and click "inspect data" to see the JavaScript.
Posted by at No comments:

Friday, May 25, 2012

Show HN

I would like to thank the Hacker News community for their great feedback! In case you missed it, here's the Show HN post.
Posted by at No comments:

Saturday, May 19, 2012

Hiding Location

Even if your message is secure, it is possible to track what IP address posted or viewed a deadrop. To protect against this, a user could simply use Tor to hide their location.  
Posted by at No comments:

Hijacking Javascript

It is possible for the JavaScript that encrypts your message to be hijacked by a hacker on delivery. The hacker can then inject code into the JavaScript do whatever he wants. Although this is unlikely, you shoudn’t post sensitive information on deadrop.us without using “SSL”. You can do this by visiting https://deadrop.us and accepting the warning or by visiting https://deadrop.herokuapp.com. You will not receive a warning on the latter because the key is signed for this domain (*.herokuapp.com) even though they are the exact same website. This will ensure that the JavaScript originated from the proper server and that it has been encrypted to prevent manipulation on delivery.
Posted by at No comments:
Subscribe to: Posts (Atom)