(credit: Samuel Huron)

On Thursday, the Tor Project released its first public beta of Tor Messenger, an easy-to-use, unified chat app that has security and cryptography baked in. If you care about digital security, you should ditch whatever chat program you're using and switch to it right now.

The app is specifically designed to protect location and routing information (by using Tor) and chat data in transit (by using the open source Off-The-Record, or OTR, protocol). For anyone who has used a similar app (like Pidgin or Adium), Tor Messenger’s interface will be fairly self-explanatory, but there are two notable quirks.

First, by default, it will not allow you to send messages to someone who doesn’t support OTR—but there is an option to disable that feature. (We’ll get to that in a minute.) Second, unlike Pidgin or Adium, Tor Messenger cannot log chats, which is handy if you’re privacy-minded.

Read 17 remaining paragraphs | Comments


A couple of people expressed interest in the ransomed files I recovered in my last diary entry.

I can not release those files, but I did create a similar file: ransomed-file.bin.

If you want to try to recover the picture in ransomed-file.bin, be aware that I released a new version of my byte-stats tool: byte-stats-V0_0_2.zip. It can find simple sequences and contains a man page now: run byte-stats.py -m to display the man page.

And if you manage to recover the jpeg file: let me know what you think this picture is ;-)

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com
IT Security consultant at Contraste Europe.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Internet Storm Center Infocon Status