holden writes: "Ian Goldberg, leading security researcher, professor at the university of waterloo, cypherpunk and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk on protecting your IM conversations. He discusses OTR and its importance in today's world with warrant-less wire tapping and all that bad stuff. With OTR users benefit from being able to have truly private conversations over IM, by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An avi of the talk is available by http as well as by bittorrent and a bunch of other formats."
It seems to already do this. When I establish an OTR connection with someone for the first time it asks me to enter a shared secret. You also don't need to maintain the same public key between multiple machines that you might use.
metaoink writes: "Ian Goldberg, leading security researcher, professor and co-creator of the Off-the-Record Messaging (OTR) protocol recently gave a talk in which he discusses OTR and its importance in today's world. With OTR users benefit from being able to have truly private conversations over IM, by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. With the recent NSA wiretapping activities and increasing Big Brother presence, security and OTR are increasingly important. An XVID avi of the talk is available by http as well as by bittorrent and some other formats."
An anonymous reader writes: The creator of Off-the-Record Messaging (OTR), Ian Goldberg, recently gave a talk about OTR to the University of Waterloo. In his talk, Goldberg discusses why existing secure/encrypted IM implementations are flawed. He notes that those that provide authentication use digital signatures, which gives proof that a message was sent by the user. He also notes that some implementations, such as Trillian, are vulnerable to man-in-the-middle attacks. Goldberg then explains how OTR is able to overcome these deficiencies, and provide deniability and perfect forward secrecy. The math behind OTR is quite interesting and requires only a minimal understanding of cryptography. The talk is available via HTTP and BitTorrent and in a variety of formats.
Andareed writes: Ian Goldberg, co-creator of the Off-the-Record Messaging (OTR) protocol discusses OTR and its importance in today's world. Many instant messaging applications offer some form of encryption and authentication. However, most implementations are deficient. For example, Trillian's implementation is vulnerable to man-in-the-middle attacks. Most implementations also use digital signatures to authenticate, providing proof that you sent a certain message. OTR is designed to provide authentication while ensuring deniability and perfect forward secrecy. Plugins for Pigin/GAIM, Trillian, MSN, and others are available at the OTR website. With the recent NSA wiretapping activities and increasing Big Brother presence, you can't afford not to use OTR.
metaoink writes: "World famous security researcher and professor Ian Goldberg recently gave a talk on securing instant messaging using his invention, OTR.Instant messaging (IM) is an increasingly popular mode of communication on the Internet. Although it is used for personal and private conversations, it is not at all a private medium. Not only are all of the messages unencrypted and unauthenticated, but they are all routed through a central server, forming a convenient interception point for an attacker. With OTR users benefit from being able to have truly private conversations over IM, by using encryption to obtain authentication, deniability, and perfect forward secrecy, while working within their existing IM infrastructure. Many slashdot readers will have probably heard of OTR which is available for Gaim/Pidgin, and this talk outlines the motivation and implementation of OTR. An XVID avi by http of the talk is available as welll as by bittorrent and some other formats"
dalektcalum writes: Dr. Ann Cavoukian, Canada's Information and Privacy Commissioner, recently gave a talk entitled Privacy by Design. The talk starts of by covering the basics of privacy, and privacy law, and then moves onto the important component, how to design software that properly protects users privacy. The majourity of the time is spent on design principles, but also examines specific technologies (such as Elliptical Curve Cryptography).
holdenkarau writes: Canadian privacy commissioner, Dr. Ann Cavoukian, recently gave a talk entitled Privacy by Design to the University of Waterloo. The focus of the talk is how to use technology to enhance and protect privacy. Some of the technologies discussed included instant messaging, RFID tags and Elliptical Curve Cryptography (ECC). Then Dr. Cavoukian explained the "7 Privacy — Embedded Laws" followed by a discussion on a biometrics solution to encryption.
holden writes: "In a rare public talk, C++ creator Dr. Bjarne Stroustrup discusses his ideal in programming languages, as well how he sees the next version (and beyond) of C++ developing. He explains the general selection criteria used for adding new features, some of the legacy of C++, and many other interesting topics. Especially interesting is during the Q&A he explains his views of the embrace and extend mentality some implementations, such as VC++, have taken. The talk is available as an xvid avi, mpg, and other formats."
Mike writes: "In a recent talk,
C++ creator Bjarne Stroustrup described the goals he and the ISO C++ Committee have
for the next version of the C++ standard. The new standard, tentatively
'C++0x', aims to make programs easier to write and maintain
without sacrificing efficiency. Unfortunately, the challenges of
revising an existing language and the rigor required make the
standardization process slow and painful. The number of proposed
features for C++0x far exceeds the number that can feasibly be
standardized. Stroustrup describes two new features he believes
will make the language much more expressive: initializer lists and
concepts. The talk is available for download."
Mike writes: New users of the GIMP often become frustrated at the application's unwieldy user interface. For this reason Prof. Michael Terry and a group of researchers at the University of Waterloo have created ingimp, an modified version of the GIMP that collects real-time usability data. Terry recently gave a lecture about ingimp and the data it collects.
During each session, ingimp records events such as document creation, window manipulation, and tool use. A log of these events is sent to the ingimp server for analysis. The project hopes to answer questions such as "What is the typical monitor resolution of a GIMP user?" and "Is GIMP used primarily for photo editing or drawing?" Answers to these questions will help the GIMP developers find and fix GIMP's usability problems. For more information about ingimp, visit the project's web site.
GIMPFan writes: Most people who have ever tried the GIMP know that its UI leaves much to be desired. Thankfully, at least one person is doing something about it. Usability expert Michael Terry has created an instrumented version of the GIMP called ingimp. The key feature of ingimp is that it collects usability data in order to determine how people are using (or struggling to use) the GIMP. This data is made available on the ingimp site so that researchers can study usability in the GIMP, which can hopefully lead to improved usability of the GIMP.
Terry also recently gave a talk on his project. In his talk, he emphasizes that the user's privacy is a key consideration of the project. He notes that contrary to most usage-collecting applications, ingimp is open-source and that the collected data is available to anyone. He also notes that Inkscape is also very interested in creating an instrumented version.