Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Espionge.app's lack of plausible deniability (Was: TrueCrypt Alternatives?)

Steve Weis steveweis at gmail.com
Mon Oct 6 18:04:24 PDT 2014


To start with, the fake sparesebundle metadata and band modification
times (i.e. the metadata's metadata) are distinguishable from a real
sparsebundle's. Espionage's attempt to manipulate the metadata
actually seems to be giving away which ones are fake.

Take a look at each sparesbundle's "bands" directory modification time
as well as the distribution of individual bands' modification times:
.../com.taoeffect.Espionage3/Data $ ls -R -l

In my case, I was immediately able to spot the real
{UUID}.sparsebundle directory among many fake ones.

On Mon, Oct 6, 2014 at 1:52 PM, Greg <greg at kinostudios.com> wrote:
> Dear Steve,
>
> Espionage manipulates the filesystem metadata for sparsebundles, so it's
> unclear to me whether you actually were able to distinguish them or not, but
> if you were, please send an email to contact at taoeffect.com with your results
> and we'll fix it!



More information about the liberationtech mailing list