Recently active topics in Wuala tagged with security

See the change log Browse by

Deelkar
2 people have this question 5 Replies

hash collisions handling
Show more... ...Show less

since Wuala seems to treat files with the same hash as equal, is there some additional verification (hashing the blocks perhaps) to further ensure no hash collision has happened, or is the hash used considered good enough so that the chance of a hash collision occuring (even when tried by malicious users) is sufficiently small?
How far into the future (not counting flaws to be found in the hashing algorithm) is this considered "safe"?

Reply to this question

Bugreport last replied on September 10, 2008 11:20
Johann
2 people have this question 1 Reply

Are Tags encrypted?
Show more... ...Show less

Are Tags encrypted? When I add tags to private or shared files (not world) are these tags also encrypted or are they to be read without a key (but with access to the file snippets)?

Reply to this question

nmat last replied on August 13, 2008 13:27
Moff
1 Reply

error loading security provider? wuala wont start
Show more... ...Show less

WARNING: Error loading security provider org.bouncycastle.jce.provider.BouncyCastleProvider: java.lang.ClassNotFoundException: org.bouncycastle.jce.provider.BouncyCastleProvider not found in gnu.gcj.runtime.SystemClassLoader{urls=[file:./loader2.jar], parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}}

WARNING: Error loading security provider gnu.crypto.jce.GnuCrypto: java.lang.ClassNotFoundException: gnu.crypto.jce.GnuCrypto not found in gnu.gcj.runtime.SystemClassLoader{urls=[file:./loader2.jar], parent=gnu.gcj.runtime.ExtensionClassLoader{urls=[], parent=null}}

wuala 147 @ ubuntu hardy, kernel 2.6.24-20
i got this error since yesterday....
wuala wont start..

You are using a Java version provided by Free Software Foundation, Inc..
Currently, Wuala only runs with Sun's JVM.
Please install Sun's JVM (1.5 or later) and try again.
(Start with argument '-nosun' to suppress this check.)

newest java is installed installed..

Reply to this question

Moff last replied on August 09, 2008 07:27
nickname
3 people have this problem 3 Replies

unannounced updates - risk of man-in-the-middle attack
Show more... ...Show less

hi there,

most of the times there are quite a number of new builds of wuala for certain platforms, sometimes several new builds daily and there are a lot of days where there isnt any changelog nor releasenotes to be found.

many times only days after the actual updates/patches or only several patches/releases later there is an updated releaselog.

this is a high risk of getting some "updates" for wuala from man-in-the-middle and similar risks.

i wish that the wuala team would really announce their changes immediately, write some official buildnumber/list and maybe even some hashcode, signature or way to make sure that the wuala installation is the official code.

as wuala becomes more widespread and common out there, the probability of suffering attacks and tampered updates/patches becomes more likely.

thanks for listening.

Reply to this problem

Deathbob last replied on May 28, 2008 17:43
disciple
5 Replies

Threatfire keeps warning me that wuala is "logging keystrokes"
Show more... ...Show less

It has happened twice already. yesterday and today (i have installed wuala for over a week). threatfire considers it a high security risk. i've temporarily allowed wuala to run even though i can't imagine why keylogging is needed.

What could trigger this? Is it a false positive or is there some security issue we should know about?

Reply to this question

Roger (Official Rep) last replied on May 21, 2008 18:39
nickname
2 people have this problem 4 Replies

huge security risk: loads of files in %temp%\wuala\ lately - (original unencrypted files in there)
Show more... ...Show less

hi there,

during my recent upload tests via filesystem integration method (see other thread http://getsatisfaction.com/wuala/topi... ) i somewhen realized that there are hugeloads of files in %temp%\wuala\ which wasnt the case in former builds of wuala.

there are also two directories in there (download and upload)

in the actual %temp%\wuala\ folder there seem to be a very big number of "original" files which i was trying to upload into the wuala store it seems.

the filenames have been changed somewhat to

hexnumber-originalfilename.extension

example:
f3edab22-mypicture.jpg
(hexnumber is maybe some hash/crc/crc32 or something)
the files are unencrypted, so i can actually use them with the appropriate application as they all hold the actual data (pictures, and so on....)

is this some bug? anyway related to my other thread? i suppose this is a huge security risk as even with reboots, wuala clients shutdown/restart these folders dont seem to go away or dont get empied nor cleaned up and the files can be seen by "anybody" who has access to the physical machine.

this is really weird. anyone else having this behaviour? win32/winxp that is. wuala426

Reply to this problem

Bugreport last replied on May 21, 2008 11:41
rufius
2 people have this question 1 Reply

Whats the protocol that Wuala is using to transfer data over the internet?
Show more... ...Show less

I'm curious as I'm wondering if I'll set off the "trip wires" of my University's P2P filter?

Reply to this question

nickname last replied on January 23, 2008 14:49

Ask a question, share an idea, or report a problem about Wuala tagged "security" See all Wuala tags

Ask a question, share an idea, or report a problem about Wuala and get help from 9 employees and thousands of customers

Browse topics by tags

Recently active topics in Wuala tagged with security

hash collisions handling

Are Tags encrypted?

error loading security provider? wuala wont start

unannounced updates - risk of man-in-the-middle attack

Threatfire keeps warning me that wuala is "logging keystrokes"

huge security risk: loads of files in %temp%\wuala\ lately - (original unencrypted files in there)

Whats the protocol that Wuala is using to transfer data over the internet?

About Wuala

Get Involved

Wuala links

Site Links

About

Start a topic