You can disagree, but then how do you account for working examples of forgeries using ...

2024-08-05 01:17:25

You can disagree, but then how do you account for working examples of forgeries using tools provided by C2PA members? (I don't just say there are problems; I demonstrate the problems.)

Creating a forged signing certificates: https://www.hackerfactor.com/blog/index.php?/archives/1037-C2PA-and-Untrusted-Certificates.html

Altering "cryptographically signed" timestamps with nothing more than hexedit: https://www.hackerfactor.com/blog/index.php?/archives/1031-C2PA-from-the-Attackers-Perspective.html

And a long list of other vulnerabilities: https://www.hackerfactor.com/blog/index.php?/archives/1010-C2PAs-Butterfly-Effect.html

In my opinion, C2PA is nothing more than snake oil.

Author Public Key

npub1juzxwk54l455a96gh2ujty02wt3urjhht4q2uwzq8ctjvt26e88q7sse9n

Seen on

wss://relay.momostr.pink

Show more details

Published at

2024-08-05 01:17:25

Kind type

1 Short Text Note

Event JSON

{ "id": "79c275cfb1c6fbe69db2691e9b6f87622418cb7b33a5e2d36f8d78f6557900fc", "pubkey": "9704675a95fd694e9748bab92591ea72e3c1caf75d40ae38403e17262d5ac9ce", "created_at": 1722820645, "kind": 1, "tags": [ [ "p", "2f3afe951cf211bd163306f5698222e2f16c25b928743efba74f3d135d848c10" ], [ "p", "9704675a95fd694e9748bab92591ea72e3c1caf75d40ae38403e17262d5ac9ce" ], [ "e", "f7dc1df3c941d1665e4ef6be577ed170700ea18398441c4bb978151172266ae3", "", "root", "2f3afe951cf211bd163306f5698222e2f16c25b928743efba74f3d135d848c10" ], [ "p", "8c3cd29c32329fabbe47614cc7be0051e2ae8fbb2779704462c9fa14d01840b8" ], [ "e", "a5e2a7781a02e1b8fe5e917e6c145fc97ee56b5f5bf12edbb2a566fc2e4a72c2", "", "reply", "2f3afe951cf211bd163306f5698222e2f16c25b928743efba74f3d135d848c10" ], [ "proxy", "https://noc.social/@hackerfactor/112906773829547168", "web" ], [ "proxy", "https://noc.social/users/hackerfactor/statuses/112906773829547168", "activitypub" ], [ "L", "pink.momostr" ], [ "l", "pink.momostr.activitypub:https://noc.social/users/hackerfactor/statuses/112906773829547168", "pink.momostr" ], [ "-" ] ], "content": "You can disagree, but then how do you account for working examples of forgeries using tools provided by C2PA members? (I don't just say there are problems; I demonstrate the problems.)\n\nCreating a forged signing certificates: https://www.hackerfactor.com/blog/index.php?/archives/1037-C2PA-and-Untrusted-Certificates.html\n\nAltering \"cryptographically signed\" timestamps with nothing more than hexedit: https://www.hackerfactor.com/blog/index.php?/archives/1031-C2PA-from-the-Attackers-Perspective.html\n\nAnd a long list of other vulnerabilities: https://www.hackerfactor.com/blog/index.php?/archives/1010-C2PAs-Butterfly-Effect.html\n\nIn my opinion, C2PA is nothing more than snake oil.", "sig": "5bb866fe37530f9ade8a03c1586a451464eff375fb0027120f8d94549865174fe60d4249d8831537914091e61679b00a5b8f7552f4efd5b23f8ba16ef5e1e6a9" }

Hacker Factor on Nostr: You can disagree, but then how do you account for working examples of forgeries using ...