Category Archive: network (in)security

Feb 12 2014

checking client-side ssl/tls

At the tail end of last year I mentioned a couple of tools I had used in my testing of SSL/TLS certificates used for trivia itself and my mail server. However, that post concentrated on the server side certificates and ignored the security, or otherwise, offered by the browser’s configuration. It is important to know …

Continue reading »

Permanent link to this article: http://baldric.net/2014/02/12/checking-client-side-ssltls/

Jan 20 2014

thrust update

I have just run a search for further evidence of the possible compromise at thrustvps and found threads on webhostingtalk, vpsboard, freevps.us and habboxforum amongst others. All of those comments are from people (many, like me, ex-customers) who have received emails like the one I referred to below. So, I guess thrust /do/ have a …

Continue reading »

Permanent link to this article: http://baldric.net/2014/01/20/thrust-update/

Jan 18 2014

thrustvps compromised?

I have not used thrust since my last contract expired. I left them because of their appalling actions at around this time last year. However, today I received the following email from them: From: Admin To: xxx@yyy Subject: Damn::VPS aka Thrust::VPS Date: Sat, 18 Jan 2014 03:28:06 +0000 This is a notification to let you …

Continue reading »

Permanent link to this article: http://baldric.net/2014/01/18/thrustvps-compromised/

Dec 10 2013

ssl cipher check

My recent explorations of how to strengthen the ssl/tls certificates I use on both trivia and my mail service have given me cause to look for tools to help me test my configuration. The Calomel firefox plugin and sslabs site are very useful for checking HTTPS configurations, but they are fairly specifically aimed at that …

Continue reading »

Permanent link to this article: http://baldric.net/2013/12/10/ssl-cipher-check/

Sep 20 2013

that’s another password I have to change

Michael Horowitz has posted an interesting article over at Computer world. In it he points out that, by default, most android devices (tablets and ‘phones) routinely ‘phone home to Google to back up Wi-Fi passwords along with other assorted settings. Google sells this option as a convenience to help you regain settings after you upgrade …

Continue reading »

Permanent link to this article: http://baldric.net/2013/09/20/thats-another-password-i-have-to-change/

Sep 10 2013

tor node upgrade

I have switched my tor node to the experimental branch and it is now running version 0.2.4.17-rc. The huge load on the network seen since the botnet starting using it on about 19 August last has forced the tor project team to recommend that all relay operators move to the 0.2.4 branch (and this release …

Continue reading »

Permanent link to this article: http://baldric.net/2013/09/10/tor-node-upgrade/

Aug 23 2013

thank you citizen

Imagine Dave’s censorship (^W) surveillance program outsourced to G4S.

Permanent link to this article: http://baldric.net/2013/08/23/thank-you-citizen/

Aug 10 2013

tor users under attack

The Tor network does not just provide anonymous internet access, it also provides for so-called hidden services. These services are not visible outside the Tor network and are only reachable over Tor. The servers are given Tor specific addresses of the form “xyz123.onion” (actually, the addresses are a little more complicated than that because the …

Continue reading »

Permanent link to this article: http://baldric.net/2013/08/10/tor-users-under-attack/

Aug 03 2013

security failure at digital ocean

This morning I received an email from Digital Ocean titled “Avoid Duplicate SSH Host Keys”. The email said: “If you have created an Ubuntu Droplet or snapshot prior to July 2nd, DigitalOcean recommends regenerating the SSH host keys. Droplets based on standard images now create unique SSH host keys.” (This, of course, implies that they …

Continue reading »

Permanent link to this article: http://baldric.net/2013/08/03/security-failure-at-digital-ocean/

Jul 26 2013

soldier available cross magnet

I am in the process of changing passwords on a bunch of different systems/applications and have been pondering my algorithms, so to speak. Like my friend David, I have an internal model of varying password schemes which I can use in different places. This means that I can happily pick a password for a low …

Continue reading »

Permanent link to this article: http://baldric.net/2013/07/26/soldier-available-cross-magnet/

Jul 26 2013

how not to hide

I have written several times in the past about the tedious crud which hits my blog spam filters. Of late I have seen an increase in spam which looks, at first sight, plausible comment, but on closer inspection turns out to have the usual links to sites flogging cheap copies of western luxury goods. A …

Continue reading »

Permanent link to this article: http://baldric.net/2013/07/26/how-not-to-hide/

Jul 21 2013

ubuntu forums compromised

Right now (21.00 today), the ubuntu forums site says it is “down for maintenance”. It appears to have been down since yesterday. The site reports: There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly …

Continue reading »

Permanent link to this article: http://baldric.net/2013/07/21/ubuntu-forums-compromised/

Older posts «

» Newer posts