Category: network (in)security

Jul 17 2013

save your money – just use tails

I suppose it was inevitable that the Snowden revelations would lead to greater interest in privacy and anonymity. I applaud that. I suppose it was also inevitable that there would be a rash of commercial products emerging from both “entrepreneurs” and the more established “security” companies to take advantage of that increased interest. That, I …

Continue reading »

Permanent link to this article: http://baldric.net/2013/07/17/save-your-money-just-use-tails/

Jul 15 2013

tor and https at eff

For those of you unsure of what might leak where and when using tor and/or https to protect your browsing, there is a useful interactive graphic on the EFF site. As EFF point out, the potentially visible data includes: the site you are visiting, your username and password, the data you are transmitting, your IP …

Continue reading »

Permanent link to this article: http://baldric.net/2013/07/15/tor-and-https-at-eff/

Jul 14 2013

base64 gets past omani deep packet inspection

Back in December 2011 Roger Dingledine and Jacob Applebaum of the torproject gave a talk at the 28th Chaos Communication Congress titled “How governments have tried to block Tor“. That talk focused on the arms race between privacy campaigners and technologists working on tor and the actions of oppressive governments. The presentation gave many examples …

Continue reading »

Permanent link to this article: http://baldric.net/2013/07/14/base64-gets-past-omani-deep-packet-inspection/

Jun 16 2013

prism opt-out

In all the noise on the ‘net about the alleged NSA PRISM program, this new site offers an amusing, but nonetheless useful, list of free alternatives to proprietary software. In part the site sort of misses the point about PRISM, but it is still good to see someone taking the time to point out that …

Continue reading »

Permanent link to this article: http://baldric.net/2013/06/16/prism-opt-out/

Mar 27 2013

gchq recruitment site stores plaintext passwords

I can’t resist this. El Reg today points to a blog post by a guy called Dan Farrall who has commented on his experience of receiving a plain text reminder of his GCHQ recruitment site password by email after filling out its forgotten password form. Farrall’s blog post is worth reading. Whilst he acknowledges that …

Continue reading »

Permanent link to this article: http://baldric.net/2013/03/27/gchq-recruitment-site-stores-plaintext-passwords/

Dec 19 2012

no sites are broken

Or so the wordpress post at wordpress.org would have us believe. However, I think there is flaw in both their logic, and their decision making here. I spotted the problem following an upgrade to wordpress 3.5 on a site I use. One of the plugins on that site objected to the upgrade with the following …

Continue reading »

Permanent link to this article: http://baldric.net/2012/12/19/no-sites-are-broken/

Dec 14 2012

password theft

I have mentioned odd postings to bugtraq before. Today, one “gsuberland” added to the canon with a gem about the Netgear WGR614 wireless router. He says in his post that he has been “reverse engineering” this router. Now for most bugtraq posters (and readers) this would mean that he has been disassembling the firmware. But …

Continue reading »

Permanent link to this article: http://baldric.net/2012/12/14/password-theft/

Dec 10 2012

tor and the UK data communications bill

As a Tor node operator, I have an interest in how the draft UK Data Communications Bill would affect me should it be passed into law. In particular, I would be worried if Tor ended up being treated as a “telecommunications operator” within the terms of the Act (should it become an Act). Fortunately, Steven …

Continue reading »

Permanent link to this article: http://baldric.net/2012/12/10/tor-and-the-uk-data-communications-bill/

Oct 05 2012

a positive response

Whenever my logs show evidence of unwanted behaviour I check what has happened and, if I decide there is obviously hostile activity coming from a particular address I will usually bang off an email to the abuse contact for the netblock in question. Most times I never hear a thing back though I occasionally get …

Continue reading »

Permanent link to this article: http://baldric.net/2012/10/05/a-positive-response/

Sep 09 2012

iptables firewall for servers

I paid for a new VPS to run tor this week. It is cheaper, and offers a higher bandwidth allowance than my existing tor server so I may yet close that one down – particularly as I recently had trouble with the exit policy on my existing server. In setting up the new server, the …

Continue reading »

Permanent link to this article: http://baldric.net/2012/09/09/iptables-firewall-for-servers/

Aug 23 2012

tails has not been hacked

I run a tails mirror on one of my VMs. Earlier this week there was a flurry of anxious comment on the tails forum suggesting that the service had been “hacked”. Evidence pleaded in support of that theory included the facts that file timestamps on some of the tails files varied across mirrors, one of …

Continue reading »

Permanent link to this article: http://baldric.net/2012/08/23/tails-has-not-been-hacked/

Jun 19 2012

fail

My new bank (which is actually one of the few remaining mutuals in the UK) sent me my voting forms for the AGM today (by postal mail). The information pack included details of how to vote on-line should I choose to do so, together with two unique “voting codes” one of eight digits the other …

Continue reading »

Permanent link to this article: http://baldric.net/2012/06/19/fail/