Category: security

Dec 07 2013

TLS ciphers in postfix and dovecot

A recent exchange amongst ALUG email list members about list etiquette resulted in a flurry of postings on a variety of related topics. I posted a flippant comment about top posting, but did so (deliberately) from my Galaxy tab using Samsung’s default email client which actually forces top posting. Steve responded suggesting that I look …

Continue reading »

Permanent link to this article: http://baldric.net/2013/12/07/tls-ciphers-in-postfix-and-dovecot/

Nov 27 2013

necessary and proportionate

image of website

Yesterday I received an email from the Open Rights Group asking me to sign an on-line petition set up in collaboration with nearly 300 other organisations. The email said: In 2013, we learned digital surveillance by governments across the world knows no bounds. Their national intelligence and investigative agencies capture our phone calls, track our …

Continue reading »

Permanent link to this article: http://baldric.net/2013/11/27/necessary-and-proportionate/

Nov 26 2013

more ninjastiks

In July I noted that a company calling itself Ninjastik had popped up selling what looked to be essentially the Tor Browser Bundle on an 8 Gig stick for $56.95 or a 16 Gig stick for $69.95. As I expected, we have now seen one or two more companies attempting to sell products which leverage …

Continue reading »

Permanent link to this article: http://baldric.net/2013/11/26/more-ninjastiks/

Oct 25 2013

Oliver Stone on PRISM

I am a big fan of Oliver Stone movies. Outside the pages of the Guardian and its sister paper the Observer, the level of comment in the UK on NSA/GCHQ surveillance capability remains bizarrely muted. In the US they are at least having a conversation. Whether that conversation results in any sensible decisions, and then …

Continue reading »

Permanent link to this article: http://baldric.net/2013/10/25/oliver-stone-on-prism/

Oct 05 2013

that’s completely ludicrous

Glenn Greenwald on Newsnight. The full episode of Newsnight’s report including Greenwald’s interview and comment from Sir David Omand (ex Director GCHQ) can be seen here on BBC’s iplayer. Gordon Corera, the BBC’s Security respondent reports here on the Newsnight episode. As an aside, I was amused by Ross Anderson’s claim that many academics had …

Continue reading »

Permanent link to this article: http://baldric.net/2013/10/05/thats-completely-ludicrous/

Oct 05 2013

the guardian on tor

My last post noted that the Guardian had posted a series of articles on the Tor network and Snowden’s latest revelations about how the NSA has been attacking that network. All those posts are worth reading, but my favourite is the one by Bruce Schneier explaining how the NSA has attacked Tor users through browser …

Continue reading »

Permanent link to this article: http://baldric.net/2013/10/05/the-guardian-on-tor/

Oct 05 2013

good news for tor

The past couple of days have seen a flurry of news stories about Tor. Some of the news has hit the mainstream media, some of it hasn’t. Yet. A couple of day ago, a rather plaintive post to the tor-talk mailing list read: “looking for a way to contact silk road.Site shut down.money at stake.” …

Continue reading »

Permanent link to this article: http://baldric.net/2013/10/05/good-news-for-tor/

Sep 23 2013

just for rob

Shortly after the launch of the new iPhone 5S, my old friend Rob emailed me trying to goad me into writing a post about it. After all, it was made by one of my least favourite companies and it contained a supposedly funky bit of kit in the shape of its fingerprint scanner. Rob pointed …

Continue reading »

Permanent link to this article: http://baldric.net/2013/09/23/just-for-rob/

Sep 20 2013

that’s another password I have to change

Michael Horowitz has posted an interesting article over at Computer world. In it he points out that, by default, most android devices (tablets and ‘phones) routinely ‘phone home to Google to back up Wi-Fi passwords along with other assorted settings. Google sells this option as a convenience to help you regain settings after you upgrade …

Continue reading »

Permanent link to this article: http://baldric.net/2013/09/20/thats-another-password-i-have-to-change/

Sep 20 2013

RSA says don’t use RSA

A report in wired today says that RSA Security [*] have released an advisory to developer customers noting that the Dual Elliptic Curve Deterministic Random Bit Generation (or Dual EC DRBG) algorithm (the one which is subject to speculation about NSA interference) is the default in one of its toolkits and strongly advised them to …

Continue reading »

Permanent link to this article: http://baldric.net/2013/09/20/rsa-says-dont-use-rsa/

Sep 12 2013

add ssl to lighttpd server

For some time now I have protected all my own connections to trivia with an SSL connection. I do this to protect my user credentials when managing trivia’s content or configuration. In fact my server is configured to force any connection coming from my IP address to a secured SSL connection so that I cannot …

Continue reading »

Permanent link to this article: http://baldric.net/2013/09/12/add-ssl-to-lighttpd-server/

Aug 25 2013

openPGP usage

Over at the the cypherpunks mail list, one Tony Arcieri posted a graphic showing an interesting rise in the number of OpenPGP keys registered on the SKS keyserver in the last month or so. The graphic comes from the SKS statistics page. The overall trend is clearly upwards, and has been for some time, but …

Continue reading »

Permanent link to this article: http://baldric.net/2013/08/25/openpgp-usage/