As I have noted before, 24 December is trivia’s birthday. Since my first post dates from 24 December 2006, today is trivia’s eighth birthday. It seems like only yesterday. I haven’t posted much in the last few months. I have a lot of material I need to cover, and a backlog of articles I want …
2014 archive
Permanent link to this article: https://baldric.net/2014/12/24/merry-christmas-2014/
Dec 13 2014
solidarity with the tor project
On Thursday 11 December, Roger Dingledine of the Tor project posted the following email to the “tor-talk” mail list (to which I am subscribed). I’d like to draw your attention to https://blog.torproject.org/blog/solidarity-against-online-harassment https://twitter.com/torproject/status/543154161236586496 One of our colleagues has been the target of a sustained campaign of harassment for the past several months. We have decided …
Permanent link to this article: https://baldric.net/2014/12/13/solidarity-with-the-tor-project/
Nov 27 2014
independent hit
On trying to reach the website of the Independent newspaper today (the Grauniad is trying my patience of late), I received the following response: Closing the popup takes you to this page: I haven’t checked whether this is simply a DNS redirect or an actual compromise of the Indy site, but however the graffiti was …
Permanent link to this article: https://baldric.net/2014/11/27/independent-hit/
Sep 26 2014
CVE-2014-6271 bash vulnerability
Guess what I found in trivia’s logs this morning? 89.207.135.125 – – [25/Sep/2014:10:48:13 +0100] “GET /cgi-sys/defaultwebpage.cgi HTTP/1.0” 404 345 “-” “() { :;}; /bin/ping -c 1 198.101.206.138” I’ll bet a lot of cgi scripts are being poked at the moment. Check your logs guys. A simple grep “:;}” access.log will tell you all you need …
Permanent link to this article: https://baldric.net/2014/09/26/cve-2014-6271-bash-vulnerability/
Aug 13 2014
net neutrality
My apologies that this is a few weeks late – but it still bears posting. John Oliver at HBO gave the best description of the net neutrality argument I have seen so far. Following that broadcast, the FCC servers were, rather predictably, overwhelmed by the outraged response from the trolls that Oliver set loose. Unfortunately, …
Permanent link to this article: https://baldric.net/2014/08/13/net-neutrality/
Aug 11 2014
levison on dime
Ladar Levison and Stephen Wyatt presented the upcoming Dark Internet Mail Environment (DIME) at Defcon22 this week. According to El Reg, Levison, who shut down Lavabit, his previous mail service rather than comply with FBI demands that he divulge the private SSL certificates used to encrypt traffic on that service, said: “I’m not upset that …
Permanent link to this article: https://baldric.net/2014/08/11/levison-on-dime/
Jul 28 2014
punctuation matters
There is a nice tweet over at @NSA_PR. It reads: We take your privacy, seriously. Beyond parody.
Permanent link to this article: https://baldric.net/2014/07/28/punctuation-matters/
Jul 23 2014
department of dirty
Like most ‘net users I get my fair share of spam. Most of it gets binned automatically by my email system, but of course some still gets through so I am used to hitting the delete button on random email from .ru domains offering me the opportunity to “impress my girl tonight”. Most such phishing …
Permanent link to this article: https://baldric.net/2014/07/23/department-of-dirty/
Jul 21 2014
drip
I get my domestic ADSL connectivity from the rather excellent people at Andrews and Arnold. Here’s why. And this is the original reason I moved to them. They also happily take (and similarly reply to) GPG encrypted support questions. Good guys. Thoroughly recommended. Now can you /really/ see BT doing any of that? ‘thought not.
Permanent link to this article: https://baldric.net/2014/07/21/drip/
Jun 30 2014
inappropriate use of technology
I have been travelling a lot over the last few months (Czech Republic, Scotland, France, Germany, Austria, Slovenia, Croatia, Italy). That travel, plus my catching up on a load of reading is my excuse for the woeful lack of posts to trivia of late. But hey, sometimes life gets in the way of blogging – …
Permanent link to this article: https://baldric.net/2014/06/30/inappropriate-use-of-technology/
May 30 2014
a new app
My newspaper of choice, the Guardian, has for some time produced its own android (and iOS of course) app. I have often used the android app on my tablet to catch up on emerging news items at the end of the day. I also read the BBC news app for the same reason. Yesterday I …
Permanent link to this article: https://baldric.net/2014/05/30/a-new-app/
Apr 16 2014
nsa operation orchestra
In February of this year, Poul-Henning Kamp (a.k.a “PHK”) gave what now looks to be a peculiarly prescient presentation as the closing keynote to 2014’s FOSDEM. In the presentation (PDF), PHK posits an NSA operation called ORCHESTRA which is designed to undermine internet security through a series of “disinformation” or “misinformation”, or “misdirection” sub operations. …
Permanent link to this article: https://baldric.net/2014/04/16/nsa-operation-orchestra/
Apr 16 2014
more heartbleed
For any readers uncertain of exactly how the heartbleed vulberability in openssl might be exploitable, Sean Cassidy over at existential type has a good explanation. And if you find that difficult to follow, Randall Munroe over at xkcd covers it quite nicely. My thanks, and appreciation as always, to a great artist. Of course, Randall …
Permanent link to this article: https://baldric.net/2014/04/16/more-heartbleed/
Apr 16 2014
pulitzer guardian
The Guardian and the Washington Post have been jointly awarded the Pulitzer prize for public service for their reporting of Edward Snowden’s whistleblowing on the NSA’s surveillance activities. The Guardian reports: The Pulitzer committee praised the Guardian for its “revelation of widespread secret surveillance by the National Security Agency, helping through aggressive reporting to spark …
Permanent link to this article: https://baldric.net/2014/04/16/pulitzer-guardian/
Apr 15 2014
boot and nuke no more
I was contacted recently by a guy called Andy Beverley who wrote: Hope you don’t mind me contacting you about one of your old blog posts “what gives with dban”. Thought I’d let you know that I forked DBAN a while ago, and produced a standalone program (called nwipe) that will run on any Linux …
Permanent link to this article: https://baldric.net/2014/04/15/boot-and-nuke-no-more/
Apr 08 2014
heartbleed
This is nasty. There is a remotely exploitable bug in openssl which leads to the leak of memory contents from the server to the client and from the client to the server. In practice this means that an attacker can read 64K chunks of memory on a vulnerable service, thus potentially exposing security critical information. …
Permanent link to this article: https://baldric.net/2014/04/08/heartbleed/
Mar 31 2014
the netbook is not dead
I bought my first netbook, the Acer Aspire One, back in April 2009 – five years ago. That machine is still going strong and has seen umpteen different distros in its time. It currently runs Mint 16, and very happily too. The little Acer has nothing on it that I value over much, all my …
Permanent link to this article: https://baldric.net/2014/03/31/the-netbook-is-not-dead/
Feb 28 2014
the spy in your bathroom
Back in June 2008 I noted Craig Wright had posted to bugtraq reporting a “remote exploitation of an information disclosure vulnerability in Oral B’s SmartGuide management system”. I found it faintly amusing that a security researcher should have been looking for vulnerabities in a toothbrush. I should have known better. A report in wednesday’s on-line …
Permanent link to this article: https://baldric.net/2014/02/28/the-spy-in-your-bathroom/
Feb 12 2014
checking client-side ssl/tls
At the tail end of last year I mentioned a couple of tools I had used in my testing of SSL/TLS certificates used for trivia itself and my mail server. However, that post concentrated on the server side certificates and ignored the security, or otherwise, offered by the browser’s configuration. It is important to know …
Permanent link to this article: https://baldric.net/2014/02/12/checking-client-side-ssltls/
Feb 12 2014
policy update
An exchange of emails with Mark over at bsdbox.co a day or so ago made me realise that my privacy policy needed updating. Not, I hasten to add, for any fundamental reason, but simply because a couple of the references in that policy were out of date. I have therefore amended it and version 0.2.0 …
Permanent link to this article: https://baldric.net/2014/02/12/policy-update/
Feb 11 2014
privacy matters
The Open Rights Group here in the UK has been campaigning against mass, unwarranted surveillance by GCHQ since the Snowden revelations first emerged in summer of last year. Two of its current campaigns are: “don’t spy on us” and “the day we fight back“. I have signed both of them. I have also written to …
Permanent link to this article: https://baldric.net/2014/02/11/privacy-matters/
Feb 08 2014
compare and contrast
Foreign Secretary William Hague is apparently concerned about press restrictions in Egypt. He has reportedly urged the interim Egyptian government to demonstrate commitment to free expression. The press release on the gov.uk website says: Speaking today about increasing restrictions placed upon journalists and the media in Egypt, Foreign Secretary William Hague said: “I am very …
Permanent link to this article: https://baldric.net/2014/02/08/compare-and-contrast/
Jan 22 2014
dis-unity
The “cloud” is achingly trendy at the moment and new companies offering some-bollocks-as-a-service (SBaaS) keep popping up all over the ‘net. Personally I am extremely unlikely to use any of the services I have seen, I just don’t trust that particular business model. I checked out the website for one of these companies today following …
Permanent link to this article: https://baldric.net/2014/01/22/dis-unity-2/
Jan 21 2014
backblaze back seagate
In October last year I noted that the Western Digital “Green” drives in my desktop and a new RAID server build looked to be in imminent danger of early failure. That conclusion was based on a worryingly high load-cycle count which a series of posts around the net all attributed to the aggressive head parking …
Permanent link to this article: https://baldric.net/2014/01/21/backblaze-back-seagate/
- 1
- 2