Category: network (in)security

openvpn clients on pfsense

In my 2017 article on using OpenVPN on a SOHO router I said: “In testing, I’ve found that using a standard OpenVPN setup (using UDP as the transport) has only a negligible impact on my network usage – certainly much less than using Tor.” That was true back then but is unfortunately not so true …

Continue reading

Permanent link to this article: https://baldric.net/2019/07/07/openvpn-clients-on-pfsense/

one unbound and you are free

I have written about my use of OpenVPN is several posts in the past, most latterly in May 2017 in my note about the Investigatory Powers (IP) Bill. In that post I noted that all the major ISPs would be expected to log all their customers’ internet connectivity and to retain such logs for so …

Continue reading

Permanent link to this article: https://baldric.net/2019/06/26/one-unbound-and-you-are-free/

postfix sender restrictions – job NOT done

OK, I admit to being dumb. I got another scam email yesterday of the same formulation as the earlier ones (mail From: me@mydomain, To: me@mydomain) attempting to extort bitcoin from me. How? What had I missed this time? Well, this was slightly different. Checking the mail headers (and my logs) showed that the email had …

Continue reading

Permanent link to this article: https://baldric.net/2019/02/16/postfix-sender-restrictions-job-not-done/

postfix sender restrictions

I mentioned in my previous post that I had recently received one of those scam emails designed to make the recipient think that their account has been compromised in some way and that, furthermore, that compromise has led to malware being installed which has spied on the user’s supposed porn habits. The email then attempts …

Continue reading

Permanent link to this article: https://baldric.net/2019/01/24/postfix-sender-restrictions/

well I never

It’s not often that I find myself agreeing with GCHQ, but ex GCHQ Director Robert Hannigan’s recent comments in an interview with the BBC Today programme struck a chord. Hannigan headed GCHQ from April 2014 until his resignation for family reasons last year. Whilst in post he pushed for greater transparency at the SIGINT agency. …

Continue reading

Permanent link to this article: https://baldric.net/2018/12/11/well-i-never/

re-encrypting trivia

Back in June 2015 I decided to force all connections to trivia over TLS rather than allow plain unencrypted connections. I decided to do this for the obvious reason that it was (and still is) a “good thing” (TM). In my view, all transactions over the ‘net should be encrypted, preferably using strong cyphers offering …

Continue reading

Permanent link to this article: https://baldric.net/2018/07/07/re-encrypting-trivia/

using a VPN to take back your privacy

network diagram

With the passage into law of the iniquitous Investigatory Powers (IP) Bill in the UK at the end of November last year, it is way past time for all those who care about civil liberties in this country to exercise their right to privacy. The new IP Act permits HMG and its various agencies to …

Continue reading

Permanent link to this article: https://baldric.net/2017/05/12/using-a-vpn-to-take-back-your-privacy/

guest network

Last month Troy Hunt posted an interesting comment on his blog about the problems around the etiquette of allowing guests onto your home wifi network. In his post, Hunt notes that guests can be deeply offended at being refused access. This is understandable. If they are guests in your home then they are probably close …

Continue reading

Permanent link to this article: https://baldric.net/2016/01/24/guest-network/

lancashire police fail

This is simply depressing. Today I received a classic phishing attack email – the sort I normally bin without thought. According to virustotal, the attachment, which purported to be an MS Word document called “Invoice 7500005791.doc”, was a copy of W97M/Downloader, a word macro trojan which Symantec says is a downloader for additional malware. So …

Continue reading

Permanent link to this article: https://baldric.net/2015/10/29/lancashire-police-fail/

update to domain privacy

At the end of last month I noted that I had been receiving multiple emails to each of the proxy addresses listed for my newly registered “private” domains. Intriguingly, whilst I was receiving at least three or four such emails a week before I wrote about it, I have had precisely zero since. Probably coincidence, …

Continue reading

Permanent link to this article: https://baldric.net/2015/08/20/update-to-domain-privacy/

get your porn here

Dear Dave is at it again. Sometimes I worry about our PM’s priorities. Not content with his earlier insistence that UK ISPs must introduce “family friendly (read “porn”) filters”, our man in No 10 now wants to “see age restrictions put into place or these (i.e. “porn”) websites will face being shut down”. El Reg …

Continue reading

Permanent link to this article: https://baldric.net/2015/07/30/get-your-porn-here/

domain privacy?

Over the past few months or so I have bought myself a bunch of new domain names (I collect ’em….). On some of those names I have chosen the option of “domain privacy” so that the whois record for the domain in question will show limited information to the world at large. I don’t often …

Continue reading

Permanent link to this article: https://baldric.net/2015/07/28/domain-privacy/

de-encrypting trivia

Well, that didn’t last long. When I decided to force SSL as the default connection to trivia I had forgotten that it is syndicated via RSS on sites like planet alug. And of course as Brett Parker helpfully pointed out to me, self-signed certificates don’t always go down too well with RSS readers. He also …

Continue reading

Permanent link to this article: https://baldric.net/2015/06/02/de-encrypting-trivia/

encrypting trivia

In my post of 8 May I said it was now time to encrypt much, much more of my everyday activity. One big, and obvious, hole in this policy decision was the fact that the public face of this blog itself has remained unencrypted since I first created it way back in 2006. Back in …

Continue reading

Permanent link to this article: https://baldric.net/2015/06/01/encrypting-trivia/

independent hit

On trying to reach the website of the Independent newspaper today (the Grauniad is trying my patience of late), I received the following response: Closing the popup takes you to this page: I haven’t checked whether this is simply a DNS redirect or an actual compromise of the Indy site, but however the graffiti was …

Continue reading

Permanent link to this article: https://baldric.net/2014/11/27/independent-hit/

nsa operation orchestra

In February of this year, Poul-Henning Kamp (a.k.a “PHK”) gave what now looks to be a peculiarly prescient presentation as the closing keynote to 2014’s FOSDEM. In the presentation (PDF), PHK posits an NSA operation called ORCHESTRA which is designed to undermine internet security through a series of “disinformation” or “misinformation”, or “misdirection” sub operations. …

Continue reading

Permanent link to this article: https://baldric.net/2014/04/16/nsa-operation-orchestra/