Jul 21 2013
Right now (21.00 today), the ubuntu forums site says it is “down for maintenance”. It appears to have been down since yesterday. The site reports: There has been a security breach on the Ubuntu Forums. The Canonical IS team is working hard as we speak to restore normal operations. This page will be updated regularly …
Permanent link to this article: https://baldric.net/2013/07/21/ubuntu-forums-compromised/
Jul 17 2013
I suppose it was inevitable that the Snowden revelations would lead to greater interest in privacy and anonymity. I applaud that. I suppose it was also inevitable that there would be a rash of commercial products emerging from both “entrepreneurs” and the more established “security” companies to take advantage of that increased interest. That, I …
Permanent link to this article: https://baldric.net/2013/07/17/save-your-money-just-use-tails/
Jul 15 2013
For those of you unsure of what might leak where and when using tor and/or https to protect your browsing, there is a useful interactive graphic on the EFF site. As EFF point out, the potentially visible data includes: the site you are visiting, your username and password, the data you are transmitting, your IP …
Permanent link to this article: https://baldric.net/2013/07/15/tor-and-https-at-eff/
Jul 14 2013
Back in December 2011 Roger Dingledine and Jacob Applebaum of the torproject gave a talk at the 28th Chaos Communication Congress titled “How governments have tried to block Tor“. That talk focused on the arms race between privacy campaigners and technologists working on tor and the actions of oppressive governments. The presentation gave many examples …
Permanent link to this article: https://baldric.net/2013/07/14/base64-gets-past-omani-deep-packet-inspection/
Jun 16 2013
In all the noise on the ‘net about the alleged NSA PRISM program, this new site offers an amusing, but nonetheless useful, list of free alternatives to proprietary software. In part the site sort of misses the point about PRISM, but it is still good to see someone taking the time to point out that …
Permanent link to this article: https://baldric.net/2013/06/16/prism-opt-out/
Mar 27 2013
I can’t resist this. El Reg today points to a blog post by a guy called Dan Farrall who has commented on his experience of receiving a plain text reminder of his GCHQ recruitment site password by email after filling out its forgotten password form. Farrall’s blog post is worth reading. Whilst he acknowledges that …
Permanent link to this article: https://baldric.net/2013/03/27/gchq-recruitment-site-stores-plaintext-passwords/
Dec 19 2012
Or so the wordpress post at wordpress.org would have us believe. However, I think there is flaw in both their logic, and their decision making here. I spotted the problem following an upgrade to wordpress 3.5 on a site I use. One of the plugins on that site objected to the upgrade with the following …
Permanent link to this article: https://baldric.net/2012/12/19/no-sites-are-broken/
Dec 14 2012
I have mentioned odd postings to bugtraq before. Today, one “gsuberland” added to the canon with a gem about the Netgear WGR614 wireless router. He says in his post that he has been “reverse engineering” this router. Now for most bugtraq posters (and readers) this would mean that he has been disassembling the firmware. But …
Permanent link to this article: https://baldric.net/2012/12/14/password-theft/
Dec 10 2012
As a Tor node operator, I have an interest in how the draft UK Data Communications Bill would affect me should it be passed into law. In particular, I would be worried if Tor ended up being treated as a “telecommunications operator” within the terms of the Act (should it become an Act). Fortunately, Steven …
Permanent link to this article: https://baldric.net/2012/12/10/tor-and-the-uk-data-communications-bill/
Oct 05 2012
Whenever my logs show evidence of unwanted behaviour I check what has happened and, if I decide there is obviously hostile activity coming from a particular address I will usually bang off an email to the abuse contact for the netblock in question. Most times I never hear a thing back though I occasionally get …
Permanent link to this article: https://baldric.net/2012/10/05/a-positive-response/
Sep 09 2012
I paid for a new VPS to run tor this week. It is cheaper, and offers a higher bandwidth allowance than my existing tor server so I may yet close that one down – particularly as I recently had trouble with the exit policy on my existing server. In setting up the new server, the …
Permanent link to this article: https://baldric.net/2012/09/09/iptables-firewall-for-servers/
Aug 23 2012
I run a tails mirror on one of my VMs. Earlier this week there was a flurry of anxious comment on the tails forum suggesting that the service had been “hacked”. Evidence pleaded in support of that theory included the facts that file timestamps on some of the tails files varied across mirrors, one of …
Permanent link to this article: https://baldric.net/2012/08/23/tails-has-not-been-hacked/
Jun 19 2012
My new bank (which is actually one of the few remaining mutuals in the UK) sent me my voting forms for the AGM today (by postal mail). The information pack included details of how to vote on-line should I choose to do so, together with two unique “voting codes” one of eight digits the other …
Permanent link to this article: https://baldric.net/2012/06/19/fail/
Apr 24 2012
Michal Zalewski (aka lcamtuf) has just announced that google is changing the terms of its vulnerability purchase program. The google announcement says: Today, to celebrate the success of [the program] and to underscore our commitment to security, we are rolling out updated rules for our program — including new reward amounts for critical bugs: $20,000 …
Permanent link to this article: https://baldric.net/2012/04/24/cheap/
Apr 18 2012
Bugtraq can be an interesting list. Back in June 2008 I noted that one Craig Wright had posted an advisory about a vulnerability in an Oral B toothbrush. Well, just over a week ago a chap called Gabriel Menezes Nunes posted a proof of concept remote denial of service attack on a Sony Bravia television …
Permanent link to this article: https://baldric.net/2012/04/18/now-switch-it-back-on/
Mar 06 2012
When I logged on to my new bank site this morning, I tried the “help” offered on the opening screen just to see what they had to say about the range of options available. I was not best pleased to be greeted by the message “Flash is not installed, is not enabled or is not …
Permanent link to this article: https://baldric.net/2012/03/06/banking-stupidity/
Jan 22 2012
Moxie Marlinspike, a security researcher probably best known for his SSL proxy tool, likes google even less than I do. His googlesharing website says: “Google thrives where privacy does not. If you’re like most internet users, Google knows more about you than you might be comfortable with. Whether you were logged in to a Google …
Permanent link to this article: https://baldric.net/2012/01/22/moxies-proxy/
Jan 12 2012
As I have mentioned in other posts here, I run my own mail server on one of my VMs. I do this for a variety of reasons, but the main one is that I like to control my own network destiny. Back in October last year I noticed an interesting change in my mail experience …
Permanent link to this article: https://baldric.net/2012/01/12/t-mobile-resets-its-policy/
Dec 20 2011
Or “tails” if you prefer, is a live CD/USB distribution based on debian which aims to help you preserve your privacy and anonymity when out and about. As the home website says, tails helps you to: use the Internet anonymously almost anywhere you go and on any computer: all connections to the Internet are forced …
Permanent link to this article: https://baldric.net/2011/12/20/the-amnesic-incognito-live-system/
Dec 19 2011
OK, yes, I know there are probably already a gazillion web pages on the ‘net explaining exactly how to do this, but I got caught out by a silly gotcha when I tried to do this a couple of days ago, so I thought I’d post a note. Firstly, X is not exactly a secure …
Permanent link to this article: https://baldric.net/2011/12/19/tunnelling-x-over-ssh/
Nov 30 2011
A couple of weeks ago, I wrote about the problems I had with a TP-Link IP camera. Today I received a comment on that post from a guy called Luke in the TP-Link support team. In that response he apologises for the difficulties I had and promises to investigate further. His response deserves as wide …
Permanent link to this article: https://baldric.net/2011/11/30/tp-link-respond/
Nov 16 2011
Standalone IP cameras have come down in price quite remarkably over the past few years. It is now perfectly possible to get a camera for between £50.00 and £75.00, and this makes them attractive for anyone wanting to set up simple “home surveillance” systems. I bought one recently just to see what I could …
Permanent link to this article: https://baldric.net/2011/11/16/do-not-buy-one-of-these/
Nov 09 2011
Following a visit to EFF to read an article on e-book privacy, I met this: So. EFF uses a wildcard SSL cert issued by a company which was breached earlier this year.
Permanent link to this article: https://baldric.net/2011/11/09/do-i-trust-this-site/
Jul 18 2011
Like most email users I get my fair share of spam and other internet crud. Mostly I ignore it, but I received an intriguing email a couple of days ago which purported to be a mailer daemon “Delivery Status Notification” informing me of a failed delivery to some address I had not even heard of. …
Permanent link to this article: https://baldric.net/2011/07/18/who-are-you-going-to-call/