Category: network (in)security

tails has not been hacked

I run a tails mirror on one of my VMs. Earlier this week there was a flurry of anxious comment on the tails forum suggesting that the service had been “hacked”. Evidence pleaded in support of that theory included the facts that file timestamps on some of the tails files varied across mirrors, one of …

Continue reading

Permanent link to this article: https://baldric.net/2012/08/23/tails-has-not-been-hacked/

fail

My new bank (which is actually one of the few remaining mutuals in the UK) sent me my voting forms for the AGM today (by postal mail). The information pack included details of how to vote on-line should I choose to do so, together with two unique “voting codes” one of eight digits the other …

Continue reading

Permanent link to this article: https://baldric.net/2012/06/19/fail/

cheap?

Michal Zalewski (aka lcamtuf) has just announced that google is changing the terms of its vulnerability purchase program. The google announcement says: Today, to celebrate the success of [the program] and to underscore our commitment to security, we are rolling out updated rules for our program — including new reward amounts for critical bugs: $20,000 …

Continue reading

Permanent link to this article: https://baldric.net/2012/04/24/cheap/

now switch it back on

Bugtraq can be an interesting list. Back in June 2008 I noted that one Craig Wright had posted an advisory about a vulnerability in an Oral B toothbrush. Well, just over a week ago a chap called Gabriel Menezes Nunes posted a proof of concept remote denial of service attack on a Sony Bravia television …

Continue reading

Permanent link to this article: https://baldric.net/2012/04/18/now-switch-it-back-on/

banking stupidity

When I logged on to my new bank site this morning, I tried the “help” offered on the opening screen just to see what they had to say about the range of options available. I was not best pleased to be greeted by the message “Flash is not installed, is not enabled or is not …

Continue reading

Permanent link to this article: https://baldric.net/2012/03/06/banking-stupidity/

moxie’s proxy

image of googlesharing proxy

Moxie Marlinspike, a security researcher probably best known for his SSL proxy tool, likes google even less than I do. His googlesharing website says: “Google thrives where privacy does not. If you’re like most internet users, Google knows more about you than you might be comfortable with. Whether you were logged in to a Google …

Continue reading

Permanent link to this article: https://baldric.net/2012/01/22/moxies-proxy/

t-mobile resets its policy?

As I have mentioned in other posts here, I run my own mail server on one of my VMs. I do this for a variety of reasons, but the main one is that I like to control my own network destiny. Back in October last year I noticed an interesting change in my mail experience …

Continue reading

Permanent link to this article: https://baldric.net/2012/01/12/t-mobile-resets-its-policy/

the amnesic incognito live system

Or “tails” if you prefer, is a live CD/USB distribution based on debian which aims to help you preserve your privacy and anonymity when out and about. As the home website says, tails helps you to: use the Internet anonymously almost anywhere you go and on any computer: all connections to the Internet are forced …

Continue reading

Permanent link to this article: https://baldric.net/2011/12/20/the-amnesic-incognito-live-system/

tunnelling X over ssh

OK, yes, I know there are probably already a gazillion web pages on the ‘net explaining exactly how to do this, but I got caught out by a silly gotcha when I tried to do this a couple of days ago, so I thought I’d post a note. Firstly, X is not exactly a secure …

Continue reading

Permanent link to this article: https://baldric.net/2011/12/19/tunnelling-x-over-ssh/

tp-link respond

A couple of weeks ago, I wrote about the problems I had with a TP-Link IP camera. Today I received a comment on that post from a guy called Luke in the TP-Link support team. In that response he apologises for the difficulties I had and promises to investigate further. His response deserves as wide …

Continue reading

Permanent link to this article: https://baldric.net/2011/11/30/tp-link-respond/

do not buy one of these

image of TP-Link IP camera

  Standalone IP cameras have come down in price quite remarkably over the past few years. It is now perfectly possible to get a camera for between £50.00 and £75.00, and this makes them attractive for anyone wanting to set up simple “home surveillance” systems. I bought one recently just to see what I could …

Continue reading

Permanent link to this article: https://baldric.net/2011/11/16/do-not-buy-one-of-these/

do I trust this site?

image of SSL certificate view

Following a visit to EFF to read an article on e-book privacy, I met this: So. EFF uses a wildcard SSL cert issued by a company which was breached earlier this year.

Permanent link to this article: https://baldric.net/2011/11/09/do-i-trust-this-site/

who are you going to call

Like most email users I get my fair share of spam and other internet crud. Mostly I ignore it, but I received an intriguing email a couple of days ago which purported to be a mailer daemon “Delivery Status Notification” informing me of a failed delivery to some address I had not even heard of. …

Continue reading

Permanent link to this article: https://baldric.net/2011/07/18/who-are-you-going-to-call/

critical security update to wordpress

This blog comes to you courtesy of those excellent free open source authors who have contributed to wordpress. Unfortunately, in common with all software, wordpress inevitably has some bugs. Worse, some of the those bugs can occasionally be sufficiently bad as to make the software vulnerable to remote exploitation by ne’er do wells and other …

Continue reading

Permanent link to this article: https://baldric.net/2011/01/04/critical-security-update-to-wordpress/

phone home

image of etherape capture

Google’s chrome browser first appeared back in 2008, since when many commentators have sung its praises. Apparently it is “blindingly fast” (well, let’s face it firefox can be a tad slow, particularly if loaded down with a swathe of plugins) “clean”, and “simple”. Until recently I had not tried chrome (for some fairly obvious reasons) …

Continue reading

Permanent link to this article: https://baldric.net/2010/08/29/phone-home/

tor server compromise

According to this post by Roger Dingledine, two tor directory servers were compromised recently. In that post Dingledine said: In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we’d recently set up to serve metrics data and graphs. The three servers …

Continue reading

Permanent link to this article: https://baldric.net/2010/01/22/tor-server-compromise/