Category: security

re-encrypting trivia

Back in June 2015 I decided to force all connections to trivia over TLS rather than allow plain unencrypted connections. I decided to do this for the obvious reason that it was (and still is) a “good thing” (TM). In my view, all transactions over the ‘net should be encrypted, preferably using strong cyphers offering …

Continue reading

Permanent link to this article: https://baldric.net/2018/07/07/re-encrypting-trivia/

multilingual chat

XKCD cartoon about multiple chat systems

I use email fairly extensively for my public communication but I use XMPP (with suitable end-to-end encryption) for my private, personal communication. And I use my own XMPP server to facilitate this. But as I have mentioned in previous posts my family and many of my friends insist on using proprietary variants of this open …

Continue reading

Permanent link to this article: https://baldric.net/2017/10/14/multilingual-chat/

using a VPN to take back your privacy

network diagram

With the passage into law of the iniquitous Investigatory Powers (IP) Bill in the UK at the end of November last year, it is way past time for all those who care about civil liberties in this country to exercise their right to privacy. The new IP Act permits HMG and its various agencies to …

Continue reading

Permanent link to this article: https://baldric.net/2017/05/12/using-a-vpn-to-take-back-your-privacy/

pwned

I recently received a spam email to one of my email addresses. In itself this is annoying, but not particularly interesting or that unusual (despite my efforts to avoid such nuisances). What was unusual was the form of the address because it contained a username I have not used in a long time, and only …

Continue reading

Permanent link to this article: https://baldric.net/2017/03/18/pwned/

NFC? NFW

As is our custom on a Saturday, this morning my wife and I went out to a local cafe for breakfast. We know the proprietress so I was chatting to her whilst paying for the meal. Part way through the chat, the cafe proprietress tore off the receipt from the POS terminal and removed my …

Continue reading

Permanent link to this article: https://baldric.net/2016/10/22/nfc-nfw/

jibber jabber

For some time mow I have been increasingly fed up with the poor service offered by SMS on my mobile phone. I’m not a hugely prolific sender of text messages, and those I do send are primarily aimed at my wife and kids, but when I do send them, I expect them to get there, …

Continue reading

Permanent link to this article: https://baldric.net/2016/03/30/jibber-jabber/

idiotic

Today’s Register has an article about the UK Internet Service Providers Association written evidence to the Parliamentary Joint Committee on the Draft Investigatory Powers Bill. I don’t wish to comment on that evidence here, Adrian Kennard has already provided much useful comment on the failings of the Draft Bill. My purpose in this post to …

Continue reading

Permanent link to this article: https://baldric.net/2016/01/07/idiotic/

merry christmas 2015

santa with laptop

It’s trivia’s birthday again (9 years old today!), so I just have to post to wish my readers (both of you, you know who you are….) a Merry Christmas and a happy New Year. Much has happened over the last year or so which has distracted me from blogging (life gets in the way sometimes) …

Continue reading

Permanent link to this article: https://baldric.net/2015/12/24/merry-christmas-2015/

knees and other jerks

On sunday, the motherboard intially reported that, in the wake of the Paris atrocities of November 13th, the French Government was proposing to ban Tor and free WiFi. As it turns out, this is not strictly accurate. The report was later corrected – thus: Correction: The initial headline and copy of this article suggested that …

Continue reading

Permanent link to this article: https://baldric.net/2015/12/08/knees-and-other-jerks/

christmas present

Like most people in the UK at this time of the year I’ve been doing some on-line shopping lately. Consequently I’m waiting for several deliveries. Some delivery companies (DHL are a good example) actually allow you to track your parcels on-line. In order to do this they usually send out text or email messages giving …

Continue reading

Permanent link to this article: https://baldric.net/2015/11/23/christmas-present/

lancashire police fail

This is simply depressing. Today I received a classic phishing attack email – the sort I normally bin without thought. According to virustotal, the attachment, which purported to be an MS Word document called “Invoice 7500005791.doc”, was a copy of W97M/Downloader, a word macro trojan which Symantec says is a downloader for additional malware. So …

Continue reading

Permanent link to this article: https://baldric.net/2015/10/29/lancashire-police-fail/

de-encrypting trivia

Well, that didn’t last long. When I decided to force SSL as the default connection to trivia I had forgotten that it is syndicated via RSS on sites like planet alug. And of course as Brett Parker helpfully pointed out to me, self-signed certificates don’t always go down too well with RSS readers. He also …

Continue reading

Permanent link to this article: https://baldric.net/2015/06/02/de-encrypting-trivia/

encrypting trivia

In my post of 8 May I said it was now time to encrypt much, much more of my everyday activity. One big, and obvious, hole in this policy decision was the fact that the public face of this blog itself has remained unencrypted since I first created it way back in 2006. Back in …

Continue reading

Permanent link to this article: https://baldric.net/2015/06/01/encrypting-trivia/

independent hit

On trying to reach the website of the Independent newspaper today (the Grauniad is trying my patience of late), I received the following response: Closing the popup takes you to this page: I haven’t checked whether this is simply a DNS redirect or an actual compromise of the Indy site, but however the graffiti was …

Continue reading

Permanent link to this article: https://baldric.net/2014/11/27/independent-hit/

CVE-2014-6271 bash vulnerability

Guess what I found in trivia’s logs this morning? 89.207.135.125 – – [25/Sep/2014:10:48:13 +0100] “GET /cgi-sys/defaultwebpage.cgi HTTP/1.0” 404 345 “-” “() { :;}; /bin/ping -c 1 198.101.206.138” I’ll bet a lot of cgi scripts are being poked at the moment. Check your logs guys. A simple grep “:;}” access.log will tell you all you need …

Continue reading

Permanent link to this article: https://baldric.net/2014/09/26/cve-2014-6271-bash-vulnerability/

department of dirty

Like most ‘net users I get my fair share of spam. Most of it gets binned automatically by my email system, but of course some still gets through so I am used to hitting the delete button on random email from .ru domains offering me the opportunity to “impress my girl tonight”. Most such phishing …

Continue reading

Permanent link to this article: https://baldric.net/2014/07/23/department-of-dirty/