Category: security

now switch it back on

Bugtraq can be an interesting list. Back in June 2008 I noted that one Craig Wright had posted an advisory about a vulnerability in an Oral B toothbrush. Well, just over a week ago a chap called Gabriel Menezes Nunes posted a proof of concept remote denial of service attack on a Sony Bravia television …

Continue reading

Permanent link to this article: https://baldric.net/2012/04/18/now-switch-it-back-on/

battle for the internet

This week the guardian, my newspaper of choice, is running a week long series of articles under the theme “battle for the internet“. The reporting looks set to be interesting and is due to cover the following themes: “the militarisation of cyberspace”, “the new walled gardens”, “IP wars”, “civilising the web”, “open resistance”, and (doomladen …

Continue reading

Permanent link to this article: https://baldric.net/2012/04/17/battle-for-the-internet/

unlinked

Today I received two (make that four now – must sort out my spam filters) phishing emails from a source new to me. Each email purported to come from “linkedin” and each invited me to login to respond to “invitations from your work colleague”. Since a) I have never been a member of linkedin, and …

Continue reading

Permanent link to this article: https://baldric.net/2012/03/19/unlinked/

banking stupidity

When I logged on to my new bank site this morning, I tried the “help” offered on the opening screen just to see what they had to say about the range of options available. I was not best pleased to be greeted by the message “Flash is not installed, is not enabled or is not …

Continue reading

Permanent link to this article: https://baldric.net/2012/03/06/banking-stupidity/

am I kidding myself

I have recently moved my bank current and short term savings accounts. Partly this is a political statement in support of the move your money campaign, and partly because I feel that my money might actually be a bit safer (if only slightly) in a small UK Mutual than with the UK arm of a …

Continue reading

Permanent link to this article: https://baldric.net/2012/03/04/am-i-kidding-myself/

t-mobile resets its policy?

As I have mentioned in other posts here, I run my own mail server on one of my VMs. I do this for a variety of reasons, but the main one is that I like to control my own network destiny. Back in October last year I noticed an interesting change in my mail experience …

Continue reading

Permanent link to this article: https://baldric.net/2012/01/12/t-mobile-resets-its-policy/

tunnelling X over ssh

OK, yes, I know there are probably already a gazillion web pages on the ‘net explaining exactly how to do this, but I got caught out by a silly gotcha when I tried to do this a couple of days ago, so I thought I’d post a note. Firstly, X is not exactly a secure …

Continue reading

Permanent link to this article: https://baldric.net/2011/12/19/tunnelling-x-over-ssh/

click here

The Cory Doctorow article referenced at the end of the post below mentions URL shorteners as potentially dangerous because they completely obscure the actual URL you will be taken to if you click them. By way of experiment I thought I’d post one here just to see how often it is used.

Permanent link to this article: https://baldric.net/2011/01/23/click-here/

damn, I think I got hit by a 419er

I am normally pretty careful about my on-line security and privacy. I take a lot of care to ensure that my home network is nailed down tightly and all the clients and servers on it are also nailed down as well as I know how. I don’t use software which is susceptible to the majority …

Continue reading

Permanent link to this article: https://baldric.net/2011/01/23/damn-i-think-i-got-hit-by-a-419er/

critical security update to wordpress

This blog comes to you courtesy of those excellent free open source authors who have contributed to wordpress. Unfortunately, in common with all software, wordpress inevitably has some bugs. Worse, some of the those bugs can occasionally be sufficiently bad as to make the software vulnerable to remote exploitation by ne’er do wells and other …

Continue reading

Permanent link to this article: https://baldric.net/2011/01/04/critical-security-update-to-wordpress/

professional ability

I was skimming through a series of security related sites last week when I came across an article referring to someone described as something like “A Person, M.Inst.ISP, CISM, CISSP, MBCS, CITP, BSc, Director of etc…..” and I found myself wondering what that all actually meant. Yes, I know what the letters stand for, hell …

Continue reading

Permanent link to this article: https://baldric.net/2010/09/25/professional-ability/

update to autossh – or how ServerAliveInterval makes this unnecessary

I had a couple of comments on my earlier post about autossh which suggested that I should look at alternative mechanisms for keeping my ssh tunnel up. Rob in particular suggested that setting “ServerAliveInterval” should work. Oddly I had tried this in the past whilst trying out various configuration options and I swear it didn’t …

Continue reading

Permanent link to this article: https://baldric.net/2010/08/27/update-to-autossh-or-how-serveraliveinterval-makes-this-unnecessary/

autossh – or how to use tor through a central ssh proxy

Since I first set up a remote tor node on a VPS about this time last year, I have played about with various configurations (and used different providers) but I have now settled on using two high bandwidth servers on different networks. One (at daily.co.uk) allows 750 Gig of traffic per month, the other (a …

Continue reading

Permanent link to this article: https://baldric.net/2010/08/01/autossh-or-how-to-use-tor-through-a-central-ssh-proxy/

scroogle is having a problem

I posted a note about scroogle back in January. Scroogle offered an SSL interface to the google engine, and, moreover, didn’t lumber its users with google cookies and sundry other irritations. Since then, however, google themselves have started to offer an SSL interface and, coincidentally, scroogle seem to have started to have some problems. If …

Continue reading

Permanent link to this article: https://baldric.net/2010/07/04/scroogle-is-having-a-problem/

tor server compromise

According to this post by Roger Dingledine, two tor directory servers were compromised recently. In that post Dingledine said: In early January we discovered that two of the seven directory authorities were compromised (moria1 and gabelmoo), along with metrics.torproject.org, a new server we’d recently set up to serve metrics data and graphs. The three servers …

Continue reading

Permanent link to this article: https://baldric.net/2010/01/22/tor-server-compromise/

using scroogle

For completeness, my post below should have pointed to the scroogle search engine which purportedly allows you to search google without google being able to profile you. Neat idea if you must use google (why?) but it still fails the Hal Roberts test of what to do if the intermediate search engine is prepared to …

Continue reading

Permanent link to this article: https://baldric.net/2010/01/02/using-scroogle/