joe di castro is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.

joe di castro @joedicastro@mastodon.social

Another interesting tool if you're planning to run a connection.

dnsleaktest.com/

I know that a lot of people has complains about the Netflix speed connection in my provider, but I suppose that I can't complain about it. 😀 mastodon.social/media/yDFCet2L

BTW, sending the email from the "Email privacy tester" domain should alert even the dumbest guy to do not open it and just ignore it. I'm just saying that is pretty flawed.

Tools like this are easily fooled by just not using any HTML email client (e.g. mutt, Emacs/Mu).

emailprivacytester.com/

Anyway, still good for the majority of people, but just be sure that "bad guys" are not going to read your email parsing the HTML (even them, parsing it with w3m just fools it too).

I know that nowadays "bad-boys" are incorporating fresh new
"free certificates" in their toolbox, but I don't see the point in to fight against it with an unique point of failure and "gray area" technique. Who guarantees me that they are already not making another use of those sniffed packages... a less ethical one, like if "big fishes" not were caught doing some nasty things before...

There has to be another way...

Firewall giants selling their black boxes with SSL inspection like a must-have.

I don't see the point of introducing a weakness in an already not well taken care of protocol as major feature. Like if all of that black boxes not were already compromised at some point in the past.

Also there have been already serious incidents involving that technique in the past (Superfish, Privdog). I have to have faith that as I can't see inside the box, they are going to do it better?

Last week I saw some "newbie tutorials" in a popular broadband forum to configure some consumer routers to connect to a specific provider in my country.

Some of them left exposed several critical insecure ports to the internet (22, 23, 80, 443, 1723, 5000, 8291, 1900/UDP, ...).

Next step was go to Shodan and check "ports & router brand & provider" Bingo! About >20.000 routers in the worst case.

Please, if you aren't 100% sure about how secure you router, don't write and publish tutorials.

Another tech media article misunderstanding Mastodon as a Twitter competitor.

They can't understand Mastodon because they can't imagine a technology that doesn't cater to them.

Tech media personalities can't understand a world where their opinion means less than that of a random furry.

I'm a Firefox user, but now that I'm using regularly I'm using Chromium instead because AFAIK the last one was pledged and FF no.

To be comfortable I had to block the Chromium sync port, calling home for a sync that I don't want.

The Free Software Foundation Europe and Open Forum Europe published a white paper about the impact of the European copyright reform on Free Software. Especially article 13 seems to endangers our code sharing platforms. Learn more: https://savecodeshare.eu/

#ofe #fsfe #FreeSoftware #OpenSource #policy #europe

Today I had my first experience with a kernel panic and the ddb tool in

I was in a hurry thus I didn't stop to play with it, but seems a nice tool to have. 😎

@joedicastro and to do that there was a WiFi repeater in a near place to do not risk to be discovered by being a common face in a little isolated place. Clever!

They accessed probably from another building no far from there.

I can't give more details but they also made some big errors and left some traces.

Well, today I saw a router that was compromised through the wireless card, the interface was bridged with the rest of the LAN ports in the same network.

They accessed through the access point (I have an idea about how they got the password), then accessed to the administration (both ssh/web were opened to the LAN) and there they used the own router tools to use a sniffer against the main PC traffic. Clever!

They only had to access to the WiFi & collect the sniffer results periodically in <60s

@marcosbl Bienvenido, todo recto al fondo tienes la cocina y la primera puerta a la derecha es el baño. Tu como si estuvieras en tu casa. 😎

disk encryption bug report: bugs.freebsd.org/bugzilla/show

"Probably avoid using geli in integrity mode if you care about privacy, for now."

Netgate is reacting against the cheap chinese Qotom Mini PCs with pfSense, will do it also in price? Will see...
______________________________________________

Tweet from pfSense® Project (@pfsense), at Sep 5, 8:22 PM - Introducing the SG-3100 appliance! t.co/XU9wHdqxjF

twitter.com/pfsense/status/905

I wonder if IDS/IPS tools have a close due date, because more and more malware is using HTTPS connections. And by the way, Let's Encrypt made this a lot more easier for them.