Tag: security | Atom Feed

bears repeating

Mon 14 June 2021

Biometrics are usernames, not passwords.

And you can’t change them when you change your name, and you might accidentally change them via trauma.

-30-

what software does a firewall run, anyway?

Fri 11 September 2020

What’s running on the firewall? A big list follows, with discussion.

secure-ish DNS for small environments

Thu 12 March 2020

Who do you trust? And do you trust them indefinitely far into the future?

If you have specific reasons to believe you will be targetted by an interested, competent, resourceful attacker: you need serious information security measures, which will be painful and potentially expensive in both time and money. I have no such specific fears, so I’m merely interested in protecting my household against generalized attacks, the sort of thing that Google and Facebook and Amazon and every advertiser in the world carries out as a matter of course.

In this installment, I’m going to increase the difficulty of tracking my household network via intercepting DNS requests. I will assume you know a fair amount about DNS and feel comfortable configuring daemons and running them – this isn’t a step-by-step HowTo.

low power cpus

Wed 15 May 2019

It seems increasingly unwise to allow an Intel-made CPU to talk to the outside world. But the NUC-style machines are almost exclusively Intel. What should we do for a new firewall?

advice on buying firewall hardware

Mon 22 October 2018

Several people have asked me recently what hardware I would buy today for use as a home firewall.

for a total of $176, including shipping. Links were accurate as of October 22, 2018.

This gets you a tiny box, similar in size to random commercial house router/firewall/wifi access points, which can run a standard Linux operating system with a complex firewall running at 1 Gb/s in and out, more RAM than strictly necessary, and an SSD which is both very large (and therefore can last a very long time) and boot the system quickly enough that you can do a reboot without losing TCP sessions.

I would also recommend a medium-sized USB thumb drive to set up as an emergency booting and backup device. Call it another $15 or so.

FIOS one year later

Sat 20 October 2018

About a year ago, we switched ISPs from RCN to Verizon. I had no particular issues with RCN except that their prices went up each year without providing better service. (It’s true that RCN also fails to handle IPv6 natively, but Verizon shares that failure.) What’s happened in that year?

why computer security is terrible, a partial explanation

Fri 21 September 2018

One problem: we have built an immense network of supercomputers that is essentially a Commons. An abuse of this Commons that would be ridiculously unprofitable if it had to be carried out by humans – say, an expected return of one one-hundredth cent per attempt – is highly attractive to unscrupulous actors who can automate a billion attempts for an expenditure of a few days or weeks worth of setup and expect a hundred thousand dollars of return.

wireguard setup

Sun 12 November 2017

Wireguard is a new open source VPN system being initially developed on Linux. I have two major use cases for such a thing: site-to-site protection, and backhauling traffic from a laptop or phone to my house.

towards a sustainable software policy

Sun 11 June 2017

Definitions:

monocultures are efficient and fragile

Mon 15 May 2017

In farming, monoculture is the practice of raising a single crop over and over again. You can figure out exactly what fertilizers it needs, how much water, and predict your yield accurately, year after year.

tracing calls

Tue 28 February 2017

Nobody likes you when you’re 23 / And are still more amused by prank phone calls / What the hell is caller ID?

slapping at gnats

Sun 22 January 2017

Attackers change their behavior, so we have to change in response.

revisiting a new firewall

Fri 13 January 2017

A few years ago I wrote about my new firewall Let’s look at what I’ve learned since then.

Nintendo's contactless brushpass and dead drops

Wed 30 November 2016

Nintendo’s 3DS pocket-sized game system includes “Streetpass”, a method of sharing your high scores, Mii avatars and other game information with random strangers who also have 3DS systems. That includes the levels designed by Super Mario Maker, which are a few megabytes apiece.

IOT security: the key and the castle

Tue 22 November 2016

People just don’t take security seriously, because security is hard to understand and hard to implement and hard to maintain. We need a new way of “doing” security, and I’ve got an idea. Let’s go back to the notion of skeuomorphism: we use pictorial representations of real-world objects to represent similar functions in a graphical user interface. The floppy disk icon that means save, the little printer that means print and the iconic handset that looks nothing like a modern telephone that means call are all examples of skeuomorphic design.

© -dsr-. Send feedback or comments via email — by continuing to use this site you agree to certain terms and conditions.

Built using Pelican. Derived from the svbhack theme by Giulio Fidente on github.