Category Archives: VPN

Facebook 推薦好友機制的演算法讓更多的隱私問題浮現...

在「Facebook recommended that this psychiatrist’s patients friend each other」這邊報導了 Facebook 推薦好友機制的演算法意外的拉出了奇怪的東西: [...], such as this story from Lisa*, a psychiatrist who is an infrequent Facebook user, mostly signing in to RSVP for events. Last summer, she noticed that the social … Continue reading

Posted in Computer, Murmuring, Network, Security, Social, VPN, WWW | Tagged , , , , , , , , | Leave a comment

SWEET32:攻 Blowfish 與 3DES

最新的攻擊算是實戰類的攻擊,理論基礎以前都已經知道了,只是沒有人實際「完成」。算是近期少數直接對演算法的攻擊,而這些演算法剛好還是被用在 TLS 與 OpenVPN 上,所以嚴重性比較高:「SWEET32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN」。 攻擊的條件是 block cipher 的 block size,而非 key length,所以就算是 256 bits 的 Blowfish 也一樣也受到影響。 這次順利打下 Blowfish 與 3DES。這兩個 cipher 的 block size 都是 64 bits,所以對於 birthday … Continue reading

Posted in Computer, Murmuring, Network, Security, VPN, WWW | Tagged , , , , , , , , , , , , , , , | Leave a comment

Cisco 與 Fortinet 防火牆的 RCE 漏洞

NSA 使用這些漏洞來大量監聽企業的流量:「Leaked Exploits are Legit and Belong to NSA: Cisco, Fortinet and Snowden Docs Confirm」。 Cisco 已經確認這個安全性漏洞了,全系列包括已經停產的 Cisco PIX、上個世代的 Cisco ASA 5500 (但還有些型號還在賣),以及目前主力的 Cisco ASA 5500-X,另外還包括了安全模組系列也中獎:「Cisco Adaptive Security Appliance SNMP Remote Code Execution Vulnerability」。 Cisco ASA 5500 Series Adaptive Security … Continue reading

Posted in Computer, Hardware, Murmuring, Network, Political, Security, Social, VPN, WWW | Tagged , , , , , , , , , , , , , , , , | Leave a comment

Ubuntu 桌機的 Split DNS

Split DNS 指的是某個 DNS domain 使用另外一組 DNS servers,常用在 Partial Route 的 VPN 上,讓內部網域的 DNS domain 正確的被解出來。一般商業的 VPN Software 都會處理掉這塊,不過有時候還是希望可以自己設定... Ubuntu 桌機上的 Split DNS 可以透過 Dnsmasq 做到,在我的機器上因為透過 ps awx | grep dnsmasq 可以看到 --conf-dir=/etc/NetworkManager/dnsmasq.d,表示設定的目錄在 /etc/NetworkManager/dnsmasq.d 下,所以我把檔案 mysplit 放到 /etc/NetworkManager/dnsmasq.d 下: # … Continue reading

Posted in Computer, DNS, Linux, Murmuring, Network, OS, Software, VPN | Tagged , , , , , , , | Leave a comment

最近三十天透過 Tor 上 Facebook 的人超過一百萬

Facebook 提供了透過 Tor 連上 Facebook 的人數:「1 Million People use Facebook over Tor」: In June 2015, over a typical 30 day period, about 525,000 people would access Facebook over Tor e.g.: by using Tor Browser to access www.facebook.com or the Facebook … Continue reading

Posted in Computer, Murmuring, Network, P2P, Security, VPN, WWW | Tagged , , , , , | Leave a comment

關於 Juniper ScreenOS 防火牆被放後門的研究

一樣是從 Bruce Schneier 那邊看到的:「Details about Juniper's Firewall Backdoor」,原始的研究連結在「Cryptology ePrint Archive: Report 2016/376」這邊。 ScreenOS 被放了兩個後門,一個是 SSH 的後門: Reverse engineering of ScreenOS binaries revealed that the first of these vulnerabilities was a conventional back door in the SSH password checker. 另外一個是「Dual EC … Continue reading

Posted in Computer, Hardware, Murmuring, Network, OS, Security, Software, VPN | Tagged , , , , , , , , , , , | 1 Comment

VPC VPN 的新功能

Amazon VPC 的 VPN 推出新功能了:「EC2 VPC VPN Update – NAT Traversal, Additional Encryption Options, and More」。 其中「Reusable CGW IP Addresses」這個功能讓大家等超久的:(CGW 是 Customer Gateway,通常是放在自己的機房裡跟 Amazon VPC 設 site-to-site VPN 對接) You no longer need to specify a unique IP address for … Continue reading

Posted in AWS, Cloud, Computer, Murmuring, Network, Security, VPN | Tagged , , , , , , , , , , | Leave a comment

在攻擊時總是挑最弱的一環:NSA 對 DH 的攻擊

在「How is NSA breaking so much crypto?」這邊提到了 2012 年有文章說明 NSA 有能力解開部份的加密通訊,而後來 Snowden 所提供的資料也證實了這點: In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to … Continue reading

Posted in Computer, Murmuring, Network, Security, VPN, WWW | Tagged , , , , , , , , , , , , | Leave a comment

Cisco 會將硬體寄送到貨運商,以提高 NSA 攔截安裝後門的難度

在「To Avoid NSA Interception, Cisco Will Ship To Decoy Addresses」這篇看到的報導,出自「Cisco posts kit to empty houses to dodge NSA chop shops」這篇。 去年 Snowden 揭露的資料顯示 NSA 會攔截 Cisco 的硬體,並且在上面安裝後門再打包寄出:「Greenwald alleges NSA tampers with routers to plant backdoors」: "The NSA routinely receives – … Continue reading

Posted in Computer, Hardware, Murmuring, Network, Political, Security, Software, VPN | Tagged , , , , , , , | Leave a comment

英國政府對電腦的資安管理機制:Ubuntu 14.04 LTS 的部份

在 Ubuntu Insights 上看到「UK Government issues Ubuntu 14.04 LTS Security Guidance」,英國政府發布了 Ubuntu 14.04 LTS 的資安規範:「End User Devices Security Guidance: Ubuntu 14.04 LTS」,在裡面甚至還包括了 script 幫你處理。 可以在「End User Devices Security and Configuration Guidance」的「Per-platform Guidance」看到其他作業系統的資安管理規範。 在企業規劃內部的資安規範時也可以拿來參考看看?

Posted in Computer, Hardware, Linux, Murmuring, Network, OS, Security, Software, VPN, WWW | Tagged , , , , , , , , | Leave a comment