Tag Archives: privacy

伊朗透過 BGP 管制網路的手段影響其他國家網路...

Dyn (之前被 DDoS 打爆,過一陣子被 Oracle 買去的那個 Dyn) 的這篇「Iran Leaks Censorship via BGP Hijacks」講到他們偵測到伊朗透過 BGP hijack 管制網站的問題。 前陣子伊朗透過 private ASN 放了 99.192.226.0/24 出來,影響到其他國家: Last week, Iranian state telecom announced a BGP hijack of address space (99.192.226.0/24) hosting numerous pornographic websites. 由於這段 … Continue reading

Posted in Computer, Murmuring, Network, Political, Security, Social | Tagged , , , , , , , , , , , , , | Leave a comment

Stylish 的維護者換人,開始蒐集使用者資訊...

從 Solidot 上看到 Google Chrome 上的 Stylish 換人開始蒐集使用者所有的瀏覽記錄:「Chrome 版 Stylish 开始收集用户数据」。 之前是靠 Stylish 在處理 Feedly 的版面,移除掉之後就變得很窄很不好讀... 基於不信任的理由,也不可能用 userstyles.org 上的 Greasemonkey 版本 (反而更危險)。 結果塞翁失馬,找到「Custom Feedly Styles (+ Always Show Left Menu)」這個套件,一包直接支援多種功能,還可以透過 checkbox 選擇要哪些...

Posted in Browser, Computer, CSS, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , | Leave a comment

將 Windows 10 侵犯隱私的程式都關光

alirobe/reclaimWindows10.ps1 這個 gist 提供了 script 將 Windows 10 侵犯隱私的程式都關閉: "Reclaim Windows 10" turns off a bunch of unnecessary Windows 10 telemetery, removes bloatware, and privacy invasions. Review and tweak before running. Scripts for reversing are included and commented. Fork via … Continue reading

Posted in Computer, Murmuring, Network, OS, Security, Software, Windows | Tagged , , , , | 2 Comments

利用隱藏的 form input 加上自動完成功能取得敏感資料

anttiviljami/browser-autofill-phishing 這邊示範了怎麼用隱藏的 form input 與自動完成功能取得敏感資料。在這邊可以看到示範 (把 POST 丟到 httpbin 上看 response)。 想法不算困難,但好像也不是很好防... 關掉 autofill 是比較簡單的解法 (我是裝好瀏覽器就會關掉,不過好像很多人都喜歡用這個功能),所以這個問題就丟回給這些 browser vendor 想了 :o

Posted in Browser, Computer, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , | Leave a comment

Google Web Store 擋掉 AdNauseam

之前提到的「阻擋廣告的攻性防壁 AdNauseam」沒什麼意外被 Google 擋掉了:「AdNauseam banned from the Google Web Store」。 Earlier this week, on Jan 1st 2017, we were informed by our users that Google had banned AdNauseam from its Chrome Web Store. 現在變成要手動下載安裝:「Install AdNauseam on Chrome Without Google's Permission」。

Posted in Browser, Computer, GoogleChrome, Murmuring, Network, Security, Software, WWW | Tagged , , , , , | Leave a comment

D-Link 因為路由器與網路鏡頭不夠安全,被美國聯邦貿易委員會告

FTC 對於 D-Link 產品的安全性不符合宣稱而告下去了:「FTC sues D-Link over router and camera security flaws」。 D-Link claimed its routers were “EASY TO SECURE” with “ADVANCED NETWORK SECURITY,” but the FTC says the company failed to protect its routers and cameras from widely known … Continue reading

Posted in Computer, Hardware, Murmuring, Network, Security | Tagged , , , , , , | Leave a comment

Let's Encrypt 的 2016 年總結

算是 2015 正式被信任 (透過 IdenTrust) 後第一個完整的一年 (2016 整年):「Let’s Encrypt 2016 In Review」。 可以看到好幾波大型成長: 接下來的目標應該是 ECDSA Intermediates (「Upcoming Features」),不知道後續還會有什麼計畫...

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , | Leave a comment

Amazon Echo 會保留錄音的音頻

在「Police seek Amazon Echo data in murder case (updated)」這邊看到 Amazon Echo 的隱私問題,起因自警方要求要取得 Amazon Echo 的錄音內容。 Amazon Echo 會錄下所有喊出「Alexa」後的句子,並且傳到 cloud 上持續保留: [,] Echo only captures audio and streams it to the cloud when the device hears the wake word "Alexa." A … Continue reading

Posted in Cloud, Computer, Hardware, Murmuring, Network, Security | Tagged , , , , , , | 1 Comment

阻擋廣告的攻性防壁 AdNauseam

看到「AdNauseam: Fight back against advertising surveillance」這個專案瞬間想到攻殼裡面「攻性防壁」這個詞 XDDD 改自 uBlock Origin,除了本來的隱藏廣告功能外,還會狂點廣告來亂 XDDD: AdNauseam is a lightweight browser extension that blends software tool and artware intervention to fight back against tracking by advertising networks. AdNauseam works like an ad-blocker (it is built … Continue reading

Posted in Browser, Computer, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , | 2 Comments

NIST 開始徵求 Post-Quantum Cryptography 演算法

現有常見的幾個加密基礎在量子電腦上都有相當快速的解 (像是整數質因數分解、離散對數),只是現在建不出對應夠大台的量子電腦... 但畢竟只是時間的問題了,所以 NIST 照著慣例對外尋求能夠抵抗量子電腦的演算法:「NIST Asks Public to Help Future-Proof Electronic Information」、「Announcing Request for Nominations for Public-Key Post-Quantum Cryptographic Algorithms」。 類似於 Google 先前在 Google Chrome 上實做的 CECPQ1,對 key exchange 的部份加上保護 (Google Chrome 引入 CECPQ1,開始測試 Post-Quantum Cryptography),這次 NIST 是針對 public key … Continue reading

Posted in Computer, Murmuring, Network, Security | Tagged , , , , , , , , , , , , , | Leave a comment