Skip to main content


Showing posts from July, 2013

Your Own DarkNet: Retroshare

There are various DarkNet systems available, for example FreeNet , Retroshare , TOR, Ricochet and GnuNet .  These are also known as Friend to Friend networks and creates a Virtual Private Mesh Network between trusted parties. FreeNet is a little different, in that it can operate in two modes - public and private - where the private mode is a true DarkNet .   The Onion Router (TOR) is also a kind of public DarkNet proxy service which is very easy to use - do get the TOR Browser package - called Orbot on Android - very handy. With a DarkNet , you can exchange files and chat in complete security - well, as secure as the other endpoints.  So if any of the endpoints run an untrustworthy operating system such as MS Windows , then one could argue that the whole circle is probably not secure. Retroshare and other systems like it are not completely Black.  With a sniffer, an attacker can glean a little bit of information on who is connected to who, especially when one party is usi

Three hops between you and the Gulag

The motivation that the NSA uses to justify its data trawling is rather disturbing. In testimony on 18 July 2013 before the House Judiciary Committee, National Security Agency Deputy Director Chris Inglis said that the NSA’s probing of data in search of terrorist activity extended “ two to three hops ” away from suspected terrorists. Previously, NSA leaders had said surveillance was limited to only two “hops” from a suspect. What do they Record? The NSA records *everything*:  Metadata, Email, Chat and Voice.  They only ever talk about metadata.  The rest of their activities are cloaked in weasel words.  For example, the chief of the NSA insists that they only analyze meta data and if it proves interesting, then they will get an order to retrieve a phone call.  He is a weasel word expert - the best - that is why he got the job. They can only retrieve the phone call if it was already recorded.  An example is the phone call analysis of the wife of the Boston Marathon bomber, w

Practical Security

I stuck my neck out in another post called Security Paranoia and some people asked how one could go about improving security in a business environment. First of all, you have to realize that you can never have perfect security.  Information will always leak out.  The best you can do is to slow the leakage down to an acceptable level, but please try to remain reasonable.  There is an old joke that military IT has the motto: "We are not happy, until you are not happy".  You got to allow business to carry on somehow. Secondly, trying to educate your users about security and trying to get them to avoid 'risky behaviour' is a total waste of time.  They will do their damndest on purpose or by accident and it is totally up to you to ensure the system integrity despite your user's best efforts to the contrary.  If you don't want them to do something, then don't give them the tool to do it and if they have to have a 'bad' tool, then give them an is

Fedora 18 Firewall Daemonology

Fedora 18 ships with a new firewall daemon.  While this is a commendable idea, the execution is somewhat useless, because it is not documented.  There is a nice looking wizard, which probably made perfect sense to the developer, but which doesn't help anyone else much. If you are running a simple desktop system, then the default is probably OK, but if you use the machine for development work, then this toy is probably best disabled for the foreseeable future.  Of course, disable is not one of the wizard features. Stake the Firewall Daemon You can drive a silver tipped wooden stake through the daemon with two commands: # systemctl stop firewalld.service # systemctl mask firewalld.service and now life should be back to normal.