Bookmark
Seriously, stop using RSA
https://blog.trailofbits.com/2019/07/08/fuck-rsa/, posted 2022 by peter in communication opinion security
RSA is an intrinsically fragile cryptosystem containing countless foot-guns which the average software engineer cannot be expected to avoid. Weak parameters can be difficult, if not impossible, to check, and its poor performance compels developers to take risky shortcuts. Even worse, padding oracle attacks remain rampant 20 years after they were discovered. While it may be theoretically possible to implement RSA correctly, decades of devastating attacks have proven that such a feat may be unachievable in practice.
Bookmark
espoofer: An email spoofing testing tool that aims to bypass SPF/DKIM/DMARC
https://github.com/chenjj/espoofer, posted 2022 by peter in communication email free security testing
espoofer is an open-source testing tool to bypass SPF, DKIM, and DMARC authentication in email systems. It helps mail server administrators and penetration testers to check whether the target email server and client are vulnerable to email spoofing attacks or can be abused to send spoofing emails.
Bookmark
woob smtp
https://woob.tech/applications/smtp, posted 2022 by peter in communication email free opensource software toread
Daemon application able to fetch messages from supported websites and send them by mail. It can also be used to send a reply to a message (on a module which supports this feature), by piping an email to it.
Looks like it should be possible to read (perhaps even write) private messages on Reddit without having to deal with Reddit's own, pretty terrible, web interface. Worth looking into.
Bookmark
HTTPWTF | HTTP Toolkit
https://httptoolkit.tech/blog/http-wtf/, posted 2021 by peter in communication development webdesign
HTTP is fundamental to modern development, from frontend to backend to mobile. But like any widespread mature standard, it's got some funky skeletons in the closet.
Some of these skeletons are little-known but genuinely useful features, some of them are legacy oddities relied on by billions of connections daily, and some of them really shouldn't exist at all. Let's look behind the curtain:
Bookmark
Visual guide to SSH tunnels
https://robotmoon.com/ssh-tunnels/, posted 2021 by peter in communication howto networking reference security
This page explains use cases and examples of SSH tunnels while visually presenting the traffic flows.
Bookmark
SSH Agent Explained
https://smallstep.com/blog/ssh-agent-explained/, posted 2020 by peter in communication howto networking reference security
The SSH agent is a central part of OpenSSH. In this post, I'll explain what the agent is, how to use it, and how it works to keep your keys safe. I'll also describe agent forwarding and how it works. I'll help you reduce your risk when using agent forwarding, and I'll share an alternative to agent forwarding that you can use when accessing your internal hosts through bastions.
Bookmark
DKIM demystified - 20i.com Blog
https://www.20i.com/blog/dkim-demystified/, posted 2019 by peter in communication email hosting howto toread
DomainKeys Identified Mail (DKIM) allows a person or organisation to claim responsibility for an email message by associating a domain name with the message.
Bookmark
Study Again Finds That Most VPNs Are Shady As Hell | Techdirt
https://www.techdirt.com/articles/20190122/10263541441/study-again-finds-that-most-vpns-are-shady-as-hell.shtml, posted 2019 by peter in communication crapification privacy
Top10VPN, for example, recently took a closer look at 150 VPN apps being offered in the Android marketplace and found that 90% of them violated consumer privacy in some fashion, either by the inclusion of DNS leaks, a failure to adequately secure and store user data, or by embedding malware:
"Simon Migliano, the head of this research, reports that at over 38 VPN apps tested positive for DNS leaks, exposing private data to hundreds of insecure links. Also, over 27 VPN apps were flagged as potential sources of malware when tested by VirusTotal.
Apart from this, the research also found intrusive permissions in over 99 apps. These permissions included user location, device information, use of the microphone, camera access and more."
Bookmark
Cops hate encryption but the NSA loves it when you use PGP • The Register
https://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/, posted 2018 by peter in communication email privacy security
"To be honest, the spooks love PGP," Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. "It's really chatty and it gives them a lot of metadata and communication records. PGP is the NSA's friend."
Bookmark
How Google and Microsoft made E-mail Unreliable
https://penguindreams.org/blog/how-google-and-microsoft-made-email-unreliable/, posted 2018 by peter in communication crapification email google microsoft opinion
E-mail was once the pillar of the Internet as a truly distributed, standards-based and non-centralized means to communication with people across the planet. Today, an increasing number of services people rely on are losing federation and interoperability by companies who need to keep people engaged on their for-profit services. Much of the Internetâs communication is moving to these walled gardens, leaving those who want to run their own services in an increasingly hostile communication landscape.