Bookmark
ImperialViolet - Overclocking SSL
www.imperialviolet.org/2010/06/25/overclocking-ssl.html, posted 2011 by peter in development howto networking scalability security toread
If there's one point that we want to communicate to the world, it's that SSL/TLS is not computationally expensive any more. Ten years ago it might have been true, but it's just not the case any more. You too can afford to enable HTTPS for your users.
In January this year (2010), Gmail switched to using HTTPS for everything by default. Previously it had been introduced as an option, but now all of our users use HTTPS to secure their email between their browsers and Google, all the time. In order to do this we had to deploy no additional machines and no special hardware. On our production frontend machines, SSL/TLS accounts for less than 1% of the CPU load, less than 10KB of memory per connection and less than 2% of network overhead. Many people believe that SSL takes a lot of CPU time and we hope the above numbers (public for the first time) will help to dispel that.
Bookmark
kryo.se: iodine (IP-over-DNS, IPv4 over DNS tunnel)
code.kryo.se/iodine/, posted 2011 by peter in communication free linux mac networking software windows
iodine lets you tunnel IPv4 data through a DNS server. This can be usable in different situations where internet access is firewalled, but DNS queries are allowed. It runs on Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD and Windows and needs a TUN/TAP device. The bandwidth is asymmetrical with limited upstream and up to 1 Mbit/s downstream.
Bookmark
Performance, Security & Apps for Any Website | CloudFlare | Home
www.cloudflare.com/, posted 2011 by peter in cdn development free networking scalability security webdesign
CloudFlare protects and accelerates any website online. Once your website is a part of the CloudFlare community, its web traffic is routed through our intelligent global network. We automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance. We also block threats and limit abusive bots and crawlers from wasting your bandwidth and server resources. The result: CloudFlare-powered websites see a significant improvement in performance and a decrease in spam and other attacks.
...
CloudFlare can be used by anyone with a website and their own domain, regardless of your choice in platform. From start to finish, setup takes most website owners less than 5 minutes. [...] If you are ever unhappy you can turn CloudFlare off as easily as you turned it on. Our core service is free and we offer enhanced services for websites who need extra features like real time reporting or SSL.
Bookmark
How is SSL hopelessly broken? Let us count the ways • The Register
www.theregister.co.uk/2011/04/11/state_of_ssl_analysis/, posted 2011 by peter in communication networking security toread
“Right now, it's just an illusion of security,” said Moxie Marlinspike, a security researcher who has repeatedly poked holes in the technical underpinnings of SSL. “Depending on what you think your threat is, you can trust it on varying levels, but fundamentally, it has some pretty serious problems.”
Bookmark
WiPhire | Download WiPhire software for free at SourceForge.net
sourceforge.net/projects/wiphire/, posted 2011 by peter in free linux networking security software wifi wireless
A Bash script aimed at making the Wireless Hacking process a lot easier.
Bookmark
SPF: Introduction
www.openspf.org/Introduction, posted 2011 by peter in email networking reference security spam
The Sender Policy Framework (SPF) is an open standard specifying a technical method to prevent sender address forgery. More precisely, the current version of SPF — called SPFv1 or SPF Classic — protects the envelope sender address, which is used for the delivery of messages. See the box on the right for a quick explanation of the different types of sender addresses in e-mails.
Even more precisely, SPFv1 allows the owner of a domain to specify their mail sending policy, e.g. which mail servers they use to send mail from their domain. The technology requires two sides to play together: (1) the domain owner publishes this information in an SPF record in the domain's DNS zone, and when someone else's mail server receives a message claiming to come from that domain, then (2) the receiving server can check whether the message complies with the domain's stated policy. If, e.g., the message comes from an unknown server, it can be considered a fake.
Bookmark
DomainKeys Identified Mail (DKIM)
www.dkim.org/, posted 2011 by peter in email networking reference security spam
DomainKeys Identified Mail (DKIM) lets an organization take responsibility for a message while it is in transit.
The organization is a handler of the message, either as its originator or as an intermediary. Their reputation is the basis for evaluating whether to trust the message for delivery. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication.
Bookmark
Creating a Certificate Authority and Certificates with OpenSSL
octaldream.com/~scottm/talks/ssl/opensslca.html, posted 2011 by peter in howto networking security
Now, we move on to creating a private Certificate Authority (CA). First, some explanation. The CA is used in SSL to verify the authenticity of a given certificate. The CA acts as a trusted third party who has authenticated the user of the signed certificate as being who they say. The certificate is signed by the CA, and if the client trusts the CA, it will trust your certificate. For use within your organization, a private CA will probably serve your needs. However, if you intend use your certificates for a public service, you should probably obtain a certificate from a known CA.
Bookmark
Is Your E-Book Reading Up On You? : NPR
www.npr.org/2010/12/15/132058735/is-your-e-book-reading-up-on-you, posted 2010 by peter in crapification hardware literature networking positioning privacy
"They know how fast you read because you have to click to turn the page," says Cindy Cohn, legal director at the nonprofit Electronic Frontier Foundation. "It knows if you skip to the end to read how it turns out."
...
Cohn says this kind of page-view tracking may seem innocuous, but if the company keeps the data long-term, the information could be subpoenaed to check someone's alibi, or as evidence in a lawsuit.
And it's not just what pages you read; it may also monitor where you read them. Kindles, iPads and other e-readers have geo-location abilities; using GPS or data from Wi-Fi and cell phone towers, it wouldn't be difficult for the devices to track their own locations in the physical world.
Bookmark
Truly Decentralized BitTorrent Downloading Has Finally Arrived | TorrentFreak
torrentfreak.com/truly-decentralized-bittorrent-downloading-has-finally-arrived-101208/, posted 2010 by peter in collaboration communication distributed free networking p2p software
The latest version of the Tribler BitTorrent client (Win, Mac and Linux), released only a few minutes ago, is capable of all the above and many more things that could be described as quite revolutionary. The client combines a ‘zero-server’ approach with features such as instant video streaming, advanced spam control and personalized content channels, all bundled into a single application.
...
Despite the fact that only a few thousand people are using Tribler on a monthly basis, in technological terms it is one of the most advanced clients. People who install the client will notice that there’s a search box at the top of the application, similar to that offered by other clients. However, when one does a search the results don’t come from a central index. Instead, they come from other peers.
|< First < Previous 31–40 (89) Next > Last >|