* Posts by arobertson1

24 posts • joined 11 Dec 2014

Solid state of fear: Euro boffins bust open SSD, Bitlocker encryption (it's really, really dumb)

arobertson1

Re: BBC Micro's FRAK! did a better job of encryption back in 1984.

Clever, but not immune from tape to tape. Didn't Unlock2 also crack this? Obfuscation is one thing, but true encryption without any dodgy TPM's is the only way that might stop hackers. I wonder if phone encryption works the same way? Hmmm... Memory dump + virtual phone + modified virtual firmware...

Microsoft gives users options for Office data slurpage – Basic or Full

arobertson1

Re: @Herring`- "is there a chance of any document data being sent to MS?"

I'm using Fedora Cinnamon too. Rock solid - only added Gnome Terminal as Cinnamon expects this and also Gnome Software Center which makes it easier to find software.

Can't say I'm really surprised from Microsoft - so much for "Gmail Man" or "Scroogled". I stopped using Microsoft products years ago because of the data collection. LibreOffice works just as well - I have yet to find an incompatibility with Microsoft Office providing you install the MS core fonts in Linux.

Mozilla's opt-out Firefox DNS privacy test sparks, er, privacy outcry

arobertson1

Ha, Ha, Ha. You made me laugh. I thought this was a wind up then I realised you're deadly serious! Oh well, you can't please everyone. Still, very funny though... lol. Stay off the disco biscuits!!

arobertson1

The details that I was curious about include the cipher used (hopefully not RC4), the key length and also (more importantly) what happens when the encrypted DNS request fails - does it just default to ordinary DNS? If so, then surely this could become a downgrade attack? How would the user be made aware of this in a meaningful way without inducing panic or for that matter not resolving any web page at all - that's a tricky one for Mozilla.

arobertson1

I’m a self proclaimed security and privacy nut job - I have never trusted DNS as it’s too easily manipulated and tampered with. Currently I use DNSCrypt and DNSSEC. DNSCrypt resolves with OpenDNS and is now owned by Cisco. Since Firefox 57 DNSSEC has stopped working as it was an addon and an extension was never developed for Quantum. However, DNSSEC is still working with Opera Developer.

I don’t have a problem with Cisco knowing all the websites that I visit as I’m not expecting DNSCrypt or DNSSEC to offer anonymity - use Tor if you require anonymity. There is *no difference* between using your ISP’s DNS resolver or Google or OpenDNS or Cloudflare - at the end of the day they can see which websites you have visited.

Where DNSCrypt and DNSSEC become useful is:

1) It’s encrypted! Ordinary DNS is not. This prevents simple network traffic sniffing. How many times do you think your local coffee shop has had someone sniff the traffic? And if your DNS requests are not encrypted... Well they at least know which websites your device is accessing - kind of makes it easier to use social engineering attacks if they know which bank you use wouldn’t you say?

2) It stops your ISP from auto logging your web usage and selling it to advertisers. Regardless of whether you pay for the service or not they are selling your usage details to 3rd parties with or without your knowledge. If on the other hand all that appears is DNS resolver blah, blah, blah Cloudflare then it’s not much use to them. Bear in mind your ISP also knows your phone number, email address, physical address, your bank / card details, you date of birth etc. An alternative DNS provider only knows your IP address.

3) It prevents man in the middle attacks and cross site forgeries. If you cannot break the encryption then you cannot inject code - currently there is nothing to stop this with ordinary DNS.

4) It stops ISP’s from injecting code - such as advertising and tracking (particularly mobile). It was not that long ago that “Super Cookies” were used which tracked all users. Encrypted DNS stops this.

5) Cisco / OpenDNS actively block bad web sites at source and will not resolve them preventing malware attacks. Isn’t it far more useful to prevent malware at the source rather than having antivirus software try to deal with it after it has downloaded?

6) DNSSEC helps to prevent cache poisoning and because it relies on digital signatures it can tell whether a DNS entry has been spoofed. It is an excellent way to detect whether you are actually at the genuine website or not - you will be surprised just how many websites are using cached versions rather than the real website. This prevents login credentials from being stolen.

Although they will not protect your privacy, the above reasons are so useful that I have often wished that DNSCrypt and DNSSEC were baked into the browser.

Am I bothered about Cloudflare gathering this data from Mozilla Firefox - not really as *DNS has never been anonymous nor will it ever be*. Use Tor if you want that.

As ever the devil is in the detail, but if Mozilla would care to outline how they are implementing this and if this looks like a combination of DNSCrypt / DNSSEC all rolled into one then I personally will be using it, as the security benefits are massive - this technology could be used to prevent DDoS attacks, stop malware, prevent man in the middle attacks, verify genuine websites, prevent phishing, stop credential theft, prevent cross site scripting… Why wouldn’t you want that? It’s been a long time coming and DNS definitely needs improving - kudos to Mozilla for leading the way and I would expect Google will follow shortly and do the same with Chrome too.

Google ships WannaCrypt for Android, disguised as Samba app

arobertson1

I don't know what all the fuss is all about

Go into settings, about phone, tap the build number until developer options are enabled

Go into developer options and under "PwnMyPhone"

Untick "Enable Googlebot Private Network Traversal"

It's right next to "Mask Telnet" and "Index My Pics"

Microsoft Germany says Windows 7 already unfit for business users

arobertson1

@Lotus Primus Secundus Tertius

You're right, I don't have MS Access. However, I also don't have Altos Adventure, Asphalt 8 Airborne, Candy Crush Soda Saga, Farmville Country Escape, Minecraft, Royal Revolt 2, Snapfish, TuneIn Radio.... or any other crap installed without my consent either. I think I prefer the Linux "child's effort" over the Windows "child's effort". If I want a games machine, I'll buy an Xbox.

arobertson1

I seriously couldn't care less about Windows now - I've been using Linux pretty much all the time for over a year. It's got to the stage where I have forgotten what's it's like to have the OS crap out on me / piss about with something until it works. Heck, I even have free time at the weekends! Windows 10 is the death of Microsoft - never going back now. Why did I ever put up with all their shoddy software in the first place?

Raspberry Pi Foundation releases operating system for PCs, Macs

arobertson1

Re: Acer Revo Nettop

Force audio over HDMI:

sudo nano /boot/config.txt

hdmi_drive=2

123-Reg drowns in ongoing DDoS tsunami

arobertson1

"Our protection systems kicked in immediately and the attack was contained by 10:40am"

That will be why my website is still down at 15.10 - some containment!

123 Reg Support Tickets are useless - they always wait until the problem is fixed several hours later and then proceed to tell you (cut and paste style) that they just checked your website and it is fine, just like there was nothing wrong in the first place.

I get that this is an unusually large DDoS, but at least be honest to everyone when they claim everything is fixed - it's not and it's still ongoing. Tumbleweed....

Dolphin fans freak, blast browser's bumbling bundles of bloatware

arobertson1

Re: Least bad?

"Crashy" is an understatement - try insecure. Test the browser at SSLlabs / Fortify and Panopticlick. Then use Firefox with appropriate addons - Adblock Plus, Blender, Canvas Fingerprint Blocker, Ghostery, H264ify, HTTPS Everywhere, No Resource URI Leak & No Script. Miraculously the internet speeds up a lot!

CIA says it 'accidentally' nuked torture report hard drive

arobertson1

Just Baidu it - I'm sure they'll have a copy.

Blocking ads? Smaller digital publishers are smacked the hardest

arobertson1

Genie, bottle, get back in - no chance!

The advantages of adblocking:

1) Prevent malware attacks.

2) Stop tracking / spying.

3) Internet speeds up.

4) Save money on bandwith charges.

5) Less irritation.

The disadvantages:

1) Your favourite websites lose out on revenue.

2) Ermm...

Solutions:

1) Paywall - bye, bye users.

2) Time sensitive - paid users view first, non-payers later.

3) Product placement / paid endorsement - works to a degree depending on relevance.

4) Host the adverts on the same site (won't get blocked) - will never work as the advertisers won't trust the site owner.

5) Charge the ISP's as a revenue source - would have to be voluntary but could work if planned properly.

Adobe scrambles to untangle itself from QuickTime after Apple throws it over a cliff

arobertson1
Linux

Linus Torvalds one finger salute

Hey Tim Cook, let me congratulate you with a Linus Torvalds one finger salute. I'm sick of Windows and Nadella's spyware ridden Fisher Price operating systems. You too can flippy tile off.

I really liked Windows 7, but every week some corporate knob end breaks it for their own political gain. I work with video and for the last three months patch Tuesday = Microsoft shafts my machine and the video software stops working. DON'T YOU TEST YOUR PATCHES????

Now, Apple is at it. I can be secure and have a doorstop or I can work and get hacked to bits - thanks a bunch Apple! I'll just rush out and buy your over priced, under powered i-thingy (hey I'm different and look, shiny!). Maybe you want a shot of my wife while you're at it?

Thanks to all this BS I'm now running Linux Mint Rosa Cinnamon edition. I have more control of my workflow than most so I can be flexible when changing software packages. To be perfectly honest I was expecting a lot worse than what I found and trying them out in real life workflows has meant trial and error, but on the whole I have managed to find successful solutions. I can't say that they live up to the Adobe suite (Pantone would be nice) but they're getting pretty close. Personally I would say try them and see how you get on:

First, enable your firewall first in terminal:

sudo ufw enable && sudo ufw default deny

GUFW - Nice front end GUI for UFW

GNU Image Manipulation Program - similar to Photoshop

Inkscape - similar to Illustrator

Scribus - similar to Indesign

Darktable / Lightzone / Picasa - photo workflow

Imagination - slideshows from photos

Hugin - panoramic stitcher

Batch Purifier from Colour Confidence - works in WINE

PosteRazor - print one image over many

Pixelize - make one picture from lots of small pictures

Photo Print - tile up lots of photos on one page

Kdenlive / Lightworks / Cinelerra - video editing similar to Premier

Bombono - similar to Nero video burning

K3B - similar to Nero DVD burning

Acetone - Burn ISO's

Media Info - Similar to GSpot identify codecs in video

GSpot - works with WINE

Good transcoders : Handbrake, WinFF, Transmageddon

Video Redo - works in WINE

K-Lite codec pack - works in WINE

ImgBurn - works in WINE

Blender - 3D production

If you prefer to see exif info and are missing pixel sizes, media lengths etc. then this will add them in:

sudo apt-get install nemo-media-columns

You can also customise Nemo in edit, preferences (add buttons / renaming files etc.)

Codecs (Software Manager):

libavcodec-extra-54

libk3b6-extracodecs

h264enc

ubuntu-restricted-extras

libmpeg3-1

ffmpeg - you can compile the latest version. You'll need Yasm from the software manager:

sudo ./configure

sudo make

sudo make install

VLC

Spotify

Banshee media player

Audacity - edit audio

LMMS - digital music

Ardour - midi projects

All the Libre Office suite is compatible with Microsoft Office - you can open, change and save in either and it will be fine providing you have the correct fonts installed:

Writer - similar to Microsoft Word

Calc - similar to Excel

Impress - similar to Powerpoint

Draw - the part that's missing in Microsoft's Office

Foxit Reader - similar to Adobe Reader

Calibre - eBooks

Notepad++ - works in WINE

Firefox, Thunderbird and Filezilla all work fine. (You can copy the profile folder for Mozilla Firefox and Thunderbird to Linux and it just works - fully configured. Much awesomeness!!!)

BeeBeep - Chat over LAN (configure firewall). Really useful for collaboration.

Veracrypt - encrypt your stuff

VMware Player - use VM's in Linux (Windows etc.)

Htop - shows processes (is that video editor really using all the cores for rendering?)

Catfish - file search

Bleachbit - similar to CCleaner

Lucky Backup - syncs folders

Spideroak - offline backup

Cairo Dock - epic dock similar to OS X

Applets - for your taskbar

Desklets - add clock to desktop etc.

XPad - similar to Sticky Notes

Grub customizer - just cause!

Archey - yeah I'm sad but I think it's cool

ClamTK - Anti Virus (useful for finding Windows viruses)

Avast - Anti virus

Sophos - Anti virus

If you are dual booting and your clock gets screwed up then:

sudo nemo

/etc/default

edit rcS

UTC=no

See you Tim and Satya,

…………………./´¯/)

………………..,/¯../

………………./…./

…………./´¯/’…’/´¯¯`·¸

………./’/…/…./……./¨¯\

……..(‘(…´…´…. ¯~/’…’)

………\……………..’…../

……….”…\………. _.·´

…………\…………..(

…………..\………….\…

The future of Firefox is … Chrome

arobertson1

Just give me something that has good javascript control, ad blocking, tracker blocking, super cookie blocking, secure ciphers with forward secrecy, geo-tracking removed, dom-storage disabled, network referrer off and click to play flash. Oh, wait, doesn't Firefox allow all this already?

The dummies that use Chrome do so because it came free with the packet of Corn Flakes software they installed the other day and they were too lazy / ignorant to understand that said software was also going to install Chrome. Maybe Mozilla should adopt the same tactics? "Free Kardashians wallpaper - now with Mozilla Firefox".

Microsoft did Nazi that coming: Teen girl chatbot turns into Hitler-loving sex troll in hours

arobertson1

I laughed at this at first and then I realised that Microsoft was probably quite pleased at the result - people interacted with a machine and tried (successfully) to corrupt it. They're probably in the process of putting a few guarded keywords in long blacklist to keep the P.C. brigade happy, but to be honest they would have been better off leaving it alone and appealing to a wider user base to make counter arguments against such extremist view points. Would the extremism have naturally died out with a larger consensus of opinion? That would have been more interesting to find out. Fascinating developments.

iOS flaw exploited to decrypt iMessages, access iThing photos

arobertson1

Key = 4 digit passcode + serial + salt. Salt = phone number? I hope not!

Computer says: Stop using MacWrite II, human!

arobertson1

Macwrite, Macdraw and Macpaint - them were the days. Games of Risk and Apache Strike. Fun times. Gently having to pat the Mac II's on the side to get them to boot because of bad graphic cards and the rewarding "bong" as they started up. Shortly followed by "I'll be back" shutdown or "That's all folks". To be honest the SPARC II's were abused more - in those days the whole campus was wired up with little or no security. Port 135 buffer overflows, dictionary password attacks (no salts then), call the same process in an endless loop.... crash. etc. etc.

Microsoft herds biz users to Windows 10 by denying support for Win 7 and 8 on new CPUs

arobertson1

Linux Mint

I run a small business. Here is the current set up:

1 PC using Windows 7, 3 PC’s using Linux Mint (not virtual) & 1 PC stuck on XP (short version - driver issues / don’t ask).

Most of you talk the talk about switching to Linux Mint / (Ubuntu if you must) etc. but I doubt many of you will. In most cases management will decide and you’ll just scurry along with upgrading to Windows 10, while you complain vigorously about privacy all the way (but not actually doing anything about it). That way your backs covered when the customer accounts all turn up on Pastebin - right? “Must have been Microsoft”. Wrong! P45 for you….

By far, the Windows 7 and XP PC are the most problematic in terms of keeping patched and up to date - I can spend a whole day on each fannying around with both of them getting them to work and be secure. Windows update, Adobe Flash, Baseline Security Analyzer, various software update checkers, Adobe Flash emergency out of band extra patch, Internet browsers (including IE windae licker edition), undoing Microsoft’s upgrade to Windows 10 and retro Windows 10 spyware on Windows 7 cagar, Adobe Flash extra, extra out of band update fix the second part b (honest gov - it’s the last one this month), uninstalling the obligatory Microsoft “Bork my PC now” booby trapped BSOD recommended update, Surprise!!… Pain in the arse.

Conversely, Linux Mint just works. Updates (at most) take around ten minutes. No fannying around, no double checking here there, wing and a prayer - just works.

Every once in a while I scan the network for any issues with security. Surprise, surprise it’s always the Windows PC’s that end up with the problems. In most cases Mint is so quiet on the network that nMap can’t even identify it let alone find a weakness. Windows 7 on the other hand - shut the f*** up! Yet another piece of software required…. Antivirus, Antispyware, Firewall, USB autorun prevention, ASLR, OS configurations, Application rights, Group Policy this, that, this and this, oh wait a minute that one needs a registry edit…… The list is endless. Oh s*** here’s yet another javascript OS vulnerability that bypasses the UAC. Hmmm, yes that sounds like a really sensible idea to allow .js to run natively in the OS. I luv my ransomeware Microsoft!

Look guys, the only way you will secure your data and prevent Microsoft from grabbing it all (keyloggers, wifi passwords, big jugs online or whatever) is to dump Windows 10 and use Linux. Go on, you know you want to - try it and get your social life back (No, Facebook doesn’t count).

Microsoft's dodgy new Exchange 2010 update breaks Outlook clients

arobertson1

Re: Linux v Windows updates

Well at least the bridge wouldn't fall down on me the first time someone tries to use it! Come on Alister, lighten up - it's an opinion, just like yours.

You must admit that Microsoft has made some real blunders with their updates over the last few months. This is just but one of many. They need to start testing the updates properly before releasing them. Surely you can agree with that?

arobertson1

Re: who in their right mind does this

So is that because of a bad experience with updating too quickly with Microsoft updates then? It sounds to me like you expect them not to work in the first place and then you just wait and see if anyone else has any problems before updating. Kind of like sitting on the fence between security and functionality.

arobertson1

Re: Linux v Windows updates

Aww, come on. Seriously? You're honestly saying that in the last three months Windows updates have run smoothly for you? Really? Hand on heart really? I didn't think so.

I have yet to come across a single Windows machine that hasn't had a problem with some update from Microsoft. In some cases they haven't been able to start up at all after the updates... I don't get that with Linux!

Whether you like it or not Linux updates are by far a lot easier and quicker. Microsoft are releasing these updates without testing them properly!

arobertson1

Re: Linux v Windows updates

Thus speaketh the last Vista user... Never heard of Open Xchange then? Sorry boys but Linux is better at updating than Windoze.

arobertson1

Linux v Windows updates

Linux:

sudo apt-get install update && sudo apt-get upgrade

Job Done. Estimated time taken: below 5 minutes.

Windows:

Run Windows update

Upgrade ActiveX

Re-run Windows update

Attempt to install

Repeat failed installation

Visit Microsoft's download website, search for KB and manually download it

Run manual installer

Reboot

Try windows update again

Repeat above until no more updates

Lack of faith prompts running MBSA

MBSA fails to update or runs without updating after long wait

Suspect MBSA not working properly and manually download update

Select option to run manual update

True enough - more patches required

Download patches manually

Re-run / re-boot / re-check several times

Software stops running properly

Attempt to diagnose problem

Assume latest updates are problem and isolate the problem

Roll back update causing problem

Re-check other updates not affected

Re-run MBSA and ignore problem update

Pull hair out and wonder how the world hasn't ground to a halt

Time taken: 1 Day

Hmmm, will my next operating system be Windows 10 or Mint 17?

Biting the hand that feeds IT © 1998–2019