Archive for the 'Security' Category

Another nail in the privacy coffin

Friday, January 23rd, 2015

This is another thing the EU is cooking up. This document wasn’t intended for the public, of course. Basically, the EU wants providers (web sites) to provide them with the secret encryption keys for SSL. Since the Snowden revelations, internet and telecommunications companies have started to use often de-centralized encryption which increasingly makes lawful interception […]

How even key escrow won’t work for Cameron

Thursday, January 22nd, 2015

How is Cameron going to ensure that law enforcement can read all communications? One way would be to provide systems with ”back doors”; introducing intentional vulnerabilities. We all know that won’t work. Or rather will work much better than intended, if you get my drift. Some, including Steve Gibson, maintain that it can in fact […]

You cannot trust

Sunday, January 4th, 2015

Caspar Bowden spoke at the 31c3 conference. Snippets: I told my technology officers at MicroSoft that if you sell cloud computing services to your own governments, this means that the NSA can do unlimited surveillance on that data. […] two months later they did fire me. “Technology officers” represent MicroSoft in their respective countries. On […]

Possible upcoming attempts to disable the Tor network

Saturday, December 20th, 2014

Possible upcoming attempts to disable the Tor network | The Tor Blog: “The Tor Project has learned that there may be an attempt to incapacitate our network in the next few days through the seizure of specialized servers in the network called directory authorities.” This is bad.

SRX100 Junos dynamic VPN, Win7, OSX, VPNTracker

Monday, March 3rd, 2014

(Update March 6, 2014: The Junos “standard” proposal actually includes 3DES in both phase 1 and phase 2, still making it hard for VPNTracker to connect. What we need to do is create a custom proposal for each phase with only AES in it. I updated the text to reflect that.) (Update November 11, 2014: […]

Southend Enterprises scam

Tuesday, September 3rd, 2013

Just this afternoon I got a call from “iAssist” who wanted to fix my computer, since it had malware, or was out of support or something. It was the regular fare with them taking over my computer to “fix” it for me. So I let him do just that. While I “doddered” around and “tried” […]

An ode to Juniper

Friday, October 1st, 2010

I have a Juniper SSG-5 and the school I’m doing the network setup for also got one identical unit on my recommendation. I wanted to set up a fixed VPN between the two but failed miserably, so I logged a support request with Juniper on my machine, which is still in warranty but without any […]

EHR systems are liars

Thursday, July 29th, 2010

I’m just copying a post here I just did to a closed forum for CISSPs. A couple of days ago, I had to create a death certificate in Cosmic, the EHR system produced by Cambio Healthcare Systems and used in many provinces of Sweden and increasingly abroad. So, I opened up the records for the […]

OSX, FreeRadius, Netscreen, and me

Saturday, May 29th, 2010

Oh, wow, this was crazy. What I needed to get done is to have a Juniper SSG-5 firewall (which runs Netscreen OS 6.2) authenticate users from the FreeRadius server that runs by default in OSX Snow Leopard server (10.6.3). And I needed the SSG-5 to differentiate depending on groups on Open Directory on the OSX. […]

Design for updates

Monday, April 26th, 2010

When designing new system architectures, you really must design for updating unless the system is totally trivial. This isn’t hard to do if you only do it systematically and from the ground up. You can tack it on afterwards, but it’s more work than it needs to be, but it’s still worth it. I’ll describe […]