Privacy Online – DNS over TLS

Your Internet Service Provider [ISP] is watching everywhere you go on the internet. They are harvesting that information and selling it to the highest bidder. The easiest way for them to do this is to watch the DNS – Domain Name Service – requests coming from your network. DNS is the Internet Phone Book and every time you visit a website, or play a video or anything – from your phone over WiFi or from your computer, your computer or phone looks up the IP address – a number – based on the Domain Name – a text string. And DNS is the protocol that does this. Normal DNS is completely in the clear. That is, it is not “Encrypted” in any way. Once you reach a website, to purchase something or look at your Facebook page or whatever, almost all sites are “Encrypted” so that nobody can eavesdrop on what you are doing. This all happened a few years ago after folks were sniffing everyone’s Facebook pages in coffee shops and libraries. But I digress.

DNS has only just recently been fixed. And up until now, and until you fix your network, as I outline below, your ISP is sniffing all your DNS requests, because they can. This means they know everyplace you go on the network.

Continue reading “Privacy Online – DNS over TLS”

Logging Your Public IP Address

I’ve recently had problems with my internet service. My DSL router is apparently re-syncing causing my public IP address to change. Apparently my ISP uses PPOE rather than DHCP, and apparently PPOE does not allow “Reservations”, which allows a client computer to use the same IP address if it reconnects within a given amount of time. Your home router uses DHCP, which does do reservations, so your computers LAN IP address does not change if the computer connects every 24 hours, which I understand is the default “Reservation” time.

Re-synching is not only a problem because the internet is out for a short amount of time, but also because the IP address change causes some games to require that you “Verify” your IP address by reporting a code that is sent to your email account. This is obviously an issue if the Re-Sync happens several times per day.

After quite a bit of research I found a windows service that logs the Public IP address to the Windows Event log every 15 minutes. I run one of my windows systems all the time, since it’s running Carbonite, so this system will run the PublicIpLogger program.

If you want to use the program, it’s on GitHub here. This is the forum post that mentions this program.

From Github, download the setup.exe file and run it. Then you can enter “view event log” into Cortana and you should see a choice to run the windows event viewer. The program logs your public IP address to the event log every 15 minutes.

As shown, under Application and Service Logs, find the PublicIpLogger events and there are a number of events that show the Public IP address, whether they have changed or not.

Enjoy,

:ww

Why Use a Password Manager?

Why should you use a password manager? Well, here’s a reason.

So your password can’t be cracked.

and

So you can easily use a different password for every site.

If one site is hacked, then the bad guys will try your email and password at lots of other sites just to see if they get a hit. Same password on different sites? Bad idea.

Let’s look at the math of password cracking.

There are about 3000 common words in English, and most other languages.

So if you pick, for example, an easily remembered password containing two words, with initial capital letters, and then follow those two words by three numbers, you get:

300030001000 possible passwords or:

Sounds like a big number, right? Not really. Not only can modern graphics cards whiz through these in a few hours, but if the website where passwords were stolen did not use a different “Salt” for every password hash, then they can “pre-make” a list of the hashes and then look for matches in much less time. Instantly. It’s just a look in a table rather than a search with billions of calculations. Does the site where you last typed in your credit card “salt” their hashes? Salting is adding some gobbly gook to your password before they hash it. And the gobbly gook is different for every customer. Yep. Keeping track of passwords is that complicated. I’m not going to cover it all here. Just saying, it’s a complicated business and many companies short cut the process, or don’t use modern security methods to keep track of passwords.

Secure Passwords and Password Managers

Continue reading “Why Use a Password Manager?”

BlockChain – Not the New DRM Solution

The latest hot startup fashion is Block Chain. Of course this is based on the popularity, and understanding of the advantages of BitCoin.

There are musicians running around thinking that Block Chains are going to save the day in protection of Music. I haven’t heard of Disney or others running around with their hair on fire about protecting movies with Block Chains, yet. Perhaps Block Chains will at last save Mickey Mouse from rampant copyright? Somehow I don’t think so.

Let’s quickly examine what block chain is good for, and what it won’t do.

Continue reading “BlockChain – Not the New DRM Solution”

CyberWar – The War is On

As I write this we are seeing daily reports of hacking and break-ins to commercial and defense enterprises world wide:

Sony network down for over three weeks with customer passwords, emails and credit card information information stolen.
Anti-bank Trojans stealing millions of dollars from customers’ bank accounts in Brazil.
Oakridge National Laboratory was the target of a spear-phishing attack that only compromised a few megabytes of data before it was stopped.
Millions of dollars being stolen from cell phone users in China by viruses infecting smart cell phones.
The Stuxnet worm infects Iran’s nuclear program.

But it seems we are not doing a set of straight forward things that we can do to prepare for and mitigate the impact that cyber war is having on this country. We can start with some simple and comparatively inexpensive steps.

Continue reading “CyberWar – The War is On”

Vista x64 Hall of Shame

Here is a list of products that do not support Vista x64. This is shameful for several reasons:

Vista is the currently shipping OS and x64 is the “Ultimate” expression of that OS.
Vista x64 is the second generation of x64 OSs, so it is hardly brand-new and the requirements for supporting the system are well known
Most medium to high end systems are x64 capable.
Most high end system support as much as 4GB of memory.
One can only make use of 4GB of memory with an x64 edition OS. With an x86 edition one only can address 2.7 or 3.5GB of memory depending on the hardware available. See this Alienware Support post.

Continue reading “Vista x64 Hall of Shame”

XML Signatures to Protect Settings Files

When settings files are transferred as part of a program update, it may be interesting to assure that the files are not corrupted, or changed in such a way that the program is compromised. One can do this with XML Signatures.
Continue reading “XML Signatures to Protect Settings Files”

XMLSEC Libs with VS 2005

Trying to build an XML Signing application using the XMLSecurity Library.
Using Visual Studio 2005, and Windows Forms.
And also eventually Ubuntu 7.10 with KDEV. [not started yet]
Continue reading “XMLSEC Libs with VS 2005”

Secure Email Setup

This tutorial shows you how to set up Secure Email using Outlook Express and a free Digital ID or certificate.
Continue reading “Secure Email Setup”

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

So your password can’t be cracked.

and

So you can easily use a different password for every site.

3000*3000*1000 possible passwords or:

Secure Passwords and Password Managers

300030001000 possible passwords or: