Profile

Cover photo
Sean M
AboutPosts

Stream

Sean M

Shared publicly  - 
 
Animals of The Jungle Book

Yes, one of the animals is extinct but not because of humanity -- that's a click bait implication. Otherwise an interesting read.
 
At least one of the real animals in "The Jungle Book" is now extinct, and many in the new film—based on Rudyard Kipling's 1894 book—are endangered. 
13 comments on original post
1
Add a comment...

Sean M

Shared publicly  - 
 
ProTip

Via +David Ford
5
Add a comment...

Sean M

Shared publicly  - 
 
Anonymity, Burner Phones, and Penetration Testers

Lawmakers are proposing a requirement for burner phones to combat criminals. Unfortunately, this would also impact the ability of penetration testers and security researchers to obtain anonymity. This may not seem like a big deal at first glance but it is. Security researchers and penetration testers are sometimes investigating criminals, so they need the ability to protect their privacy. This law would impede criminals but it was also impede those that investigate crime. 
You'd have to provide ID like you do for regular service.
1
4
Add a comment...

Sean M

Shared publicly  - 
 
Verizon has a Good Opinion?

Verizon comes out for strong encryption. However, with the caveat that the debate should be up to Congress (along the lines of what Apple wants, too). Personally, I don't think there is much to debate when it comes to backdoors and I don't particularly trust Congress to agree.

Still, I have to begrudgingly accept that Verizon and I agree on something to do with privacy. Thank you, Verizon.
 
Verizon's CEO weighs in on Apple vs. FBI, supports "the availability of strong encryption with no backdoors" 
Verizon Communications Inc supports "the availability of strong encryption with no backdoors," Chief Executive Lowell McAdam said on Wednesday, weighing in the showdown between Apple Inc and U.S. authorities over mobile device encryption.
6 comments on original post
1
Add a comment...

Sean M

Shared publicly  - 
 
Linux Mint Cinnamon (Direct Download) Poisoned on 20 Feb, 2016 Ongoing

*Servers DOWN due to continued malicious redirects! *

If you directly downloaded Linux Mint Cinnamon edition on 20 Feb, 2016, then you should follow the steps outlined. Hackers pointed the direct download link to a version with a backdoor.

Other Desktop Environments and download sources (ie torrent) appear unaffected.

One way to check is boot your ISO as live image.
Once in the live session, if there is a file in /var/lib/_http://man.cy__, then this is an infected ISO._

For firewalls and log checking...
The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to _http://absentvodka.com__._

I'm sorry I have to come with bad news. We were exposed to an intrusion today. It was brief and it shouldn't impact many people, but if it impacts you, it's very important you read the information below. What happened? Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to
3
14
Sean M's profile photoRonald Parker's profile photoMike Verdun's profile photoDrew Bannister's profile photo
12 comments
 
I actually downloaded LMC last week...
Add a comment...

Sean M

Shared publicly  - 
 
Consent - Why so difficult?

Perhaps this video will help put consent in perspective. No means no, and yes can be rescinded at any time. 
1
Add a comment...

Sean M

Shared publicly  - 
 
NAS vs Desktop HDDs

An interesting look at what differentiates desktop and NAS HDDs, and if it really matters.
 
() Starting in 2012 hard drive vendors got serious about producing duty-specific hard drives. With the growth of the NAS, surveillance, and cloud-based categories aligning well with massive data explosion, the pains around storing lots of data in a cost effective manner became real for everyone from individuals through large enterprises.
View original post
1
1
Add a comment...

Sean M

Shared publicly  - 
 
Uninstall QuickTime for Windows ASAP

There are 2 critical vulnerabilities in QuickTime for Windows and no patch coming from Apple. Just let it go and move on to more secure media players.

US-CERT has also posted a bulletin about the issue and recommendation.
 
The United States Computer Emergency Readiness Team, US-CERT, issued an alert on Thursday advising Windows PC users to uninstall Apple’s QuickTime video player.
US-CERT issued an alert on Thursday advising Windows PC users to uninstall Apple’s QuickTime video player.
View original post
2
Add a comment...

Sean M

Shared publicly  - 
 
 
This week we’re recognizing cryptographer Whitfield Diffie. Diffie is best known for his work with the concept of public key cryptography. He introduced the Diffie-Hellman key exchange with Dr. Martin Hellman and Ralph Merkle. Diffie received the @IEEE Awards’ Donald G. Fink Prize Paper Award in 1981, the Golden Jubilee Award for Technological Innovation from the IEEE Information Theory Society in 1998, and the IEEE Richard W. Hamming Medal in 2010.
View original post
1
Add a comment...

Sean M

Shared publicly  - 
 
Zero-Knowledge Cloud Storage?

When it comes to cloud storage, the top options -- Google Drive and Dropbox -- are great for convenience but the data can be viewed by the server admins. A user can encrypt the data before storage on the services but that isn't always foolproof if the application is insecure or requires a multitude of additional authentication management (eg a different password for every container). Temp files could also be leaked if using an auto-sync configuration.

There are Zero-Knowledge options that accomplish the goal in a similar fashion where data is encrypted on the client machine before storage in the cloud and provide a more robust UI. 

Which offering do you prefer?
What kind of environment do you use the product with?
> OS requirements? (Windows, Mac, Linux, iOS, Android, etc)
> Mobile requirements?
> Two-factor authentication?

Obviously, VPN access to one's home network is also an option. However, I am curious about third-party options.
32 votes  -  votes visible to Public
SpiderOak
16%
Tresorit
0%
Sync
9%
Mega
22%
OwnCloud
53%
2
1
Otto von Metzger's profile photoEthan S.'s profile photoSean M's profile photo
7 comments
Sean M
 
So, SpiderOak seems popular but I don't understand why.

> Their Android app looks extremely outdated.
> No 2FA. 
Add a comment...

Sean M

Shared publicly  - 
 
VPN Review 2016

TorrentFreak has released its 2016 review of VPN services.

For those unfamiliar with TorrentFreak and their periodic VPN review, they ask a set of standard questions to reveal how the provider protects privacy.

1. Do you keep ANY logs which would allow you to match an IP-address and a time stamp to a user of your service? If so, what information and for how long?

2. What is the registered name of the company and under what jurisdiction(s) does it operate?

3. Do you use any external visitor tracking, email providers or support tools that hold information of your users / visitors?

4. In the event you receive a takedown notice (DMCA or other), how are these handled?

5. What steps are taken when a valid court order or subpoena requires your company to identify an active user of your service? Has this ever happened?

6. Is BitTorrent and other file-sharing traffic allowed on all servers? If not, why?

7. Which payment systems do you use and how are these linked to individual user accounts?

8. What is the most secure VPN connection and encryption algorithm you would recommend to your users? Do you provide DNS leak protection and tools such as “kill switches” if a connection drops?

9. Do you offer a custom VPN application to your users? If so, for which platforms?

10. Do you use your own DNS servers?

11. Do you have physical control over your VPN servers and network or are they hosted by/accessible to a third party?

12. What countries are your servers located in?
1
Add a comment...

Sean M

Shared publicly  - 
 
IPv6, Router Advertisements, and Mobile Devices

Mobile device battery life is dependent on the ability of the device to enter a low-power consumption when not actively used. Techniques, such as Doze on Android, attempt to maximize a mobile device's time in low power state by queuing high-power tasks and periodically handling them in bulk.

When a mobile device receives a Router Advertisement (RA), it will typically exit its low power state to process it.  If this happened infrequently, this would not be particularly bad. Unfortunately,  on many networks this can happen very frequently due to router configuration or the amount of users on the network. On some networks, routers can send out RAs every 7-10 seconds. Crowded networks can also be inundated with RAs. 

Given this reality, it is now being recommended as a best practice for networks to limit RAs to 7 per hour.

RFC 7772: https://tools.ietf.org/html/rfc7772
 
How bad router configs can drain the battery life of your handheld devices, even while in sleep mode
Rogue routers can launch DoS attacks on your phone's battery
View original post
2
1
Gianmario Scotti (Mario)'s profile photo
 
What is that nice phone with removable battery, I wonder.
Add a comment...
Work
Occupation
IT Guy
Links
YouTube
Basic Information
Gender
Male