jm + vpn   9

Virgin Media Ireland hate people working from home
What the hell, Virgin?
Section 12: Use of Virtual Private Network (VPN)
As stated above, the Virgin Media Services are for residential use only and we do not support the use of VPN. If we find you are using VPN we may instruct you to stop using it and you must comply with this request. This is in order to prevent problems with our network and other Internet users.
virgin-media  virgin  upc  isps  ireland  teleworking  telecommuting  home  vpns  vpn 
may 2016 by jm
Excellent post from Matthew Green on the Juniper backdoor
For the past several years, it appears that Juniper NetScreen devices have incorporated a potentially backdoored random number generator, based on the NSA's Dual_EC_DRBG algorithm. At some point in 2012, the NetScreen code was further subverted by some unknown party, so that the very same backdoor could be used to eavesdrop on NetScreen connections. While this alteration was not authorized by Juniper, it's important to note that the attacker made no major code changes to the encryption mechanism -- they only changed parameters. This means that the systems were potentially vulnerable to other parties, even beforehand. Worse, the nature of this vulnerability is particularly insidious and generally messed up.

[....] The end result was a period in which someone -- maybe a foreign government -- was able to decrypt Juniper traffic in the U.S. and around the world. And all because Juniper had already paved the road.

One of the most serious concerns we raise during [anti-law-enforcement-backdoor] meetings is the possibility that encryption backdoors could be subverted. Specifically, that a back door intended for law enforcement could somehow become a backdoor for people who we don't trust to read our messages. Normally when we talk about this, we're concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that. The problem with cryptographic backdoors is not that they're the only way that an attacker can break intro our cryptographic systems. It's merely that they're one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes.


(via Tony Finch)
via:fanf  crypto  backdoors  politics  juniper  dual-ec-drbg  netscreen  vpn 
december 2015 by jm
ImperialViolet - Juniper: recording some Twitter conversations
Adam Langley on the Juniper VPN-snooping security hole:
... if it wasn't the NSA who did this, we have a case where a US gov­ern­ment back­door ef­fort (Dual-EC) laid the ground­work for some­one else to at­tack US in­ter­ests. Cer­tainly this at­tack would be a lot eas­ier given the pres­ence of a back­door-friendly RNG al­ready in place. And I've not even dis­cussed the SSH back­door. [...]
primes  ecc  security  juniper  holes  exploits  dual-ec-drbg  vpn  networking  crypto  prngs 
december 2015 by jm
Use sshuttle to Keep Safe on Insecure Wi-Fi
I keep forgetting about sshuttle. It's by far the easiest way to get a cheapo IP-over-SSH VPN working with an OSX client, particularly since it's in homebrew
ssh  vpn  sshuttle  tunnelling  security  ip  wifi  networking  osx  homebrew 
december 2014 by jm
xelerance/xl2tpd · GitHub
IRR-recommended self-hosted VPN endpoint implementation
vpn  l2tp  tunneling  internet  privacy  security  xl2tpd  xelerance  via:irr 
december 2013 by jm
Tunlr
'uses DNS witchcraft to allow you to access US/UK-only audio and video services like Hulu.com, BBC iPlayer, etc. without using a VPN or Web proxy.' According to http://superuser.com/questions/461316/how-does-tunlr-work , it proxies the initial connection setup and geo-auth, then mangles the stream address to stream directly, not via proxy. Sounds pretty useful
proxy  network  vpn  dns  tunnel  content  video  audio  iplayer  bbc  hulu  streaming  geo-restriction 
january 2013 by jm
apenwarr/sshuttle - GitHub
'Any TCP session you initiate to one of the proxied IP addresses [specified on the command line] will be captured by sshuttle and sent over an ssh session to the remote copy of sshuttle, which will then regenerate the connection on that end, and funnel the data back and forth through ssh. Fun, right? A poor man's instant VPN, and you don't even have to have admin access on the server.'
vpn  ssh  security  linux  opensource  tcp  networking  tunnelling  port-forwarding  from delicious
january 2011 by jm
Draft Functional Spec of Hadopi "securisation" software
Crazy suggestions leaked from the French anti-piracy authority. Mandatory host-based and router-based anti-piracy software and firmware with blocklists of suspect keywords, suspicious applications, TCP ports, protocols; detect suspicious apps installed; detect use of open wifi; detect use of anti-filtering/anti-blocking "workarounds" (ie. VPNs and Tor). Log all this to a dual journal, one of which will be encrypted using key escrow (presumably for use in prosecutions), retaining data for a year. Basically, a mandatory snooping infrastructure. Where would this leave Macs and Linux for French users?
hadopi  piracy  filtering  snooping  big-brother  1984  via:adulau  vpn  tor  blocklists  from delicious
july 2010 by jm
NeoRouter
establish an overlay, encrypted private "virtual LAN" for a small set of machines. like Hamachi, except it supports Macs, Linux, and a range of WRT54G firmware; can run off a USB stick
firewall  hamachi  network  openwrt  remote  router  security  vpn  desktop-sharing  neorouter  tomato  from delicious
july 2010 by jm

Copy this bookmark:



description:


tags: