Vegard Skjefstad

www.vegard.net

Menu Close

Tag: PRISM Break (page 2 of 5)

We Need to Toot About Mastodon

Is Mastodon the silver bullet, or yet another social media dud?

First of all, we’ll have to clarify one thing. This post isn’t about the American heavy metal band Mastodon. It’s about the social network Mastodon. You’d think that the creator of Mastodon (the social network) would to at least a little research before picking a name, but apparently not.

With that out of the way, let’s get on with it.

The internet is great. It makes it incredibly easy to for us to connect, share, and educate ourselves. It’s also a place where trolls breed and feed, and hate is amplified. The anonymous nature of the series of tubes that is the internet often brings out the worst in people. There are few things that will make you lose faith in humanity faster than reading comments on a random, high-traffic site on the internet.

Historically, any lack of anonymity has restrained the trolls to a certain degree. And life was good. But with the rise of social media sites like Facebook and Twitter, we’ve seen that some people really don’t need anonymity to go absolutely nuts. They’ll write and share whatever they think about race, sexual orientation, global warming, and other heated topics. This has turned many social media sites into very hostile environments, and people are looking for alternatives.

So wouldn’t it be great if there was a Twitter, but without all the hate and hostility? Mastodon tries to be just that, but can it succeed?

Read more

Defeating PoisonTap (and Other Dirty Tricks) with Beamgun

Late last year, a neat little device called PoisonTap surfaced. With it, anyone can easily steal passwords, credit card numbers and other sensitive data from any computer – even when it’s locked. But hot on the heels of PoisonTap came its antidote: Beamgun.

PoisonTap takes advantage of Windows’ and OS X’ inherit trust in devices connecting to USB and Thunderbolt ports. A lot of different devices can be connected to these ports. Keyboards, mice, printers, scanners, storage devices, and network cards. Just to name a few. Both Windows and OS X will happily activate whatever device is connected without asking the user if it’s OK. Even if the computer is locked. Because if someone has physical access to the computer, they always have good intentions. Right? Wrong. It’s a terrible assumption to make, and one PosionTap takes advantage of. A better assumption is that everyone who has access to a computer has malicious intentions.

When connected to a USB or Thunderbolt port, PoisonTap quickly registers itself as a network card, and effectively becomes a man-in-the-middle (MitM) on the computer. As a MitM, PosionTap can intercept all inbound and outbound network traffic.

Read more

PoisonTap – The $5 Tool That Steals All Your Stuff

A while back I wrote about the WiFi Pineapple, a wonderful little device that can be used to “audit”1 wireless networks. The device makes it surprisingly easy to act as Man in the Middle (MitM), a technique used by hackers to effectively steal all your passwords and credit card numbers. The cheapest version of the WiFi Pineapple, the Nano, costs just shy of $100. Not a lot of money, but it’s a bit too much for me to spend on a device that can’t be used for anything cool without breaking more laws than I can count. But now there’s a new toy available that does many of the same things as the WiFi Pineapple: PoisonTap.

Price tag? Around $5.

PoisonTap also plays the role as the MitM, but there’s a big difference. While the WiFi Pineapple hijacks wireless networks, PoisonTap needs physical access to the computer you wish to audit. Because of that, it’s easy to dismiss PoisonTap as pretty useless. It’s hard to get physical access to an unattended computer, isn’t it? No, it’s not. If you’re working in an office environment, simply take a look around you at lunch time. And if you have access to a conference center or a hotel, take a look inside. I bet you can find an unattended computer within minutes.

Another reason you might dismiss PoisonTap as worthless, is the size of the delivery vehicle. The version of PoisonTap demoed by its creator, Samy Kamkar, runs on a Raspberry Pi Zero. While the Zero is small, it’s not exactly invisible, and not hard to spot. But the PosionTap software doesn’t have to run on a Raspberry Pi, it’s possible to install it on even smaller computers. Both LANTurtle or USB Armory are viable options. Not too easy to spot one of those connected to the back of the workstation tucked under your desk, is it?

On top of that, the PosionTap doesn’t have to be connected for long. Just leave it plugged in for a minute or two, then pull it out, and walk away. The target computer is now infected, and a persistent backdoor has been installed.

Read more

Facebook Sucked Me Back In!

In 2011, I deleted my Facebook account. But now, through my selfish need to spread the good word, my old nemesis has sucked me back into its cold and clammy embrace.

Deleting a Facebook account can quickly prove to be social suicide. In my case, that wasn’t much of a problem. Contrary to what you might have heard in April, I’ve never had an outrageously active social life. The people I spent time with still answered they phones, and Anniken, who was on Facebook, was my other social lifeline. Even without Facebook, I’ve somehow miraculous managed to get on with my life, and function like a normal human being for the past five years.

A while ago, however, I decided to start dabbling in cryptocurrency. More precisely, I wanted to get a Steemit account. Steemit is a bit like Reddit, but its users don’t seem to be narcissistic trolls who want to see the world burn. Also, the content on Steemit is mostly user generated, whereas Reddit functions a lot more like a link machine. The most attractive feature of Steemit, however, is that users get paid for the content they create. If you write a popular article, you are awarded with STEEM, the platform’s cryptocurrency. STEEM can then be traded on one of the many cryptocurrency exchanges.

There was one huge issue with Steemit at the time, though: You had to have a Facebook account to register.

Read more

The Final PRISM Break Push: Secure & Private E-Mail

Ever since whistle-blower Edward Snowden exposed government security agencies around the world as lying bastards1 who spy on our every move on the internet, I’ve gradually taken steps to tear myself away from Big Internet. In my PRISM Break series of posts, I have – over the last two and a half years – ditched the closed source browser Opera in favor of Mozilla Firefox, replaced Google with DuckDuckGo as my default search engine, and moved all the content I had on public cloud storage services to a self-hosted ownCloud server.

But there is still one thing that ties me to the prying eyes of FVEY & Friends: E-mail. For a long time, I’ve been using Google’s Gmail to cover my (declining) e-mail needs. Why? Because it’s free, has tons of storage space, and is very reliable. But Google has to earn money somehow, right? Of course. They do this by having a look-see through your private e-mail correspondence:

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection. This analysis occurs as the content is sent, received, and when it is stored.

The above paragraph is copied from Google’s current terms of service (archived version). Unlike government security agencies, Google is perfectly honest about what they are doing with your data. So if you’re OK with Google snooping, then Gmail is a great service. I’m not OK with that, and about eight months ago I started the hunt for an e-mail provider that takes security and privacy seriously.

Read more

Copyright © 2000-2019 www.vegard.net | Privacy Policy | Statement of Audience | Hosted on vbox4.vbox-host.com