Atwill.Com

Bill Volz's Email Software Development Blog

NAVIGATION - SEARCH

Top Lesser Known Security/Privacy concerns Today

Top Security/Privacy Concerns Today – Not a complete list but some important items that not everyone is aware of.

Metadata – Metadata is the information found about data.  Even if your data is encrypted there is still a lot of metadata that can be just as revealing as the data itself.  Some examples include…

  • Sending encrypted email – Hackers will still know whom it went to and when it went to them. 
  • Bitrates - Certain traffic bitrates can be linked to movies, music, etc.…  
  • Proxy Servers - Using an anonymous proxy?  Without random packet delay the traffic going out is easily match to the traffic going in. With this it’s not too hard to figure out what data is going where.

Lack of Perfect Forward Secrecy (PFS) usage - Many TLS implementations have refused to offer PFS.  Without this if a hacker ever obtains the private key even after the key expires all communications it ever encrypted could be decrypted.  Where do most people store their expired SSL keys?  Do they keep them just as secure as their active ones?

Lack of (PIE) Pre Internet Encryption – Unless the data you are putting on the Internet is encrypted securely using a secret key that is not stored on the internet your data is not truly secure.  

Difference of opinion – If company 1 needs the last 4 digits of your credit card in order to reset your password and company 2 gives you the last 4 digits of your credit card so you can see what card you are using this makes social reverse engineering very easy.  With enough pieces to the puzzle you can take over all accounts owned by a single entity.

Java/Java script – So many holes in the past and there will continue to be holes in the future.  Now that everything uses JavaScript.  Mozilla even removed the ability to disable this from their UI.  There are going to be many problems to come in this area.


References:

How Apple and Amazon Security Flaws Led to My Epic Hacking http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/

Wikipedia JavaScript Security
https://en.wikipedia.org/wiki/JavaScript#Security

Pre-Internet Encryption - Gibson Research Corporation
https://www.grc.com/sn/sn-307.txt

Perfect forward secrecy
https://en.wikipedia.org/wiki/Perfect_forward_secrecy

Moving IP addresses from one Windows machine to another.

Here is a useful command for moving bulk IP's from one windows machine to another.

 

Export the ip's to a file.

c\>netsh interface ipv4 dump > c:\ipstomove.txt

then import the list to another machine.

c:\>netsh -f c:\ipstomove.txt

 

Things to note:  When exporting to the file it will export using the existing interface name.  If the new machine has a different interface name this will cause problems.  You can open the file in notepad and do a replace to correct this if needed.\

Additional Tip.  If you are adding a range of IPs you can use a loop.  The below command adds a C block of address or a /24 CIDR (255 ip addresses).  Again make sure you use the correct network adapter name.


FOR /L %I IN (2,1,254) DO netsh interface ip add address "Local Area Connection" 10.0.0.%I 255.255.255.0