Encrypt all the things!

Posted on
of 102
First Prev
/ 102
  • I have (or had) a Virgin one sitting around gathering dust. I don't know if we threw it out yet or not but you could have it.

  • Mines Virgin too and another one is on my list. I do have a spare in the loft but it can't run [whatever that softwarw is from that website].

    Tbh the pi-hole is working right now on my phone, my OH's laptop, and my laptop (or it was until the internet fucked up on it again). And those devices, in that order are the most important.

    It took about 3wks to get the energy to buy what I needed and then another 3wks to carve out the free time to set it up.

    I've now also got to record old home movies and help modify a children's kitchen... and fix my stupid laptop's internet.

    Tl;dr - I'm going to mitigate the risk of hippy's weirdo mate using my wifi by not inviting him over.

  • Thanks man. But I've got a spare and there's a spare at work.

    Which reminds me, does anyone want a gs110 switch for £25?

  • To people using on their iPhones - is it eating like 20% of your battery as well?

  • Yup, uninstalled it.

  • It as fine until the Warp update

  • Thanks for all the pihole advice, I'm going to leave that until last and get the network sorted first. For the network I think I'm going to go with a simple Ubiquiti network, that stuff looks great. I've decided I'm not to concerned about running VPN at router level, local apps are fine for me I think.

    Any thoughts on this PIA merger? I haven't read up but it's initially quite off putting, I've just renewed too.

    Tempted to have a look at mullvad and proton.

    Edit: Just found some info here: https://www.youtube.com/watch?v=mRMxNiEM­qmM&t=2802s

  • If I wanted to monitor and control stuff thats on my WiFi sends out, whats the best / easiest route? Pihole?

    I found something called a Firewalla that plugs in between and acts as a gatekeeper. Is this any good? Does it sounds like a noob could use? Pihole do this?

    I am curious I can control the silly things like otp WiFi plugs or switches sends data out about me I don't know.

  • https://twitter.com/ppentestlabs/status/­1202906268991664128

    They double down on the stupid in the thread.

    2 Attachments

    • wtf.png
    • stupid.png
  • How can I tell if I have true end-to-end encryption?

    I have local admin on a Windows 10 laptop, and I control the domain that I am connecting to (either over https or ssh)

    I don't control any locally installed anti-virus / monitorware / group policy, nor local network / gateways

    Is it still possible that local IT could do a man-in-the-middle & see what I am doing - They can obviously see that I am on lfgss.com, but can they see anything else?

  • The easiest way to see what you're doing isn't to try and decrypt the web traffic but just to serve the DNS and look at the DNS logs.

    DNS is not encrypted, so why do anything harder. The logs reveal which local IP address asked for which domain name.

    It's hard to stop this, but if you use Firefox and enable DNS over HTTPS then your DNS will be encrypted too.

    At that point all anyone can tell is which IP you've connected to. But with SNI certificates, without a host head known in advance, most websites will not return anything and only the smaller sites where a single site is on an IP would reveal what you are looking at - were someone manually checking.

    So assume your DNS is leaking everything despite encryption everywhere else, and isolate browsing you want to keep private to Firefox, and ensure DNS over HTTPS is enabled (it's only default enabled in the USA right now as it's a new feature).

  • Thanks David!

    If I'm wanting to be super-duper secret squirrely, I run an ssh tunnel on localhost, and connect to this as a socks5 proxy (incl. DNS)

    My concern is that this may not be as secure as I would have thought*, and that because this is a work laptop, there is a root certificate that means I don't have true end-to-end.

    Similarly, if I'm just browsing on the network with no tunnel (when I don't really care if the DNS queries are visible), can I be sure that when I am accessing my cloud server, what I am looking at is not being monitored. The certificates all look to be the ones I installed.

    * Based on a convsersation with my local IT person, who made a comment about why I was searching for keys, when we were talking about yubikeys & 2fa - The irony of this is not lost.

  • if you use Firefox and enable DNS over HTTPS then your DNS will be encrypted too.

    When did that become a thing?

  • Last few months.

    Default in the US build. Optional on the British build of Firefox.

  • If you're that worried, don't look at porn on the work laptop

  • I just enabled it. Nothing broke. You guys do this free then?

  • It barely registers as a cost in any way, and it aligns with our mission, so yes... All for free

  • don't look at porn on the work laptop

    It's not the 90s any more - Is anyone that daft?

    Of course, not using a work laptop for anything other than work is the correct answer,

    But - given that there are sites that I have browsed at work that, while not objectionable / actionable, have content that may be nonetheless embarrassing and / or could make life awkward - is there any way to identify if the connection is compromised by, for example, root certificates (not that I can see any).

  • New Q

    Yubikeys. They're pricey. Is there any danger in buying them second hand?

  • Anyone notice iVPN speed tank in the last few months? Tried a few locations and they're all slow. Thought maybe they've been throttled? I'm going to try changing ports and stuff but thought I'd ask.

  • I am SOOOO annoyed...

    I've set up a Yubikey to access KeePass. has worked fine for ages. Today, i insert the key and my PC informs me immidately that it has set it up for use....


    Turns out it has formated the password...

    Fuck you Yubikey!

  • But you have two right? Two yubikeys with the same info?

  • no...

    I'd ask why... But now i know why...

    But can you tell me why my pc decided to format the key?!?! And if i did have a second one, how do i know it wouldnt happen again?!

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview

Encrypt all the things!

Posted by Avatar for Velocio @Velocio