There’s been a lot of talk about the data sent by a Windows 10 machine back to Microsoft. Some researchers have even found evidence of data being sent even when all available privacy settings are enabled. There is an emerging market for tools that will nobble Windows 10’s data collection, but who knows whether they work, or even if they’re malicious. Thankfully there is another way: if you run a local resolver, you can configure it such that DNS queries for domains linked to telemetry will always fail. Here’s how it’s done.
It’s several weeks now since Google announced that they are phasing out support for certificates signed with the SHA-1 algorithm. The end result will be that, starting in Q1 2015, SHA-1 certificates with long expiry times will be treated as completely invalid by Chrome.
Unfortunately, upgrading to SHA-256 certificates will break Internet Explorer on pre-SP3 versions of XP in a horrible way. Users will get the IE Generic Page of Awfulness, making it look like your site is down.
I’ve been running WordPress 3.0.5 for a while now, as it’s the version in the current Debian ‘stable’ repository. For a while now I’ve been meaning to move to the latest and greatest (which, as I write, is 3.3.1), but didn’t want to mess about with pinning in apt to run a ‘mixed system‘. WordPress has had its own automatic upgrade system since 2.7, and with a history of nasty vulnerabilities, I want to be able to apply upgrades as soon as they are released by the WordPress team.
(This is a bit of a rant. There may well be more rants to come.)
If you say to a security professional, ‘I’m going to run my ssh daemon on an unusual port for security reasons’, you’d better stand back and wait for the gasp. *gasp* they say! That’s just security through obscurity, which is no security at all! Shut down your servers and turn the lights off on the way out, you worthless collection of mucus.
‘Security through obscurity’: it even rhymes, which means that it joins the list of empty phrases that sound like they carry authority but actually don’t. ‘It’s Adam and Eve, not Adam and Steve!’ ‘White is right!’ Ohhh I seeeee: there was me thinking you were just a bigot, but your argument rhymes, so it smartly trumps anything I could possibly say!
(like my previous post, this process is reconstructed from memory and a judicious amount of diffing… so there may be bits missing)
Call me paranoid, but I’ve always been nervous about my home wireless network. I know that WPA is supposed to be reasonably secure (my router, a Netgear DG834Gv2, doesn’t support WPA2), but the lack of logging makes me worry that I really don’t know who might be having a go at it. I do all the right things to secure it — strong password, MAC filtering — but still I worry that someone might sit outside my house downloading something that could get me prosecuted. (and yes I know that MAC filtering isn’t strong security but it will defeat a casual would-be intruder).