Ephemeral Firefox as a Site-Specific Browser (3/3)

Site-Specific Ephemeral Firefox featured image showing a firewall between the facebook and firefox icons

This article is a part 3/3 of a series describing how to setup an Ephemeral Firefox session as a Site-Specific Browser. The ultimate goal is to be able to have a self-destructing browsing session that can only access a single company’s services, such as Google or Facebook.

After setting up the Site-Specific Ephemeral Firefox Browser, you can then blacklist services designated to your Site-Specific browser(s) (such as Google or Facebook) from your main browser. This significantly improves your ability to browse the internet without your activity being tracked by these companies — leaving your sensitive data vulnerable to being stolen by hackers.


. . . → Read More: Ephemeral Firefox as a Site-Specific Browser (3/3)

Ephemeral Firefox with Extensions (2/3)

icon of ephemeral firefox with icons of popular extensions below it

I recently posted about how to create a sandboxed firefox profile to compartmentalize (and shred) your firefox browsing history in an Ephemeral Firefox session. But so far I’ve only covered how to create a simple vanilla firefox profile. What if you want your Ephemeral Firefox to include a few basic extensions?

This post will cover how to add extensions to your Ephemeral Firefox profile.


. . . → Read More: Ephemeral Firefox with Extensions (2/3)

Ephemeral Firefox in Ubuntu (1/3)

ephemeral firefox

This post will describe how to create an Ephemeral Firefox session. The ultimate goal of an Ephemeral Firefox session is to unlink your browsing sessions day-to-day and reduce tracking via fingerprinting.

This technique can also be used to compartmentalize your internet activity by using the Ephemeral Firefox session as a Site Specific Browser. This can be especially useful for websites that are infamous for tracking users across the internet and selling the data they collect. For example, you can blacklist all facebook domains in your main browser and only use Ephemeral Firefox sessions that have been whitelisted exclusively for facebook domains–effectively compartmentalizing your facebook activity from the rest of your internet activity.

Another great use-case for an Ephemeral Firefox is for public access computers such as those at libraries, hotels, and printing shops.


. . . → Read More: Ephemeral Firefox in Ubuntu (1/3)

fix phplist 500 error due to random_compat

So you’ve just done a fresh install of phplist, but when you attempt to load it in your browser, you get a 500 Internal Server Error. But the error log is empty! It’s possible that phplist is suppressing the errors produced by the included library random_compat. This blog post will describe this possible issue, and how to resolve it.


. . . → Read More: fix phplist 500 error due to random_compat

Detect outgoing port blocking with nmap and portquiz.net

This post will describe how to detect if your network is blocking outgoing ports. In this test, we’ll be using nmap and the fine website portquiz.net


. . . → Read More: Detect outgoing port blocking with nmap and portquiz.net

New Thumb Drive Encryption Procedure

In this article, I’ll describe a procedure for preparing a brand-new USB flash drive for use. First we’ll securely erase all the data on the drive, then we’ll encrypt the entire drive, and–finally–we’ll check the drive for bad blocks.

Ah, remember the good-ole days of spinning disks? When your OS could tell your hard *disk* to shred a specific sector? Like it or not, those days are gone in the land of USB flash volumes.

There’s a lot of great reads on the complications of securely erasing data on a USB thumb drive. Unfortunately, a lot of the techniques are not universal to all technologies or manufacturers. Consequently, my approach is more ignorant, straight-forward, and broad (at the risk of causing these cheap usb drives to fail sooner & the process taking longer):

First, I make sure never to write any unencrytped data to the disk Second, when I want to wipe the disk, I fill it entirely with random data

Below are the commands that I use to prepare a new usb drive for my use immediately after purchase. These commands are presented as a rough guide; they’re mostly idempotent, but you probably want to copy & paste them
. . . → Read More: New Thumb Drive Encryption Procedure

How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

Today I discovered how to validate the Public Key Algorithm that’s used for a given gpg key. Unfortunately, it’s extremely unintuitive & took quite a bit of digging to figure out how. So I’m leaving this here in hopes it helps someone in their future searches.


. . . → Read More: How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

This post will describe what hardware to buy & how to configure it so that you have 2 wireless networks in your house: One that seamlessly forces all of the traffic on that network through a VPN–and one that connects to the Internet normally . When finished, the internet activity for any device connected to the first network will be entirely encrypted so that the ISP cannot see which websites are visited*, what software you use, and what information you send & receive on the internet.

* Assuming your config doesn’t leak DNS; see improvements section

Update 2017-08-25: Added “kill switch” firewall rule that prevents LAN traffic from escaping to the ISP unless it passed through the VPN’s vtun0 interface first. Following this change, if the VPN connection is down, the internet will not be accessible (as desired) over the ‘home’ wifi network (without this, the router bypasses the VPN by sending the packets straight to the ISP–giving a false sense of privacy).

Why

In April 2017, Trump signed Bill S.J.Res.34, which repeals the Broadband Consumer Privacy Proposal from October 2016. This enormous step backwards permits anyone’s ISP to sell their Internet activity. The EFF put it best:

companies
. . . → Read More: Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

Iterative MITM Packet Sniffer

So, I got into a discussion with a friend of mine in my Computer Security class at UCF about this script. I’m posting this for historical and educational purposes only. As always, I never condone the implementation of any of my content for malicious intent. Moreover, this script has flaws that * would make it useless in such a scenario. Don’t do it!

Here’s a script I hacked up last semester when I was playing with MITM attacks and packet eavesdropping with ettercap:. This scripts will automatically:

fake its MAC Address get a new IP Address collect a list of hosts on the same subnet as itself iterate through and ARP poison: each of these hosts one at a time for 5 minutes each save all data collected in host-specific files in a timestamped directory repeat until the hard drive is full
. . . → Read More: Iterative MITM Packet Sniffer

FreeBSD Perils

As stated in my last post, my server died several months ago, and I decided to take that unfortunate opportunity to gain some Unix experience by installing FreeBSD on its replacement. Although this server has been installed for several months, the main reason that this weblog has been down is because of multiple configuration issues with FreeBSD that, frankly, I think should have worked Out Of The Box.

A friend of mine who is adamant about FreeBSD told me to name this inevitable post “FreeBSD from a gentoo user’s perspective.” It’s true that my desktop’s distro of choice has been gentoo for several years, but I’m no ricer. I love gentoo because I love portage–the gentoo package manager which is, in fact, a derivative of FreeBSD’s ports package manager. I don’t care much for any package manager that doesn’t give you the option to change compile-time options. Anyway, I’m going to try my best to leave any bias-ness I may have behind me as I work through the multitude of flaws that I encountered with setting up a FreeBSD webserver.

As a gentoo user, I can understand the expected perils of using a system that is designed to have both
. . . → Read More: FreeBSD Perils