Featured Articles

Continuous Documentation: Hosting Read the Docs on GitHub Pages (2/2)
Detecting (Malicious) Unicode in GitHub PRs
Introducing BusKill: A Kill Cord for your Laptop
Hardening Guide for phpList
WordPress Multisite on the Darknet (Mercator .onion alias)
previous arrow
next arrow

New Thumb Drive Encryption Procedure

In this article, I'll describe a procedure for preparing a brand-new USB flash drive for use. First we'll securely erase all the data on the drive, then we'll encrypt the entire drive, and--finally--we'll check the drive for bad blocks.

Ah, remember the good-ole days of spinning disks? When your OS could tell your hard *disk* to shred a specific sector? Like it or not, those days are gone in the land of USB flash volumes.

There's a lot of great reads on the complications of securely erasing data on a USB thumb drive. Unfortunately, a lot of the techniques are not universal to all technologies or manufacturers. Consequently, my approach is more ignorant, straight-forward, and broad (at the risk of causing these cheap usb drives to fail sooner & the process taking longer):

First, I make sure never to write any unencrytped data to the disk Second, when I want to wipe the disk, I fill it entirely with random data

Below are the commands that I use to prepare a new usb drive for my use immediately after purchase. These commands are presented as a rough guide; they're mostly idempotent, but you probably want to copy & paste them
. . . → Read More: New Thumb Drive Encryption Procedure

How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

Today I discovered how to validate the Public Key Algorithm that's used for a given gpg key. Unfortunately, it's extremely unintuitive & took quite a bit of digging to figure out how. So I'm leaving this here in hopes it helps someone in their future searches.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

. . . → Read More: How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

This post will describe what hardware to buy & how to configure it so that you have 2 wireless networks in your house: One that seamlessly forces all of the traffic on that network through a VPN--and one that connects to the Internet normally . When finished, the internet activity for any device connected to the first network will be entirely encrypted so that the ISP cannot see which websites are visited*, what software you use, and what information you send & receive on the internet.

* Assuming your config doesn't leak DNS; see improvements section

Update 2017-08-25: Added "kill switch" firewall rule that prevents LAN traffic from escaping to the ISP unless it passed through the VPN's vtun0 interface first. Following this change, if the VPN connection is down, the internet will not be accessible (as desired) over the 'home' wifi network (without this, the router bypasses the VPN by sending the packets straight to the ISP--giving a false sense of privacy).

Update 2021-02-01: Fixed GitHub URL of cryptostorm's free OpenVPN configuration file Update 2021-02-14: Fixed GitHub URL of cryptostorm's paid OpenVPN configuration file

Update: I wrote this guide in 2017. It's intended for an audience that has
. . . → Read More: Howto Guide: Whole House VPN with Ubiquiti + Cryptostorm (netflix safe!)

Iterative MITM Packet Sniffer

So, I got into a discussion with a friend of mine in my Computer Security class at UCF about this script. I'm posting this for historical and educational purposes only. As always, I never condone the implementation of any of my content for malicious intent. Moreover, this script has flaws that * would make it useless in such a scenario. Don't do it!

Here's a script I hacked up last semester when I was playing with MITM attacks and packet eavesdropping with ettercap:. This scripts will automatically:

fake its MAC Address get a new IP Address collect a list of hosts on the same subnet as itself iterate through and ARP poison: each of these hosts one at a time for 5 minutes each save all data collected in host-specific files in a timestamped directory repeat until the hard drive is full Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

. . . → Read More: Iterative MITM Packet Sniffer

FreeBSD Perils

As stated in my last post, my server died several months ago, and I decided to take that unfortunate opportunity to gain some Unix experience by installing FreeBSD on its replacement. Although this server has been installed for several months, the main reason that this weblog has been down is because of multiple configuration issues with FreeBSD that, frankly, I think should have worked Out Of The Box.

A friend of mine who is adamant about FreeBSD told me to name this inevitable post "FreeBSD from a gentoo user's perspective." It's true that my desktop's distro of choice has been gentoo for several years, but I'm no ricer. I love gentoo because I love portage--the gentoo package manager which is, in fact, a derivative of FreeBSD's ports package manager. I don't care much for any package manager that doesn't give you the option to change compile-time options. Anyway, I'm going to try my best to leave any bias-ness I may have behind me as I work through the multitude of flaws that I encountered with setting up a FreeBSD webserver.

As a gentoo user, I can understand the expected perils of using a system that is designed to have both
. . . → Read More: FreeBSD Perils

The test of three antennas

I just got the wireless working on my new laptop in ubuntu (thank god for forums), and I was disgusted to find that from my room I got ~20% signal quality. I knew the problem could be with the laptop or the wireless router, but since I can't do anything about the laptop I did some tests with my router by using three different antennas.

Michael Altfield

Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡

About Michael

. . . → Read More: The test of three antennas