About six months ago, I discovered something on my smartphone that horrified me: I went to undelete a file in DiskDigger, and I stumbled upon a plethora of unexpected jpegs: screenshots of my activity. Screenshots that I didn’t take. Screenshots of my conversations. Screenshots of my GPS position. And screenshots of my bitcoin wallet.
I was perplexed. I was astonished. And, to be honest, I was scared. How did this happen? Was it a vulnerability shipped with LineageOS? Could it be some malicious binary embedded into AOSP? Or is it some exploit in one of those damned closed-source apps that I was forced to install through social pressure (*cough* whatsapp)?
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
Whonix 14 just came out last month. I went to update, but I couldn’t figure out what version I was currently running. The documentation said to run this command, but the output didn’t make sense when I ran it on my whonix-gw TemplateVM.
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
In this article, I’ll describe a procedure for preparing a brand-new USB flash drive for use. First we’ll securely erase all the data on the drive, then we’ll encrypt the entire drive, and–finally–we’ll check the drive for bad blocks.
Ah, remember the good-ole days of spinning disks? When your OS could tell your hard *disk* to shred a specific sector? Like it or not, those days are gone in the land of USB flash volumes.
There’s a lot of great reads on the complications of securely erasing data on a USB thumb drive. Unfortunately, a lot of the techniques are not universal to all technologies or manufacturers. Consequently, my approach is more ignorant, straight-forward, and broad (at the risk of causing these cheap usb drives to fail sooner & the process taking longer):
First, I make sure never to write any unencrytped data to the disk Second, when I want to wipe the disk, I fill it entirely with random data
Below are the commands that I use to prepare a new usb drive for my use immediately after purchase. These commands are presented as a rough guide; they’re mostly idempotent, but you probably want to copy & paste them . . . → Read More: New Thumb Drive Encryption Procedure
Today I discovered how to validate the Public Key Algorithm that’s used for a given gpg key. Unfortunately, it’s extremely unintuitive & took quite a bit of digging to figure out how. So I’m leaving this here in hopes it helps someone in their future searches.
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
This post will describe what hardware to buy & how to configure it so that you have 2 wireless networks in your house: One that seamlessly forces all of the traffic on that network through a VPN–and one that connects to the Internet normally . When finished, the internet activity for any device connected to the first network will be entirely encrypted so that the ISP cannot see which websites are visited*, what software you use, and what information you send & receive on the internet.
* Assuming your config doesn’t leak DNS; see improvements section
Update 2017-08-25: Added “kill switch” firewall rule that prevents LAN traffic from escaping to the ISP unless it passed through the VPN’s vtun0 interface first. Following this change, if the VPN connection is down, the internet will not be accessible (as desired) over the ‘home’ wifi network (without this, the router bypasses the VPN by sending the packets straight to the ISP–giving a false sense of privacy).
This post will describe how to route outgoing traffic in a python script running on TAILS first through Tor, then through a SOCKS proxy created with an ssh tunnel. This is helpful when you want to use the anonymizing capabilities of tor, but you need to access a website that explicitly blocks tor exit nodes (common with sites running CloudFlare on default settings).
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
This post attempts to answer the following question: If an evesdropper intercepts a message encrypted with gpg, how much information will they be able to extract from the message without a decryption key?
I will show the unencrypted metadata added to a GPG-encypted message, and I will present commands that can be used to extract this unencrypted metadata.
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
I’m going on another cross-country cycling trip this summer, and I’m in the market for a good, solid MP3 player.
Disclaimer: I’m a software guy who likes my devices to be good quality and long lasting. I’m by no means an audiophile, hardware tech, or professional MP3 player reviewer. All of my research was done using Google, and the only MP3 player I’ve owned is the Sansa e260 v2.
Requirements
Note: These are my personal requirements. They effectively eliminated a *lot* of products in the MP3 market.
1. Rockbox Support
First and foremost, I need rockbox support. Rockbox is a must-have FOSS firmware for MP3 players with a fantastic feature list. You can buy an MP3 player with terrific hardware design, but your experience can be absolutely ruined by poorly designed firmware. My old Sansa e260 was this way, but once I installed rockbox, it was like the device was freed from a software prison. And, of course–another benefit of it being open source–you can completely customize the look+feel of your MP3 player with other user’s custom rockbox themes.
Here is a list of MP3 players (targets) and their support status for the Rockbox firmware.
In a given week, I touch maybe a half dozen different Operating Systems/Distributions. Some are similar to others (centos, rhel), some–not so much (solaris). The common commands are easy enough to remember ( @ls@ vs @dir@ ), but I always forget how to search through each OS’s package manager for a software package. For my reference (and perhaps yours?) here’s a list for each of the OSs’ package managers I use frequently:
yum – RHEL/CentOS
yum list
apt – Debian/Ubuntu
apt-cache search
pacman – Arch
pacman –sync –search pacman -Ss
portage – Gentoo
emerge –search # pkg names only emerge –searchdesc # pkg names & descriptions emerge -S # alias of –searchdesc
See Also: “Install ‘build-essential’ on RHEL/CentOS and OpenSolaris”:/wp/?p=231
Michael Altfield
Hi, I’m Michael Altfield. I write articles about opsec, privacy, and devops ➡
