Detect outgoing port blocking with nmap and portquiz.net

This post will describe how to detect if your network is blocking outgoing ports. In this test, we’ll be using nmap and the fine website portquiz.net

. . . → Read More: Detect outgoing port blocking with nmap and portquiz.net

Detecting Censorship or ISP Network Tampering with OONI

This article will introduce a tool to detect censorship or network tampering using the Open Observatory of Network Interference (OONI) android app, which is part of the Tor Project.

The OONI project’s mission is to collect data on network providers to determine where the Internet is free and where it’s being manipulated. For example, the . . . → Read More: Detecting Censorship or ISP Network Tampering with OONI

Bypassing Check Point firewall DPI Tor-blocking

This article will describe how to bypass censorship from within any network that uses firewalls using Deep Packet Inspection (DPI) built by the Israeli software company Check Point Software Technologies Ltd, such as is being used by the Miami-Dade’s Public Library System to censor on their public wifi.

I’ve been very fortunate to live in . . . → Read More: Bypassing Check Point firewall DPI Tor-blocking

New Thumb Drive Encryption Procedure

In this article, I’ll describe a procedure for preparing a brand-new USB flash drive for use. First we’ll securely erase all the data on the drive, then we’ll encrypt the entire drive, and–finally–we’ll check the drive for bad blocks.

Ah, remember the good-ole days of spinning disks? When your OS could tell your hard *disk* . . . → Read More: New Thumb Drive Encryption Procedure

How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

Today I discovered how to validate the Public Key Algorithm that’s used for a given gpg key. Unfortunately, it’s extremely unintuitive & took quite a bit of digging to figure out how. So I’m leaving this here in hopes it helps someone in their future searches.

. . . → Read More: How to check the Public Key Algorithm used for a given gpg key (ie: RSA vs DSA)

HPKP Best Practices for Let’s Encrypt

This post describes how to generate a few backup public key hashes to add to your HTTP Public Key Pinning (HPKP) config that might save you from bricking your domain if Let’s Encrypt ever gets untrusted like StartCom did.

If you have a healthy distrust of the X.509 PKI trust model, then you’ve probably heard . . . → Read More: HPKP Best Practices for Let’s Encrypt

Using uBlock Origin to Whitelist

As some mega websites deploy APIs that are used nearly ubiquitously on most of the Internet’s websites (I’m looking at you Facebook & Google), I’ve begun to compartmentalize my browsers to “jail” specific website usage to a single, sandboxed browser (profile). This is sometimes referred to as a Single Site Browser (SSB).

Besides making sure . . . → Read More: Using uBlock Origin to Whitelist

Tor->VPN in TAILS to bypass tor-blocking

This post will describe how to route outgoing traffic in a python script running on TAILS first through Tor, then through a SOCKS proxy created with an ssh tunnel. This is helpful when you want to use the anonymizing capabilities of tor, but you need to access a website that explicitly blocks tor exit nodes . . . → Read More: Tor->VPN in TAILS to bypass tor-blocking

pycurl through Tor without leaking DNS lookups

This article describes the correct way to use pycurl over Tor, such that both DNS lookup data and HTTP(S) traffic is sent through Tor’s SOCKS5 proxy.

If you google “pycurl tor”, one of the first results is a stackoverflow post that describes how to configure pycurl using the pycurl.PROXYTYPE_SOCKS5 setting. Indeed, even the tutorial To . . . → Read More: pycurl through Tor without leaking DNS lookups

Eavesdropping Analysis of PGP Metadata

This post attempts to answer the following question: If an evesdropper intercepts a message encrypted with gpg, how much information will they be able to extract from the message without a decryption key?

I will show the unencrypted metadata added to a GPG-encypted message, and I will present commands that can be used to extract . . . → Read More: Eavesdropping Analysis of PGP Metadata