Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • April 26, 2017, 08:41:19 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - f0dder [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 360next
General Software Discussion / Re: Windows 10 Privacy Concerns
« on: April 20, 2017, 03:48:28 AM »
What antivirus I can for my windows 10 Privacy and protection?
Just stick with Windows Defender for AV - possibly supplementing with MalwareBytes AntiMalware - but read this.

As for "privacy", you might want to read this. O&O Shutup10 doesn't seem too bad, though.

Announce Your Software/Service/Product / Re: FrogTea
« on: April 05, 2017, 11:19:47 AM »
Sure, I can see some potential weaknesses in the use of FrogTea, but what puzzled me in your initial response was what seemed to be your outright damning of the whole thing in this thread - for no compelling, apparent, verifiable and substantive reason - as though it could not possibly be any kind of useful encryption tool. That would seem to be absurd.
Not really.

The reasons I listed against using FrogTea are pretty sound. If anything is absurd, it's that insistance that there's some merit in using an unmaintained, closed-source program with problematic encryption - while not philosophically untrue, it's about as ridiculous as insisting that it's better to wear a pajamas in a blizzard than being naked.

In the other thread, you went further and even asked what use/purpose it had and were seemingly mistakenly implying/thinking that I was putting FrogTea forward as some kind of a proposed technological solution to address the issues/problems in that other thread (which I decidedly wasn't doing and which would have been an absurd thing to do in any case).
You seem intent on muddling things up. I tried keeping this thread about FrogTea in and by itself (which can be kept fairly technical), whereas the other thread is political, and it's in that context I struggle to see how tech is supposed to be a solution for a political problem.

IainB, I'm going to cut your prose short.

You revived the other thread, so that's where I posted objective reasons to avoid the product.

This thread is about a political issue, and thus this thread is where I ask why you're trying to solve a political problem with a (bad) technological solution.


Announce Your Software/Service/Product / Re: FrogTea
« on: April 04, 2017, 10:37:17 AM »
Well, that all looks pretty good, but some of the references here could be mistaken or out of date, I suppose. (I wouldn't know.) For those who are interested, there seems to be quite a lot of heavy academic documentation about it too, on the Internet.
If one wanted to explore this further, it could be interesting to know how xTEA has been broken, or something, and where that is documented, and how easy that might be to replicate for the average laptop/smartphone thief.
I haven't scoured the net, but I assume the notes on wikipedia are correct with regards to TEA attacks. A 2^59 chosen plaintexts is "not excatly trivial", but the attack is six years old by now - and XXTEA probably isn't getting a lot of (public) attention since it's not a sexy thing to break. It's not one of the normally used ciphers, so why bother throwing a lot of resources at it?

For academia, that is. Our friendly three-letter agencies haven't got the same resource constraints, nor a drive for public glory.

However, for the purposes of securely encrypting the typical user's portable bits of personal/private/confidential HTML and text-based data (...)
If you have a hard requirement of no other requirements than a browser (e.g. no executables), perhaps - but I'd still look for other solutions. And it wouldn't be hard to cook up something with a proper encryption algorithm that still decrypts from html+js.

Other than that: threat modeling.

1) Don't be fooled into thinking VPN will secure your privacy on the internet, it's not what it was designed for.
2) Don't even consider using a free offering.

Don't use FrogTea - I've posted some reasons in the other thread.

What on earth is it supposed to help with, anyway? You're suggesting a product that's technically inferior to modern crypto, while not solving the issue at hand which is a politics based one.

Announce Your Software/Service/Product / Re: FrogTea
« on: April 03, 2017, 10:43:25 PM »
Don't use.

It's unmaintained software, the source is not available, TEA should be considered broken, and the page doesn't mention whether the algorithm is being used in EBC or a chained mode, nor whether any key stretching is being used for the input passphrase.

General Software Discussion / Re: LessPass password manager
« on: March 22, 2017, 02:35:35 AM »
Have they changed the core mechanics of how it works, or is it still 100% utterly useless?

Last time I looked at it, the design meant compromised master password == having to change each and every password you've used it for.

Also, what this guy wrote.

While VMs can be escaped, you should keep in mind that a VM escape is an extremely valuable 0day.

So, if you get a piece of "interesting software" containing a VM escape, there's basically two scenarios:

1) you're targeted by a nation-state, YOU'RE GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT.
2) you're dealing with a potentially nasty piece of malware, but it's using publically-known escape techniques.

Keep your VM software up-to-date! And don't even think about using sandboxing/containerizing software for testing BadStuff.

PS: while you're not super likely to find VM-escape in the wild, it's a lot more common for malware to have VM detection - meaning it won't activate when running in a VM, so it lulls you into a false feeling of safety.

General Software Discussion / Re: Malwarebytes goes full Anti-Virus
« on: March 17, 2017, 07:26:40 PM »
What a shame :(

General Software Discussion / Re: Windows Explorer now has banner ads
« on: March 12, 2017, 12:07:31 PM »
Man, ads in your operating system... ugh.

I quite like Windows 10, it's pretty snappy - but I really don't like this direction. Meh. Thought Microsoft had wisened up with Natya Sadella and all, but... ugh.

all of systems we work on now have a licensed copy on Notepad++ installed.
Huh, there's licensed versions of Notepad++?  :huh: :huh: :huh:

Living Room / Re: What books are you reading?
« on: February 28, 2017, 04:55:47 PM »
Finally reading The Mythical Man-Month.
"Few books on software project management have been as influential and timeless as The Mythical Man-Month. With a blend of software engineering facts and thought-provoking opinions, Fred Brooks offers insight for anyone managing complex projects."

While I'm a developer and not a project manager, I've been told (and sorta agree) that it's one of the "really should read" books in the industry. It's probably a bit over-hyped, but nonetheless it's a good read so far (next chapter is "No Silver Bullet") - and it's amazing how little of it seems dated, even though the first edition is from 1975.

UFO Defense and Terror From The Deep were such great games - a shame that the series was never continued.

Steam used to bundle my bugfix loaders for the Collector's Edition Win32 port, but I believe they use DosBox these days... my loaders certainly aren't Win10 compatible, it seems.

So, the tool is basically a DNS switcher? Or switcher + null-routing with hosts file?

How does it prevent DNS leaks and tracks? Switching to a DNS server that claims doing this is not the same as actually preventing it.

The feature list seems a bit like false advertisement, if it's just a blocklist. While null-routing known malware hosts does prevent getting malware from those domains, that really doesn't qualify a product as "anti-malware".

How come it's hosted on sourceforge if the source is not available?

Also, a couple of things regarding DnsCrypt:
1) it doesn't encrypt DNS traffic, it cryptographically verifies that the replies haven't been tampered with.
2) using a DNS server that's listed as "supporting DnsCrypt" is meaningless, you don't gain anything unless you're running the DnsCrypt client yourself.

Developer's Corner / Re: Anyone tried the Nim language yet?
« on: February 24, 2017, 02:29:46 PM »
I skimmed half of https://nim-lang.org/docs/tut1.html , and the basic syntax doesn't look bad... but indentation based syntax is enough to put me off, especially when I don't see something that strikes me as a killer feature.

A powerful macro system with the ability to modify the AST might be interesting, but... dunno. I'm just not "feeling it" :)

Why on earth would anybody in their right mind join a thing like this?

Developer's Corner / Re: Windows Update Controller
« on: January 03, 2017, 03:37:06 PM »
Overall I really like Windows 10 (and it has some nice security and performance things under the hood!) - but Microsoft does seem hell-bent on enforcing a couple of things in ways I really don't like (telemetry, forced windows updates + boots).

I'll be kinda surprised if you get it to respect registry values!

While your traffic will be encrypted, there's no way to hide that your IP address is connected to and communicating with the destination IP address.
A VPN masks what you're communicating with - snoopers will only be able to see that you're communicating with the VPN concentrator. The destination host won't see your IP either, it will see the IP of the VPN concentrator.

But as already mentioned, it's not foolproof and there's way to unmask you.

In short, a VPN can be a very secure tool for the right people in the right circumstances, but it's not a cure-all for everything malevolent on the internet.
Again: securely using the internet from an insecure location (hotel, café, whatever). Nothing more, nothing less.

If you're doing malevolent stuff and think a VPN will do anything for you, prepare for some jail time :-)

Living Room / Re: grab urls
« on: December 27, 2016, 10:16:42 AM »
I gave Downthemall a try, but is there a way to make the downloads delay every x seconds so that I won't abuse the server???
You can configure concurrent downloads and downloads-per-server in DownThemAll - that really should be all you need to to avoid "abusing" anything :)

I guess "MDC WiFi" means the WiFi network on your college?

If you get HTTPS certificate errors while connected to it, your college sysadmins are probably some misguided fools that are doing nasty man-in-the-middle shit on your connections.

General Software Discussion / Re: alternative to filehamster?
« on: December 27, 2016, 09:49:59 AM »
Git, Mercurial or even SVN should be used when versioning is necessary.
For source control style versioning, sure.

But for backup-style versioning? Nope, nope and nope. What you need in that situation is very different from the history-from-the-beginning-of-time versioning style that source version control systems offer.

fSekrit / Re: Fsekrit fails to run Thai text searches
« on: December 19, 2016, 02:21:52 PM »
You're thinking of file encoding, though :)

Notepad (on NT derived Windows versions) uses the Unicode APIs. I just took a quick look at Ted Notepad, and it's a Unicode application as well. I haven't looked deeply at Ted, but Notepad internally uses a "Rich edit control", which (even on Win9x) internally uses Unicode. It's when interacting with the rest of the system you run into ANSI/Unicode issues - Win9x has an extremely limited Unicode support, which is the reason fSekrit is an ANSI application.

The issue is here :) - I could probably get away with just local modifications to that file to get Unicode search support, before doing the proper rewrite of the whole application.

A VPN connection is useful for securely accessing LAN machine across the internet (corporate use), or securely using the internet from an insecure location (hotel, café, whatever). Nothing more, nothing less. If you think you're getting "protection" or "anonymity", think hard about what you're doing and which consequences it could have; while it will be sufficient to hide you from a nosey neighbour, it doesn't take a nation-state adversary to decloak.

Stay the hell away from the "free" offerings, unless you have the technical skills (and spare time) to routinely inspect all the network traffic - there's been some "free" proxy and vpn software doing very, very, very dodgy things.

And even for the paid ones, even if the "we do not keep any logs" and "we are definitely not a NSA honeypot" statements are true, there are things that can be done without the VPN company coöperating, from hacking concentrator nodes to analyzing traffic at the datacenter.

There are uses for VPNs, but anonymity (especially combined with "anything worse than petty crime") is definitely not a safe use.

Developer's Corner / Re: Recommendations for where to get SSL Certificates?
« on: December 19, 2016, 12:53:47 PM »
In this day and age, I would definitely go for LetsEncrypt for HTTPS certificates unless hard pressed to use something else. Self-signed certs aren't really appropriate for a public-facing website, even though they're technically more secure.

Dunno about code signing - aren't the options relatively limited?

Community Giveaways / Re: TIS-100, a programming game
« on: December 19, 2016, 12:45:06 PM »
TIS-100 is basically Human Resource Machine's older and veeeeery geeky brother :-)

Pages: [1] 2 3 4 5 6 ... 360next