Archives for posts with tag: security

If Bluetooth security is indeed such a mess, why hasn’t anybody made a wireless headphone hijacker yet? A small device you can carry in your pocket, that hacks any wireless Bluetooth headphone in the vicinity, to allow you to whisper any ‘message from God’, or blast any obnoxious song, in the ears of unsuspecting victims. Let’s take rickrolling to the next level!

Mozilla wants to fundamentally change how the Firefox browser handles DNS requests, i.e. the way it looks up the IP addresses of all websites you visit when browsing the web with Firefox. Instead of letting your own ISP do this (which is what normally happens), Firefox will instead send DNS requests (over https) to Cloudflare servers to lookup the IP address for you. The cited reasons are privacy concerns (the party resolving your DNS requests — by default your ISP — will get a complete picture of your browsing habits) and security concerns (the party resolving your DNS request can spoof you and respond with bogus IP addresses).

This is a terrible idea, for many reasons. But it is also totally useless and silly.

Because I don’t see how it solves the problems is aims to address: your ISP will see which websites you visit regardless! Because even if it doesn’t get to see your DNS requests, it still sees all Internet traffic you generate and hence all IP addresses of all sites you visit. This, by the way, is even the case if you surf the web securely, visiting only sites that use https/TLS.

If you do not want this, you can choose to use a VPN instead. Then all internet traffic is encrypted, and as far as your ISP is concerned, you are communicating only with the VPN server (which will also handle all your DNS requests). Off course now your VPN service provider can, in principle, profile your browsing behaviour. So you’ll have to pick one you trust. Which is a more empowering, less centralising choice, than Firefox deciding for all of us to let Cloudflare be our trusted DNS resolver.

Iets meer dan een week geleden maakte de Kiesraad de officiële uitslag van het raadgevend referendum over de Wet op de Inlichtingen- en Veiligheidsdiensten (de Wiv) bekend. Een nipte meerderheid van de stemmers wees – verrassend genoeg – de wet af: 49,5% stemde tegen en 46,5% stemde voor invoering van de wet. Het opkomstpercentage was 52%. Dit betekent dat de regering de wet moet heroverwegen.

Read the rest of this entry »

Last week I attended the third International Cyber Operations Symposium (ICOS) in Amsterdam. The symposium was organised by the Dutch Ministry of Defence, with a mix of military and civilian delegates. The symposium was held under the Chatham House Rule, so I am free to speak about what was said, but cannot attribute it to who said it. The symposium offered an interesting insight into how the military thinks about cyberspace.

Read the rest of this entry »

Twitter is deriding the Australian Prime Minister who said that The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia. This may seem funny at first sight, but unfortunately this lays bare a very fundamental problem: both sides of the trenches in the current ‘crypto war’ fail (or even flatly refuse) to understand each other.

This (second) crypto war rages over the question whether government should get access to end-to-end encrypted communication between devices and the encrypted data stored on such devices.

Read the rest of this entry »

De helft van de internetgebruikers maakt verbinding met onveilig netwerk. Zomaar een berichtje over de gevaren van openbare, niet met een wachtwoord beschermde, WiFi netwerken. Allemaal leuk en aardig, maar al die berichten suggereren dat WiFi netwerken met een wachtwoord, of bekabelde netwerken, wel veilig zouden zijn. Niet is minder waar. Alle internetverbindingen zijn onveilig!
Read the rest of this entry »

A big ransomware campaign is raging on the Internet. Updating your computer regularly, and blocking unneeded ports, are a good first line of defence. Backups are an essential second line of defence. However, if you do backups (and that’s unfortunately a big if), you are more than likely doing it wrong. Making your backups useless in case you are hit by ransomware yourself.

Read the rest of this entry »