Archive for the Security Category

OpenVPN tls-auth Option is Critical

miqrogroove
2018-09-19T09:20:44+00:00

Someone attempted a very noisy attack against my router’s built-in OpenVPN server today.  While there was no chance this person could guess my encryption parameters to gain access, he or she did manage to cause a denial of service.

The log excerpt looks like a whole lot of these:

Sep  6 12:40:15 vpnserver1[535]: 148.163.126.72:22475 TLS: Initial packet from [AF_INET]148.163.126.72:22475 (via [AF_INET]%eth0), sid=6a22eb44 5adb63fe
Sep  6 12:40:15 vpnserver1[535]: 148.163.126.72:57036 TLS: Initial packet from [AF_INET]148.163.126.72:57036 (via [AF_INET]%eth0), sid=6a22eb44 5adb63fe
Sep  6 12:40:17 vpnserver1[535]: 148.163.126.72:20089 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sep  6 12:40:17 vpnserver1[535]: 148.163.126.72:20089 TLS Error: TLS handshake failed
Sep  6 12:40:17 vpnserver1[535]: 148.163.126.72:20089 SIGUSR1[soft,tls-error] received, client-instance restarting
Sep  6 12:40:18 vpnserver1[535]: 148.163.126.72:35987 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sep  6 12:40:18 vpnserver1[535]: 148.163.126.72:35987 TLS Error: TLS handshake failed
Sep  6 12:40:18 vpnserver1[535]: 148.163.126.72:35987 SIGUSR1[soft,tls-error] received, client-instance restarting
Sep  6 12:40:19 vpnserver1[535]: 148.163.126.72:55183 TLS: Initial packet from [AF_INET]148.163.126.72:55183 (via [AF_INET]%eth0), sid=6a22eb44 5adb63fe
Sep  6 12:40:19 vpnserver1[535]: 148.163.126.72:12142 TLS: Initial packet from [AF_INET]148.163.126.72:12142 (via [AF_INET]%eth0), sid=6a22eb44 5adb63fe
Sep  6 12:40:20 vpnserver1[535]: 148.163.126.72:50926 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sep  6 12:40:20 vpnserver1[535]: 148.163.126.72:50926 TLS Error: TLS handshake failed
Sep  6 12:40:20 vpnserver1[535]: 148.163.126.72:50926 SIGUSR1[soft,tls-error] received, client-instance restarting

Read the rest of this entry »

6 Sep 2018

Category:
Security

Tags:

Discuss:
Comments Go Here

How to Filter Xfinity Script Injections

miqrogroove
2018-08-28T21:46:52+00:00

Is your Xfinity ISP injecting horrible scripts and dialog messages into every unencrypted website that you visit?  It might look like this:

Xfinity XSS Garbage

We’ve increased Internet speeds in your area.

Update your modem to start enjoying them.

We’ve noticed you have an older modem that can’t keep up with faster Internet speeds now available in your area.

To start enjoying faster Internet, you can:

Buy from a retailer

Before you make your purchase, visit mydeviceinfo.xfinity.com to view a list of modems certified on our network.

Lease an XFINITY Gateway (Comcast lease fees would apply)

Call 1–855–242–2876 to order a Wireless Gateway and we will send you everything you need to get set up.

Thank you for choosing XFINITY. Ensuring that you get the most from your Internet service is part of our commitment to improving your overall experience.

In the Chrome web browser, you can block this with the ComcastBlocker extension.  The Xfinity script still loads, but its effects are minimized by removing all the display elements.

28 Aug 2018

Category:
Security

Discuss:
Comments Go Here

Virus Infected Email

miqrogroove
2017-12-19T13:09:03+00:00
Screenshot of a fake Office 365 error message.

Danger! Do Not Touch!

If you see a Word document containing the following phrase, it is fake and should be deleted immediately:

This document created in online version of Microsoft Office Word

There is no such message ever issued by legitimate software.

Instructions included with the file asking the user to “Enable content” should raise red flags and serious concerns about the file’s origin.

A quick scan using an online virus checker confirmed this file is infected.  Be careful out there.

19 Dec 2017

Category:
Security

Discuss:
Comments Go Here

How to Block the Amazon AWS EC2

miqrogroove
2015-01-02T14:53:36+00:00

Years ago, I found it necessary to start maintaining a list of Amazon’s subnets so that I could block them easily.  This list can be used in .htaccess and firewalls that can block access using CIDR subnet addresses.

Recent entries are bold.

Read the rest of this entry »

2 Jan 2015

Category:
Security

Discuss:
Comments Go Here

Photo Privacy Broken on Facebook Timeline

miqrogroove
2012-01-10T16:31:14+00:00
Facebook Profile with sensitive areas blurred

My Public Profile Should Not Look Like This

Have you ever added one of your photos to a Facebook group?  If yes, you might want to delete your photo albums right now.  I discovered today that the Facebook privacy settings for photos do not work.

Inspired by a discussion about social media I heard on NPR, I went into Facebook to do a thorough check and re-check of all of my privacy settings.  Guess what?

Dozens of photos I have on my Timeline are now publicly available.  >:{  Every one of those photos is set to “Friends” only privacy.  When I click the “View As…” option and then “Public”, all of those photos are now appearing on my public Timeline profile.

To confirm this, I registered a fake account that has no friends.  I viewed my own profile using that new account and a different web browser.  When I scrolled down far enough on the Timeline, my old photos started showing up to this newly registered user!

The fake user gets nothing by clicking on the “Photos” section near the top, suggesting this bug is specific to the new Timeline profile feature.

In an unsuccessful attempt to hide the photos, I used my real account to reset the album privacy to “Only Me”.  At this point, the photos were still appearing in the public preview as well as the fake account viewing my real profile.

Read the rest of this entry »

10 Jan 2012

Category:
Security

Tags:

Discuss:
2 Comments