Fedora

Leaving Windows for Linux on my Primary System

Few outside the technology business may be fully aware that Windows 10 arrives in the context of a major strategy shift at Microsoft. Feeling the heat from Google, Apple, and others, Microsoft needs to mutate and evolve its business models to compete in the end user computing marketplace. Selling Windows and Office licenses for whatever number of cents OEMs pay them for the right to ship these products on newly purchased machines is no longer cutting it in an age of falling PC sales. There’s new business out there, a pie they’re hungry for a big piece of. …

Confirming superuser

How To Deploy MVPS HOSTS File on an Android Phone

I have replaced the default HOSTS file on my Android device with the MVPS HOSTS file, a blacklist for blocking advertising, tracking and malware-distributing server names. Installing this blacklist confers the same browsing security, privacy, and performance benefits on my phone as I have long enjoyed on conventional workstations: ad blocking, faster web page loads and decreased bandwidth usage, mitigation of browsing behavior profiling and contextual ad targeting, and reduced exposure to malware infection by malicious web sites. Allow me to demonstrate the specific procedure that I used and hopefully save others some time. …

banned

Countering WordPress XML-RPC Attacks with fail2ban

In my last post I began inquiring into the WordPress XML-RPC attacks I’ve been sustaining here on the site. Since then I’ve been further studying the threat and experimenting with responses, and I have now developed working countermeasures and cast them into live operation. These countermeasures involve forwarding telemetry out of WordPress for pickup by the fail2ban facility, allowing for the detection and banning of attackers trying to exploit xmlrpc.php. Where other recommendations call for disabling affected methods or the whole XML-RPC subsystem, my more refined techniques control attacks while maintaining the full service set in operation for valid procedure calls. …

Android Device Manager

Android Device Manager Does Not Work in Internet Explorer

[Edit: As of July 11th it looks like this has been fixed. Android Device Manager is working in Internet Explorer 11 again in my testing. Original discussion follows.]

Last night I flashed my phone up to CyanogenMod 11 M8, and since then I’ve been putting things back the way they were and testing everything out. A few bugs were fixed from the M6 build I was running previously, and a few nice enhancements dropped too, everything was copacetic. But this afternoon I got around to testing Android Device Manager, Google’s integrated “find my phone” application, looking to reconfirm that I could locate my phone if it ever got lost, only to receive an unpleasant surprise. I’d log in to Google’s web application and have it persistently fail to locate my device. The map did not move, the “locate device” and “ring” controls did nothing, basically the tool was useless. This was very frustrating since (a) I knew it worked fine the last time I tested it, and (b) it’s a critical function that I wasn’t about to hazard living without. …

TrueCrypt

TrueCrypt: What Happened, What It Means, and What Happens Now

Based on the sum of the evidence that’s now filtered in, and in the consensus view of experts, the primary cause of the TrueCrypt crisis of the last few days was developer fatigue. After 10 years of thankless work developing the open source disk encryption tool, faced with the need to do major extending and refactoring of the codebase to support new technical requirements and demands from security auditors, the anonymous author or authors decided to throw in the towel. The way they did it tells of more complex motives, and has supplied ample fuel to the conspiracy theorists of the world. But importantly, there is no evidence that these events were motivated by any known security flaw or trust deficiency in TrueCrypt or in its build or distribution process, or by any act of coercion. And in spite of the apparently deliberate reputational damage committed by the developers, unless and until demonstrated otherwise, TrueCrypt is in fact still secure, and this story is far from over. …

Top