IPv6, Reading, Consesnsus, HTTPS, Android

  1. When IPv6 only networks are gaining popularity, this is quite expected development: IPv4 as a Service (@ Ungleich). There are more and more users which are being forced behind CGN and if they'll ever need a public IPv4 address, services like this are the only practical option. Because ISPs just don't care. Does web site X work? - Your internet is good!

  2. Some vacation reading. Read a book about cybercrime, espionage, sabotage, extortion, and related forensic methods and related investigation procedures and lots of legal jargon (explained). Many cybersecurity books don't cover what happens after the attack / crime has been detected. The processes which go on years after this are left out of scope of most books. It's like fire fighting book that ends when the fire is put out. But the process can (and will) be on going long after that. Book started from risks, crimes and motives and ends up in conviction of the the criminals. Cover it all. I really liked the book, and it was quickly read. Once something I don't start and then put off as not interesting enough. What data is kept secret and how long, during the process and what kind of legalization is related to the publicity of the information and when the case will be come public and which parts of it are revealed and when. kw: Joint Investigation Team (JIT), Cybercrime Center, National Cyber Security Centre, Security Operations Center (SOC), forensic data collection and preservation. Contact points, pre-agreed and documented, procedures and methods. corporate security cybercrime investigation, forensics, jurisdiction and co-operation with official authorities. FINCSC, self-assesment tools and frameworks, NIS directive (ENISA). GDPR, CYBERDI – Cybercrime prevention, awareness raising and capacity building by RDI on modern cyber attacks. Supo - Finnish Security And Intelligence Service. Anything new? Not really, but the parts of legal proceedings weren't completely familiar to me.

  3. Studied Blockchain Consensus Algorithms. Ref: Proof of Work (PoW), Proof of Stake (PoS) and Its Variations, Byzantine Fault Tolerance (BFT) and Its Derivatives, Direct Acyclic Graph (DAG), Proof of Capacity (PoC), Proof of Burn (PoB), Proof of Identity (PoI), Proof of Activity (PoA), Proof of Elapsed Time (PoET), Proof of Importance (PoI), Open Representative Voting (ORV).

  4. Also quickly reviewed a few cryptocurrencies, Nano does look great on the first look, but what are the actual drawbacks of it?

  5. Some reports are hard to believe, like Backblaze leaking private information like users filenames to Facebook. First reaction would be like, ha, you're lying. But after checking the facts, that's true. Even paid services aren't spying free. Always pre-cloud encrypt everything, nothing can be trusted.

  6. Chrome - HTTPS as default (@ blog.chromium.org) - Nice! Wondering if this will fix the mind set of the (bleeps) that say, redirection doesn't need HTTPS. It's totally ok that we're always talking about domain X which doesn't use DNSSEC nor it uses HTTPS and then it redirects users to secure login. Oh well... I've seen even security pros do that fail. Fact is that the bleeping users enter the URL and then they enter the credentials. It could be used to do so many kind of different attacks, because the process is totally insecure. But honestly, even security pros don't usually get it. - Ah, security is complex matter. I've been paying special attention to these fails, because I've got HTTP completely disabled, so it's painfully obvious for me, when someone's doing stuff like this. Even some payment processors do HTTPS -> HTTP -> HTTPS transitions all the time. - If there's insecure link in the redirect chain, well, then it's insecure, that's it.

  7. Android is spying and collecting lots of data about it's users via secret telemetry (@ therecord.media) - Not surprised. - "Furthermore, when a new SIM card is inserted into both iOS and Android devices, SIM details are shared with both Apple and Google almost immediately." - But why? - This is one of the reasons why good old GSM burners are so great, those aren't leaking your info via Apple or Google privacy invading malware (aka Operating System) to everywhere. Constant privacy violations and extreme arrogance from Google. Yet, totally expected. - All telemetry should be opt-in and it should as well bring clear benefits to the users and by default selling any information forward even as aggregated data should be forbidden.

  8. Time flies! Updated my OpenPGP keys, the public key used for encryption expired and is now replaced with new one. Update, if you've got keys in your key ring.

2022-06-26