Skip to main content


Showing posts from May, 2015

SoftEther VPN does not support Windows Phone

I've been doing a substantial amount of work with VPN software lately. Of particular interest to me is helping secure mobile phone web traffic, which for the most part have been very insecure for a very long time. That's why I was excited to come across SoftEther VPN documentation that apparently confirmed its compatibility with Windows Phone: SoftEther VPN documentation from GitHub. Note the highlighted text claiming Windows Phone support. Currently, Windows Phone 8.1 only natively supports IKEv2. Additional support is available for SSL VPN but requires the installation of a third party VPN client. SoftEther VPN has no client application in the Windows phone store, and lack of IKEv2 support has been a known SoftEther development issue for 16 months with no sign of being actively addressed . It's worth pointing out that Blackberry and Nokia Lumia users are also impacted by the lack of IKEv2 support, however none of those devices are explicitly named in the suppo

Google Tone - sounds like a good idea

Its really a shame that Google is rapidly becoming so unabashedly evil , because they really do have some smart folks on the team. One of the latest useful applications to come from outside of the world-domination division is Google Tone: Tone can share useful application data using sound; specifically URLs. There are many possible uses for this sort of thing. Advertisers should be more excited about this then they were about those always annoying and once-ubiquitous QR codes. Those interested in human rights work and IT security could I am sure come up with some uses more useful to humanity. Here is a link to a Tone download from the Chrome web store ; Tone is available to start with as a browser extension.

Secure your Apache server against LOGJAM

Some time ago I wrote a post about the dismaying history of US government attempts to regulate encryption out of existence . I had to omit quite a bit; it was a post and not a book after all. One of the details left out of the story was the DHE_EXPORT cipher suites. During the 90's, developers were forced by the US government to us deliberately insecure ciphers when communicating with entities in foreign countries (readers will remember from the last post that law makers were convinced that encryption should fall under the same rules as weapons technology, and thus could not be shared with anyone outside the Father Land). These insecure ciphers became DHE_EXPORT. The DH stands for Diffie-Hellman; the key exchange system that bears their name was first published in 1976. Along with the cipher suite was a mechanism to force a normal encrypted transaction to downshift to a lower-bit DHE_EXPORT cipher. As so many short-sighted technology regulations have done in the past, this silly

Amazon Finally Ditches SSLv3

Amazon S3 subscribers recently received a form letter like this one: Dear AWS Customer, This message explains some security improvements in our services. Your security is important to us. Please review the entire message carefully to determine whether your use of the services will be affected, and if so what you need to do. As of 12:00 AM PDT May 20, 2015, AWS will discontinue support of SSLv3 for securing connections to S3 buckets. Security research published late last year demonstrated that SSLv3 contained weaknesses in its ability to protect and secure communications. These weaknesses have been addressed in Transport Layer Security (TLS), which is the replacement for SSL. Consistent with our top priority to protect AWS customers, AWS will only support versions of the more modern TLS rather than SSLv3. You are receiving this email because some of your users are accessing Amazon S3 using a browser configured to use SSLv3, or some of your existing applications that use Amazon S3 a

The Guantanamo Bay Prison Library

I came across this photo of a section of the Guantanamo Bay Prison library this morning and found it interesting: The copy of Aron Ralston's 127 Hours was specified by the photographer as being specifically dog-eared, but personally the Nora Roberts novel to the right appears to have been more thoroughly examined. Is trashy romance a Jihadi thing? What really got my attention, though, was the *multiple* copies of Jean-Jacques Rousseau's Social Contract (that appear to be untouched).   Prison censors even in domestic US prisons tend to omit any works of political philosophy from the library - when you do see prisoners reading this stuff they typically have to make special arrangements to get it by purchasing it directly from the publisher or through an inter-library loan as part of an in-prison education program. A colleague of mine recently published a series of damning articles on the prison health system in the state of Florida; wardens of prisons who were implicated