Security

Hidden chat with Whonix and socat

Back in 2013 I wrote about using socat with Tor to setup a Hidden Service chat. It was pretty simple to setup and I wanted to see how much harder it would be to do with Whonix, since the Gateway handles Tor and the Workstation should run socat. Ends up it isn’t hard at all. On the Gateway you need to edit /usr/local/etc/torrc.d/50_user.conf (as root) and add a Hidden Service to it:
Running Whonix using QEMU as a user

Running Whonix using QEMU as a user

Whonix has released version 14.0.0.9.6 of their XFCE KVM build. Whonix is a Debian based operating system that routes all network traffic through the Tor network. It is included as part of Qubes OS or you can run disk images using your favorite virtualization solution. Their KVM release includes xml files for importing into libvirt, but sometimes that’s a bit too heavy of a solution and you want something simple where you don’t need to be root to set it up or run it.

Using OpenVPN on an iPhone

You are being tracked. It is now no secret that on every level your cellphone is being used to compromise your privacy. Not only are the cellphone providers injecting tracking headers they have been selling off your location data to 3rd parties with lousy website security. We have no way to know how much of this data was archived, or who may have access to it. There is no way to ensure that it is all deleted.
Setup oath ssh login on Fedora

Setup oath ssh login on Fedora

There are occasions where I’d like to be able to ssh to a system without using the password or having to setup a ssh key. Another alternative for authentication is the pam_oath module which allows you to use OATH applications like FreeOTP or Google Authenticator for 2-factor logins. Start by installing the required packages. This is specific to Fedora, other distributions will be similar but slightly different in fun and challenging ways.

https is now the default protocol

On June 5th the EFF called for people to ‘Reset the Net’ and do something to enhance their privacy on the net. I have put off switching to https for my sites because I host them using S3 and CloudFront, and up until recently it was extremely expensive to use a SSL certificate with your site. But now, thanks to SNI support in CloudFront, the cost is just slightly more than for http requests.