Skip to main content

Blocklist-Update.sh

Blocklist-Update.sh is a script that I wrote to manage blocklists from bluetack etc to be used in conjunction with Transmission torrent downloader in Linux/MacOS. The script can be taylored to work with Qbittorrent as well, but the placement of the blocklists means you'd have to redirect the blocklist to go somewhere locally manageable as Transmission uses its own blocklist directory in .config. I believe there are about 10 lists there now. It works well for my needs. It can be ran weekly using crontab in standard user profile.  To download:  blocklist-update.sh To download the others:  Github
Post a Comment

STAYING SECURE OVER OPEN WIFI AND NETWORK SECURITY IN GENERAL

Open Wifi is the rage these days. From quaint cafe’s to regular, run-of-the-mill family restaurants, Wifi is left free and open to the public. This can be both a good and bad thing. Convenience is that you can update that app on your phone that you might have otherwise missed out on in your busy schedule. You can also share that favorite youtube video with your family, but you wouldn’t leave an open account on your home router would you? Open Wifi uses no encryption, so your data is basically free range. Even using secure HTTPS can be intercepted by someone with a descent understanding of the networking. Then why do we use these unsafe networks so much? How can we prevent or protect our devices and or traffic from being compromised?

  1. Stay away from clear text or HTTP only. While it may not be a big deal for just going to a random site to read an article or look at pictures, HTTP is unsecured and now is being deprecated by most websites in favor of more modern standards like HTTPS with SSL or now TLS. HTTPS encrypts data to help prevent or mitigate some man-in-them-middle snooping and otherwise from going to an illegitimate site. HTTPS over TLS is the newest. TLS stands for Transport Layer Security. Transport Layer Security is what gives the connection its secured nature. TLS allows data to go between hosts or client and server with no interference from third parties. SSL mean Secure Socket Layer. The difference between the two is mainly better encryption and difference in name. TLS is the continuation of SSL. TLS is important. As for clear text, prefer to login to pages that use hashes for passwords or otherwise encrypt them. Logging in in clear text is something that I never do, it’s also preferred that you use a third party password manager like Kee Pass or Last Pass. The former is probably safer.
  2. Use common sense. This seems like a no brainer, but some people still like to login to sensitive sites like their bank at a coffee shop. Seriously? That’s the worst thing you can, unless you have a VPN which is still a bad idea. Using a VPN is a great idea, however, it doesn’t necessarily ensure that the entry node is not compromised and thus if enough data is leaked through via DNS, your information can be compromised. If you just have to check your bank account, use a good VPN, don’t skimp on pricing, the good ones usually cost more. Good VPN’s can protect you from at least most of the leakage issues including those caused by the VPN’s own DNS. When using a VPN for that vital of a task, it is important to use their DNS and not the free one at the hotspot.
  3. Use a firewall. This should go without saying, but use a Firewall. Firewalls are great pieces of software that stand in between you and any data trying to get into your ports. It closes off ports that would otherwise be wide open to the net, unless they’re being used, then it simply moderates or filters out certain attacks like ICMP flooding or dos attacks. Firewalls are what probably keep your computer from either becoming bogged down or even potentially controlled by a botnet everyday. Some good firewalls are usually third party, but Windows has one built in that at least does something. At least after Windows 8. Linux has a really great firewall, but learning how to use it is another story. Linux uses a Kernel component to block ip instances according to number and type of requests and such attacks as mentioned above. A good third party for Windows is PrivateFirewall and a good third party skin for ipfilter in Linux is GUFW. This gives ipfilter its graphical component.
  4. Consider using Dnscrypt or Opendns if you don’t have a VPN or they didn’t give you a DNS to use. DNS is still one of the best places to catch leakage in network security. Even your home network can be leaking data via DNS if you’re using the stock DNS that came with your internet subscription. Another good and free alternative is the new cloudflare owned 1.1.1.1 which privatizes your traffic. They don’t actually necessarily filter traffic much at time of writing, but they are working on that for the future. What they do is more passive at the moment in that they don’t keep logs of any queries that pass through them. Even if they were asked for your information and they wanted to help, they can’t.
  5. Use a different search engine or browser. Some people like to try various browser software, that’s a good thing. Browsers are possible attack vectors too and using more than one for different tasks helps keep sensitive data from being in one direct place. Also, some browsers are better at displaying some pages than others. Browsers like Chrome or a derivative are also shipping with some minor ad blocking capabilities these days as well. Ads are downright annoying and some can be potentially harmful. Chrome seeks to rectify that by culminating a list of possible ads to block and only allowing through certain ads that are deemed legitimate or warranted. Some might say that this is a way to extort more money from corporations, however, they are blocking some of their own ads. Firefox offers tracking protection which is similar but works for a different reason. Tracking is worse than ads. Both offer some malicious url filtering based on Google’s safe search. I recommend Pale Moon and Vivaldi as my two browsers of choice. The customization of Vivaldi matched with Chrome’s built in privacy and security enhancements is a good fit for me. Pale Moon offers privacy and security as well, however, I don’t use addons or extensions to do it. Pale Moon does offer some low level fingerprinting protection if you know how to turn it on in the backend. It also uses a separate geolocation aparatus than Google’s own. As for the search engine, I don’t really think that it matters as much, however, I use mostly duckduckgo or startpage for 80 percent of my searches. Duckduckgo doesn’t keep records of your searches and Startpage searches google on your behalf. Both are equally good I think and If you like a more indepth search, I’d recommend Startpage, but simple is sometimes better so go with duckduckgo.
  6. If you’re on a laptop and are limited by the ammount of money you have to spend, use Tor. Tor offers its own VPN solution, but this only works for that particular browser. Tor is great for bypassing location and ip restrictions. Tor also offers HTTPS everywhere so that all your data is encrypted. They also don’t store any logs. They also allow you to choose nodes much like the Opera VPN. Tor still offers an older version of Noscript that supports both e10 and ESR firefox as a hybrid. Noscript blocks scripts on sites allowing only the ones you tell it to. Noscript also protects against clickjacking.

Finally, when setting up a home network, it’s a good idea to use an alternate DNS on your router so that all your data through any device uses that DNS. It’s a great idea to ensure that your router has good firewall configuration and WPA2 encryption for the connection. WPA2 is the standard at least right now above WPA and WEP(Easily crackable).WPA2 uses a separate password than the one your router uses to connect to each individual device. This prevents anyone from just randomly browsing for porn on your network. Also make sure to change the router’s default password from password. Furthermore, using a funny or complex SSID name can make a difference too(Mine uses FBI_VAN). Be sure to check the logs on your router a couple times a week. 


Comments

Post a Comment

Popular posts from this blog

NOSCRIPT CONFIGURATION FOR PALE MOON SPECIFICALLY

I wrote an article before about making Pale Moon more private. I covered a few of the settings and back end changes I make each time I install it. I mentioned Noscript, but I didn’t give any details about how I set it up. First though, you have to get the version already marked for your version of “Firefox” or in this case, Pale Moon. If you went to https://addons.palemoon.org/addon/noscript/ you would probably find the Pale Moon addons page devoted to the newest possible Noscript being marked specifically for Pale Moon. Other versions may work, but these are hybrid addons and the closer we get to Noscript 10, the less I trust it to work with Pale Moon specifically. I just opt to stick with 5.0.6. There have been people asking about what happens when Maone, the developer stops supporting the hybrid versions of Noscript, “Will it work with Pale Moon?” Why yes it will. Noscript blocks scripts, that’s its main function and it will do that as long as Java script exists on a page.
Post a Comment
Read more

SSD PARTITION ALIGNMENT

I was searching for more information regarding SSDs last night as that is what I now use, I found an interesting little tip that most users will never have to worry about, but people using Arch Linux, Manjaro or Windows that was cloned from another drive may want to consider checking this. The Partition manager within Linux normally takes good care to ensure that you have some free space to be used by the SSD in the event that a cell becomes worn out or corrupted. Also, Linux generally ensures that a proper amount of unallocated drive space is set aside preceeding the partition. However, on my own image of Manjaro, I discovered that this was not the case. The partition was “out of alignment”. To fix this situation, I found an article on  Lifehacker that went into instructional detail about how to solve this from a live environment or an image of Gparted . Gparted is a separate live environment of Linux that is based on Debian and uses Gparted as the main tool to manage par
Post a Comment
Read more

PALE MOON PRIVACY SETUP

I did a review of Pale Moon back when 27.6.2 came out in linux. I had mostly great things to say about the browser then and my feelings towards it have not changed. Pale Moon is a very useful tool for scowering the net. It has privacy at its core with a few implementations made by Moonchild, the lead developer, built in. I also mentioned the point that Pale Moon has a canvas poisoning feature in the backend, however, I wasn’t very clear about how to turn it on. I thought in this tutorial, I’d show with a series of screen shots, some of the useful settings and preferences that I change to make Pale Moon a bit more private. I also thought I’d take this time to rant a little more about some of the not so savory issues with Firefox which have recently come under scrutiny by various people in the the Linux world. First order of business, if you haven’t heard, Mozilla recently added an extension into their browser which gave people ads. That’s right, they were ads for a specific t
Post a Comment
Read more