[Tutorial] Your own private anonymizing proxy – Raspberry Pi / TOR based

This howto uses the Raspberry Pi as the base system (tutorial is based on Debian), and Tor as the SOCKS5 Proxy.

The Objective: be anonymous on the internet, using the Raspberry Pi as a transparent SOCKS 5 proxy.

I didn’t intended this to be a completely exhaustive tutorial, but i feel it’s complete enough for the novice user to follow.

As a bonus, i’ve added info on how to use Tor as a Socks Proxy for your iPhone/iPad – no need to jailbreak.

If in any doubt following this guide, please leave a comment!


Sometimes, you need to anonymize yourself in the internet. Or you’re just paranoid and don’t want to be followed around.

Either way, a proxy is a great way to stay anonymous in the internet.

If you just want to browse around, you can download a full featured package with Tor, and its own stripped down version of Firefox called TorBrowser. There are versions for Linux, OS X, and Windows, and you’re ready to go.

But if you don’t want to install anything in every device you own, or you want to be anonymous on your iPhone or Android device, then, this tutorial is for you.


Continue reading “[Tutorial] Your own private anonymizing proxy – Raspberry Pi / TOR based”

ObamaCare California Website Flaws (500K users’ information at risk to hijacking)

ObamaCare is again on the spot. California’s site has +500K users, and, as the video shows, they’re at risk of hijacking attack.
Site’s admin has been warned, but so far, this hasn’t been fixed.

Vulnerability found by Kristian Hermansen

The vulnerability is horizontal privilege escalation. The PIN reset function – while updating the PIN for the current user – also attaches all the personal data in the POST request. This allows the attacker to tamper with the request, exchanging his username with the victim’s username and setting a new PIN for the victim.


EDIT: video was removed from youtube.

The PoC is on the video above. For the moment, it’s not known if this affects any other ObamaCare site’s than California’s.

Apple signals end to OS X Snow Leopard support

Apple has apparently decided to kill support for OS X Snow Leopard, the 2009 operating system that has resisted retirement for more than a year.

On Monday, Apple did not update Safari 5.1 when it patched the later Safari 6 and 7 for newer editions of OS X, including 2011’s Lion, 2012’s Mountain Lion and this year’s Mavericks.

Safari 5.1, which was last updated in September to version 5.1.10, is the most-current Apple browser for Snow Leopard.

Historically, Apple has patched Safari longer than the supporting operating system, so when the Cupertino, Calif. company calls its quits for the browser, it’s already decided to retire the pertinent OS.

In July 2011, for example, Apple patched Safari 5.0 for the final time, updating the browser to version 5.0.6. That edition was the last that ran in OS X Leopard, which was released in October 2007.

Apple provided the final update to Leopard in June 2011.

OS X Share, as of Nov 2013
OS X Share, as of Nov 2013

Continue reading “Apple signals end to OS X Snow Leopard support”

Underwater Cable splicing circa 1939 AT&T – Bell System

Ever wondered how do they do underwater cable splicing?

Many, many layers of protection, including several of jute wrapping. The video centers on splicing a new cable to an existing one in the San Francisco Bay to bring the wonder of telephony to a man-made island created for the Golden Gate International Expo.

The narrator makes these men out to be heroes, and when you see how much lead they came into contact with, you’ll understand what he means. Each of the 1,056 individually insulated wires must be spliced by hand. After that comes a boiling out process in which petrolatum is poured over the splice to remove all moisture. Then, a lead sleeve is pulled over the connections. Molten lead is poured over the sleeve and smoothed out by hand.

At this point, the splice is tested. The sleeve is punctured and nitrogen gas is pumped in at 20psi.  Then comes the most important step: the entire sleeve is painted with soap suds.  Any gas that escapes will make telltale bubbles.

Once they are satisfied with the integrity of the sheath, they wrap the whole thing in what appears to be lead cables and pound them into submission. Surely that would be enough, don’t you think?  Nope.  They weld the cables all around and then apply two coats of tar-treated jute wrapping, which retards saltwater corrosion considerably.

iOS7 untethered jailbreak is out, with hidden chinese software

So, iOS7 untethered jailbreak for iPhone/iPad/iPod Touch users is finally out, however, there’s a twist: Cydia is untested with this version, and Saurik was kept out of the loop the whole time.

iOS 7 logo
iOS 7 logo

The reason that the Cydia store doesn’t work is starting to become clear. A Chinese company paid the evad3rs a rumored 1 million dollars for the jailbreak, forcing their own App Store onto the phone.

If the computer running the jailbreak has Chinese as the main language, then the Chinese 太极 (taiji) market app is install. Cydia is available as an option, but it is deselected by default.

When i0n1c was asked about the Chinese market store,


Continue reading “iOS7 untethered jailbreak is out, with hidden chinese software”

[Tutorial] Web based SSH terminal for the Raspberry Pi

So, the other day, i wrote about Onion Terminal. Despite this is a great Terminal, it relies on Onion lib, and this has a lot of dependencies to it: libcairo-dev, libxml2, libpng++-dev, …

Then, i discovered GateOne – a full featured HTML5 based web terminal for SSH access.

Despite this tutorial is for the Raspberry Pi, this will work without much changes in any Debian based system, such as Ubuntu and others.

GateOne in action


Continue reading “[Tutorial] Web based SSH terminal for the Raspberry Pi”

Microsoft Security Essentials misses 39% of malware

According to Dennis Publishing Lab’s, Microsoft Security Essentials fail to detect 39% of malware.

Dennis Technology Labs (DTL) tested nine home security products on a Windows 7 PC, including Security Essentials, which is distributed free to Windows users and built into Windows 8 in the form of Windows Defender.

Microsoft Security Essentials
Microsoft Security Essentials

While the other eight packages all achieved protection scores of 87% or higher – with five scoring 98% or 99% – Microsoft’s free antivirus software protected against only 61% of the malware samples used in the test.

Microsoft conceded last year that its security software was intended to offer only “baseline” performance, saying it wanted to “give customers a good reason to pay for their [security] products” because that would create greater diversity in the market and make life harder for malware writers.

Nevertheless, the company insisted that Security Essentials provided “strong, comprehensive defence against malicious code and attacks”.

Norton Internet Security received the strongest protection rating in DTL’s tests, detecting 99% of the malware used. Taking into account false positives against legitimate software, Kaspersky Internet Security 2014 provided the best overall level of protection.

The full results from Dennis Technology Labs can be downloaded here, along with results for small business and enterprise software.

IETF has a NSA insider

The IETF has a dedicated crypto review board, the CFRG, which approves or pokes holes in the cryptography used by other IETF standards.

The chair of the IETF CFRG is an NSA employee (Kevin Igoe, one of the authors of the SHA1 hash standard).

I just learned these things a couple weeks ago. I am not generally a believer in the theory that NSA actively subverts Internet standards. But even I think that it’s crazy for an NSA employee to chair the CFRG.

In case you’re wondering: Trevor Perrin is widely respected professional cryptographer. Most cryptographers work for university math departments. Perrin worked for years as a staffer for Paul Kocher, the godfather of side channel attacks, at Cryptography Research. He’s the designer of the new forward secrecy ratchet for OTR (Axolotl) and the TACK TLS extension, and a behind-the-scenes contributor to other IETF crypto standards. Perrin wrote the pure-Python “tlslite” TLS implementation. If you were to draw a “family tree” of crypto know-how in the software security profession, a surprisingly huge chunk of it would be rooted in Perrin (and Nate Lawson and Kocher); for instance, virtually every modern TLS break came from ideas that Perrin popularized. 64 current Matasano Crypto Challenges, probably 50 of them I can trace to Perrin and Lawson. Trevor Perrin is someone you should pay attention to.

Read about the request here