This howto uses the Raspberry Pi as the base system (tutorial is based on Debian), and Tor as the SOCKS5 Proxy.
The Objective: be anonymous on the internet, using the Raspberry Pi as a transparent SOCKS 5 proxy.
I didn’t intended this to be a completely exhaustive tutorial, but i feel it’s complete enough for the novice user to follow.
As a bonus, i’ve added info on how to use Tor as a Socks Proxy for your iPhone/iPad – no need to jailbreak.
If in any doubt following this guide, please leave a comment!
Sometimes, you need to anonymize yourself in the internet. Or you’re just paranoid and don’t want to be followed around.
Either way, a proxy is a great way to stay anonymous in the internet.
If you just want to browse around, you can download a full featured package with Tor, and its own stripped down version of Firefox called TorBrowser. There are versions for Linux, OS X, and Windows, and you’re ready to go.
But if you don’t want to install anything in every device you own, or you want to be anonymous on your iPhone or Android device, then, this tutorial is for you.
The vulnerability is horizontal privilege escalation. The PIN reset function – while updating the PIN for the current user – also attaches all the personal data in the POST request. This allows the attacker to tamper with the request, exchanging his username with the victim’s username and setting a new PIN for the victim.
Apple has apparently decided to kill support for OS X Snow Leopard, the 2009 operating system that has resisted retirement for more than a year.
On Monday, Apple did not update Safari 5.1 when it patched the later Safari 6 and 7 for newer editions of OS X, including 2011’s Lion, 2012’s Mountain Lion and this year’s Mavericks.
Safari 5.1, which was last updated in September to version 5.1.10, is the most-current Apple browser for Snow Leopard.
Historically, Apple has patched Safari longer than the supporting operating system, so when the Cupertino, Calif. company calls its quits for the browser, it’s already decided to retire the pertinent OS.
In July 2011, for example, Apple patched Safari 5.0 for the final time, updating the browser to version 5.0.6. That edition was the last that ran in OS X Leopard, which was released in October 2007.
Apple provided the final update to Leopard in June 2011.
Ever wondered how do they do underwater cable splicing?
Many, many layers of protection, including several of jute wrapping. The video centers on splicing a new cable to an existing one in the San Francisco Bay to bring the wonder of telephony to a man-made island created for the Golden Gate International Expo.
The narrator makes these men out to be heroes, and when you see how much lead they came into contact with, you’ll understand what he means. Each of the 1,056 individually insulated wires must be spliced by hand. After that comes a boiling out process in which petrolatum is poured over the splice to remove all moisture. Then, a lead sleeve is pulled over the connections. Molten lead is poured over the sleeve and smoothed out by hand.
At this point, the splice is tested. The sleeve is punctured and nitrogen gas is pumped in at 20psi. Then comes the most important step: the entire sleeve is painted with soap suds. Any gas that escapes will make telltale bubbles.
Once they are satisfied with the integrity of the sheath, they wrap the whole thing in what appears to be lead cables and pound them into submission. Surely that would be enough, don’t you think? Nope. They weld the cables all around and then apply two coats of tar-treated jute wrapping, which retards saltwater corrosion considerably.
According to Dennis Publishing Lab’s, Microsoft Security Essentials fail to detect 39% of malware.
Dennis Technology Labs (DTL) tested nine home security products on a Windows 7 PC, including Security Essentials, which is distributed free to Windows users and built into Windows 8 in the form of Windows Defender.
While the other eight packages all achieved protection scores of 87% or higher – with five scoring 98% or 99% – Microsoft’s free antivirus software protected against only 61% of the malware samples used in the test.
Microsoft conceded last year that its security software was intended to offer only “baseline” performance, saying it wanted to “give customers a good reason to pay for their [security] products” because that would create greater diversity in the market and make life harder for malware writers.
Nevertheless, the company insisted that Security Essentials provided “strong, comprehensive defence against malicious code and attacks”.
Norton Internet Security received the strongest protection rating in DTL’s tests, detecting 99% of the malware used. Taking into account false positives against legitimate software, Kaspersky Internet Security 2014 provided the best overall level of protection.
Many web developers know about SSL/HTTPS, but it is very common to see it only partially deployed, or not deployed where it should be. This basic guide by @Erik Romijn on when and how to deploy SSL/HTTPS will help you avoid the most common mistakes.
The IETF has a dedicated crypto review board, the CFRG, which approves or pokes holes in the cryptography used by other IETF standards.
The chair of the IETF CFRG is an NSA employee (Kevin Igoe, one of the authors of the SHA1 hash standard).
I just learned these things a couple weeks ago. I am not generally a believer in the theory that NSA actively subverts Internet standards. But even I think that it’s crazy for an NSA employee to chair the CFRG.
In case you’re wondering: Trevor Perrin is widely respected professional cryptographer. Most cryptographers work for university math departments. Perrin worked for years as a staffer for Paul Kocher, the godfather of side channel attacks, at Cryptography Research. He’s the designer of the new forward secrecy ratchet for OTR (Axolotl) and the TACK TLS extension, and a behind-the-scenes contributor to other IETF crypto standards. Perrin wrote the pure-Python “tlslite” TLS implementation. If you were to draw a “family tree” of crypto know-how in the software security profession, a surprisingly huge chunk of it would be rooted in Perrin (and Nate Lawson and Kocher); for instance, virtually every modern TLS break came from ideas that Perrin popularized. 64 current Matasano Crypto Challenges, probably 50 of them I can trace to Perrin and Lawson. Trevor Perrin is someone you should pay attention to.