privacyguides

north, 1 year ago in What is your favorite cybersecurity tool and why?

@JackSparrow174 I find myself using curl far more often than anything else.

(s/o @bagder)

ericjmorey, 1 year ago in Hetzner server hosting potentially running MITM proxies on hosted servers

more discussion news.ycombinator.com/item?id=37955264

taaz, 1 year ago in Hetzner server hosting potentially running MITM proxies on hosted servers

The linked research: notes.valdikss.org.ru/jabber.ru-mitm/

I have two dedis from Hetzner and I was somewhat satisfied with it. Oh my, it migh be that time of the year where I go shopping for a NUC.

KingThrillgore, 1 year ago

Had a friend that got a cheapo Gigabyte NUC and he needed to use a dummy HDMI for it to even boot. As it, it wouldn’t boot w/o a monitor. Take heed.

KairuByte, 1 year ago

That’s a pretty meh problem though. It’s the whole reason dummy HDMI’s exist.

justJanne, 1 year ago

There’s no provider that’s going to be more safe than Hetzner, tbh.

If a provider doesn’t comply, you’ll just get special services raiding their DCs instead.

And if you switch to a VPS provider, you’re even more exposed.

Set up CAA with proper restrictions, enforce CT for your clients and use proper full disk encryption to prevent them from placing implants on your server itself.

ezchili, 1 year ago

Just buy a raspi to check the certificates periodically :>

TonyToniToneOfficial, 1 year ago

Alwyzon is nice. Good ping times.

empireOfLove, 1 year ago

Ahhh. Going after Russian services of course.

Knowing the German government I’m not terribly surprised Hetzner was forced to comply quietly. But still, if they’ll do it for one user, they’ll do it for everyone. Really sucks.

iso, 1 year ago in Hetzner server hosting potentially running MITM proxies on hosted servers

Interesting 🤷‍♂️ I’ll check news on this. I won’t use Hetzner if its true.

empireOfLove, 1 year ago

Please do. An unsubstantiated reddit thread does not a story make- but the more people we get to look into it, the more likely someone will corroborate it (or not)

QuazarOmega, 1 year ago

An unsubstantiated reddit thread does not a story make

Awoken I am

geekworking, 1 year ago

If want something that is immune from law enforcement wiretap warrants, you should avoid basically all hosting and internet service providers.

Read the TOS on virtually every service. There’s some language to say that they will comply with legal requests. The company is not going to fight the government for your $5 account.

Microsoft, Google, Amazon, Facebook, etc all have wiretap and legal discovery tools built into their platforms and have a dedicated team to process wiretaps.

iso, 1 year ago

Stop the service and inspect the machine for law violations. I’m ok to that. But proxying the network without a notice is literally spying.

Reverse the case, if a Chinese/Russian provider did this, would you still be OK? It’s funny US and west countries blaming easterns for spying while doing far far more.

geekworking, 1 year ago

The entire term wiretap comes from spying on phone conversations upstream without the target’s knowledge. This is no different.

China and Russia are 1000% doing this and more to anything hosted anywhere under their jurisdiction. The CCP brags about the Great Firewall.

I don’t necessarily agree with any of it, but I am pointing out that changing providers to one who wasn’t in the news is not a way to get around government data collection.

rainynight65, 1 year ago in San Francisco mayor wants drones and CCTV to stop crime

So you’re telling me that blanketing cities in CCTV over the past decade or so has failed to stop crime? And you’re telling me that you need more of it to stop crime?

Cyberjin, 1 year ago in San Francisco mayor wants drones and CCTV to stop crime

I’m just an outsider But didn’t she defund the police and fund a lot of woke stuff?

Sooperstition, 1 year ago

What does woke mean?

figaro, 1 year ago

The answer conservatives won’t give is “expecting accountability.”

Cyberjin, 1 year ago

Woke like in identity politics

garrett, 1 year ago

No, she didn’t make the cops gay.

ruination, 1 year ago in Google-hosted malvertising leads to fake Keepass site that looks genuine

Say it louder for the people at the back: adblock is a basic cybersecurity measurs

TufOnTwitter, 1 year ago in Is this a good network setup?

deleted_by_author

pipariturbiini, 1 year ago

you okay?

AlexSup21, 1 year ago

Bro has a stroke

red0888, 1 year ago

@TufOnTwitter @sewmopjr fair enough

JasSmith, 1 year ago in San Francisco mayor wants drones and CCTV to stop crime

It won’t help unless you actually put the criminals in jail. Since you won’t do that, drones are useless.

Gorgeous_Sloth, 1 year ago in San Francisco mayor wants drones and CCTV to stop crime

We’re fine

TryingToEscapeTarkov, 1 year ago

and we aren’t even in a cool one. Where is my chrome?

pineapplelover, 1 year ago in San Francisco mayor wants drones and CCTV to stop crime

Fuck off

halfempty, 1 year ago in San Francisco mayor wants drones and CCTV to stop crime

Massive surveillance programs won't stop crime. Instead it will be used to persecute target demographic groups.

JoShmoe, 1 year ago

Its probably the only reason the major was put into that position. Foreign influence.

ClopClopMcFuckwad, 1 year ago in San Francisco mayor wants drones and CCTV to stop crime

Instead of spending millions on CCTV and drones try giving people safe shelter and sanitation.

freeindv, 1 year ago

safe shelter

What does that have to do with crime?

sanitation

Are people catching some kind of disease that makes them steal and commit assaults?

garrett, 1 year ago

Why do you think people commit crime?

pineapplelover, 1 year ago

People happy -> no need to commit crime to make themselves happy

Lemongrab, 1 year ago

Not even to make them happy, its a survival technique.

ridethisbike, 1 year ago

Thought it was pretty obvious they if people are in desperate situations they will resort to taking desperate measures to survive, but I guess not

TWeaK, 1 year ago in Is this a good network setup?

Sounds decent.

Most routers can have VLAN functionality if you flash them with custom firmware. You get allllll the settings then. I have a netgear router that now has an FTP server and a bunch of other stuff. All you have to do is make sure the model you buy has a chipset supported by the firmware. Firmwares include:

• DD-WRT
• Tomato
• AdvancedTomato
• OpenWRT
• Chilifire
• Gargoyle

I’m sure someone will come in and say that using a consumer grade router is naff, but in my (somewhat limited) experience working with managed switches in an industrial setting, a custom consumer router is much more feature-rich. Unless you need the IO of a managed switch (ie SFPs) I see no reason to go down that route.

If you are using SFPs, be sure to get the knock off ones that can be programmed - there should be places that sell them and program them at no extra cost. They can literally be 1/10 of the cost of the manufacturer’s own modules.

freeman, 1 year ago in Is this a good network setup?

if the firewall can be updated regularly then sure.

Mikrotik makes perfectly acceptable switches at a reasonable price with a variety of features, vlan compat is pretty common. A MikroTik CSS610-8P-2S+in will give you 2 10 Gb sfp , 8 x 1Gbe with PoE+ and vlans for under 300 bucks.

walden, 1 year ago

I’m not OP but that 'tik is almost perfect for me, going along with the RB5009 I already have. Is there something similar that can run RouterOS I wonder?

freeman, 1 year ago

There definately is something. They have a ton of products. I’d have to look through my list as well. The CSS runs switchos lite, but honestly its fine. I can do CLI configs (brocade, cisco, cisco smb etc) but its whatever.

At my parents house i have been using a Mikrotik RB260GSP since about 2016 on their net. It also runs swos and im not doing anything crazy on it (in fact i never bothered with VLAN’s there though i probably should setup a guest vlan. But its been fine for years now.