Security – Everything is Broken https://play.datalude.com/blog Efficiency vs. Inefficiency, in a no-holds barred fight. Fri, 16 Nov 2018 03:01:28 +0000 en-US hourly 1 https://wordpress.org/?v=6.9.4 Git pull stopped working https://play.datalude.com/blog/2018/11/git-pull-stopped-working/ https://play.datalude.com/blog/2018/11/git-pull-stopped-working/#respond Fri, 16 Nov 2018 03:00:18 +0000 https://play.datalude.com/blog/?p=455 Read more]]> So this is a weird one. I'd previously grabbed some code from a git repository. But recently when I went to update it, I got an error

fatal: unable to connect to github.com:
github.com[0: 140.82.118.4]: errno=Connection refused
github.com[1: 140.82.118.3]: errno=Connection refused

Uh-oh. Thinking it might be a transient error, I left it for a while. But then when I got the report from my firewall logs, I saw some outbound connection attempts which it was blocking.

 Nov 15 12:20:42 DST=140.82.118.4 PROTO=TCP DPT=9418
 Nov 15 12:20:43 DST=140.82.118.4 PROTO=TCP DPT=9418
 Nov 15 12:20:43 DST=140.82.118.3 PROTO=TCP DPT=9418

So googling around I saw that this port was related to a proprietary git protocol, and then I connected the two events. So apparently the last time I checked out the code, it had used the default git protocol. Then I installed a firewall with egress filtering on the server, so now it was blocking the connection attempts. One solution would be to add tcp/9418 to my firewall rules, but there was actually a simpler way. From the code directory I edited the .git/config file and changed the url= line:

[remote "origin"]
        url = https://github.com/repo/repo.git
        # url = git://github.com/repo/repo.git

And now my git pull works again. 

]]> https://play.datalude.com/blog/2018/11/git-pull-stopped-working/feed/ 0 Free Wireless VPN https://play.datalude.com/blog/2008/08/free-wireless-vpn/ https://play.datalude.com/blog/2008/08/free-wireless-vpn/#respond Fri, 08 Aug 2008 00:56:04 +0000 http://play.datalude.com/blog/?p=46 Read more]]> Depending on your background you'll have different reactions to Free Wireless. Most people shout a quick whoopee, and plug right in there. However if your background is in IT security, you take a much dimmer view.

First of all there's the fact that a lot of the traffic you send down the wire can be intercepted ("sniffed") by people on the same network as you. The guy next to you in Starbucks could be snagging all your email passwords, for example. So at a minimum you need to make sure that you're using Secure email protocols (eg Secure POP on port 995 instead of port 110, and Secure SMTP on port 465 instead of port 25), and using https intead of http wherever you get a chance.

But then it can get worse: do you really trust the people running the wifi hotspot? Maybe they're the ones logging traffic through their router? Well maybe this is getting too paranoid, but the only way to really make sure your information stays private is to get a VPN tunnel back to a trusted network, and put all your traffic down that.

This is not within the reach of most people, but I recently found something which looks as though it might help: AnchorFree.

http://www.anchorfree.com/downloads/hotspot-shield/

This will set up a VPN to the AnchorFree servers and protect you from any intrustions by your fellow coffee swiggers and evil hotspot operators. The question then becomes, do you trust the people at AnchorFree?

]]> https://play.datalude.com/blog/2008/08/free-wireless-vpn/feed/ 0