Stop ISP’s tracking your DNS & browser history!

Well hello again. For those who wish to stop people being nosy about what a where you browse. There are a few things that you can do that will happily upset most but not ALL internet nosy people on what you visit. GCHQ and the NSA probably still have a few tricks in their box to spy on you. But, at least we shouldn’t make it easy for them. 99.5% of us are doing nothing wrong. Using the old “we need to know” have fallen very short in recent years. When it has been shown that attacks have taken place in FULL view of them without needing any de-encryption software. All you are doing is increasing the Haystack of information. It ends up – ” that you can’t see the wood as the trees are in the way”. First or all you need to stop using that thing called Google Chrome. You can still use all of the Google suite of packages if you must such as GMail, GDrive etc…etc and remember the saying “There is no such thing as a FREE lunch” They will be using the contents of your emails and communication to sell to the markertires of the Corporate firms. However, for those of you that wish to take back a bit of control you can download the current version of FireFox on your PC, Apple desktop or mobile and with a few simple tweaks stop quite a significant chunk on snooping in one swoop. Download the Browser from Here (Opens another Page) So, allow it to. Then download the package after accepting the T&C’s. Okay, so how many of you have actually read them? Well, we leave that to one side for now as this crew are Open Sourced and Commercially & Government Neutral. I’m sure they wouldn’t mind a contribution to help them in their work though. £ or $ amount would keep the lights on. Once you have downloaded the package and installed it. The computer will ask that you trust this which you should answer “Yes” as long as you clicked the link and didn’t search for the “Firefox” link. Yes, you know who you are tut tut. Open the browser and then type the following into the place where you normally type the web address. Where the Https or Green lock appears. about:config – then hit enter You will be warned to turn back. But instead select “Accept the risk” Okay, don’t freak out or Panic if you are English! At the top of the browser page. You see a “Search with a Looking glass icon” In there type the following. network.trr.mode – Do worry about the list reducing. It’s the browser trying to reduce the list dynamically. Once you have finished typing the about there should be only one line available to select. Then double click the lefthand button on the mouse. Then, when the dialogue box appears change the 0 to be 2. Then, select the “OK” button to confirm the change. Now once you return to the original page. Remove the network.trr.mode text and replace it with the following “network.security.ensi.enable” by the time you have typed this in. You will only have one option to choose from. Double click on it with the lefthand mouse and you will notice that the “Status” will change to Modified and the “Value” will have changed to True Once you have finished the modifications you can visit this site below to check you’ve everything working correctly. https://www.cloudflare.com/ssl/encrypted-sni/ Select “Run tests again” which will check out your browser. There are four tests on the page which should all be Green Ticks. Remember these settings are only good for the Firefox browsing. Start using Chrome and Edge browsers and all bets are off on security. Until we see you again. Enjoy your browsing again.

Secure your files from Ransom Malware Encryption on Windows 10.

Hi Guy & Girls,

Well, you’ve just upgraded to the current Windows 10 Fall Creators update and you find a few goodies under the bonnet?

No? Well there is an option to turn on a feature called “Controlled Folder Access” on their Windows machines

It’s described here. So, I will not re-invent the wheel.

But, basically. It keeps an eye on the activity of the Hard Drive and stops mass encryption occurring on both the System files and the Specific User Local folders that are currently active.

The Hit on the system performance is not noticeable and certainly will not be noticed on an SSD.

So, a bit of a no-brainer!

So, if you are already on Windows 10 Fall Creators do it today!

If you aren’t. It actually makes the pain of upgrading worthwhile. That from a Computer Engineer that normally would say hold off the update for at least 3 months.

But this is a sensible improvement worth the risk.

Yes, they have moved all the settings around again. But, the underlying improvement of speed of the new OS makes it worth the pain of the upgrade.

So, hold your nose and upgrade to Windows 10 Fall Creators soon!

Cheers.

WPA2 – Broken : In the middleman attack possible.

Guys & Girls.

For those of you that remain wedded to the earlier versions of Windows – W95/W98/W7 & W8.0 & 8.1?

You should note that the WiFi element of communication has been found wanting again.

For further details click on here.

If you are on Windows 10 / Windows 10 mobile you can relax this time as it has already been patched as long as you have been allowing Windows to update itself.

Cheers

post

Tagware Crew goes to Future Decoded at Excel – Microsoft 2016 Server & Cloud

Microsoft Windows Server 2016 is on its way!

All the best bits were highlighted in another session I went to. One of the main ones was the Microsoft 2016 Servers ability to interact with TPM version 2.0. In a nutshell, this allows the ISP or Cloud provider to point to the owner should our friends NSA or GHCQ want to look at the server. Microsoft has nice sidestepped the issue of encryption. As with TPM 2.0 enable hardware. If, you can’t talk to the certificate holder for that hardware. Nothing is going to happen.  You can bounce in a pick up the Hard drive or the complete unit. Without the system being able to retrieve the certificate. Then, the whole lot is grounded. Wiping out any of the drives will just provide an encrypted drive that you cannot read on any system that cannot talk to its Security systems. Nicely, done there Microsoft. That should stop your friends in government putting you in an untenable position in terms of data security.

Dawson and I seem to think we were the only old plods left!

The young smiling face of youth. I remember when I was that bouncy! Secondly, that this Cloud stuff it is very busy and noisy by all accounts. I’m still waiting for Air Traffic control to come to a sort this mess out!

But, as I was walking around the show. I had a feeling that I got when I watched  Chitty chitty bang bang many years ago. When the Child catcher turns up with sweets and ice cream. All of which were free.

 

Until of course the cage is closed and the pretty decorations come down!

Don’t forget. If, you do set up on Cloud. Make sure that you can migrate away should you need to. Or, you may end up with a larger bill than the CIO was expecting.

Well, that’s me done for today.

As always. If you have a comment. Please feel free to do so.

post

Tagware Crew goes to Future Decoded at Excel UK.

Well, what did we find?

First of all. Microsoft invited us back after last year’s event! So, we must have been on best behaviour last year.

This year they invited us to download a purpose written APP to help in guiding us around the event without issue. As you might expect. There were a few teething troubles with some folk saying that they couldn’t log in and the APP thing crashing everywhere. Hey, what did you expect? It’s Microsoft after all. I can hear you say!

Well no it wasn’t. It was a crew that was contacted by our Microsoft friends to clean up the entry to the event after a busy entrance last year. In truth, I think Microsoft events, was behind the curve last year and got caught by the sheer numbers that turn up.

However, I can report that this year’s event was back to it’s normal USA style efficiency in checking people into the event. They also carefully reminded everyone to bring the 5 digit code. So, that most of the process was complete by us. This surprisingly works out really well. As we were all technical bods anyway! I did help out by wearing one of our sweatshirts that have ‘TAGWARE’ embroidered on the front. I have saved you from looking at the picture of me wearing it. Are you grateful?

The only issue that Dawson quite rightly pointed out. The app wanted to suck up all of the contact information from our phone contact list. Which, would normally be ‘Commercial in Confident’ level of information? Bad Microsoft! However, if you use Windows 10, then, there is nothing that is off limits. However, that’s for another post.

So, Dawson and I swan into this large hall where we learnt about Microsoft’s new ideas. I believe that most of the speakers at the event have video’s which can be viewed at channel9.msdn.com. However, for those that like to read the overview, it’s here.

Well the most informative session of that morning to me was the COW mission. Yep, I can hear you now saying “what do Cows have to do with technology”?

Click Here – to find out about technology and Cows >>

 

When you see the little Key symbol you think you are safe?

Well, here we are again.

So you are login into the banks or Credit card. You made sure that you have the Key in the browser and you think you are safe?

Well, unfortunately, you are not. As most websites including Gmail, Cahoot, Tesco etc use the version 1.0 SSL.

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

Trouble is this has been broken. So, you say oh dear. they will send out a fix. Well, the Fix has been out since 2006. But, the websites are somewhat in a chicken and egg problem.

As the normal browser including IE, Chrome, FF  etc are set at version 1.0. Although most can use 1.2 which is the most secure. If they did force you to use this level then quite a few of the commercial sites would refuse to work. :o( and of course the site would lose web traffic.

So, they decided to leave it. Now, of course, it is going to come and bite them. As they have left open a way for an attacker to high jacking the session. Trouble is, you will not know.

As you will turn up to the right website and be unaware of anything being wrong. You will see the lock in the browser and to the normal person. Everything would be fine.

So, my suggestion is to convince Google and other Search engines to rate the Websites positions by what SSL level they are using. So, the safe ones that use 1.2 are the ones that don’t.

Personally, I think you would then find a lot of websites migrating to the secure version. Which, then would make the site more secure the default standard. A quick tweak to the browser security settings and everyone would be using 1.2 in a short space of time. Then, the hackers would have to crack the 1.2. Which is going to be a lot more difficult.

The search engines then get the credit for providing a more secure internet. The banks have a very little excuse. They should have completed this upgrade many moons ago.

Well, that’s my point of view. What’s yours?

Thanks for reading.

David Vincent.