Stop ISP’s tracking your DNS & browser history!

Well hello again.

For those who wish to stop people being nosy about what a where you browse. There are a few things that you can do that will happily upset most but not ALL internet nosy people on what you visit. GCHQ and the NSA probably still have a few tricks in their box to spy on you. But, at least we shouldn’t make it easy for them. 99.5% of us are doing nothing wrong. Using the old “we need to know” have fallen very short in recent years. When it has been shown that attacks have taken place in FULL view of them without needing any de-encryption software. All you are doing is increasing the Haystack of information. It ends up – ” that you can’t see the wood as the trees are in the way”.

First or all you need to stop using that thing called Google Chrome. You can still use all of the Google suite of packages if you must such as GMail, GDrive etc…etc and remember the saying “There is no such thing as a FREE lunch” They will be using the contents of your emails and communication to sell to the marketeers of the Corporate firms.

However, for those of you that wish to take back a bit of control you can download the current version of FireFox on your PC, Apple desktop or mobile and with a few simple tweaks stop quite a significant chunk on snooping in one swoop.

Download the Browser from Here (Opens another Page) So, allow it to.

Then download the package after accepting the T&C’s. Okay, so how many of you have actually read them? Well, we leave that to one side for now as this crew are Open Sourced and Commercially & Government Neutral. I’m sure they wouldn’t mind a contribution to help them in their work though. £ or $ amount would keep the lights on.

Once you have downloaded the package and installed it. The computer will ask that you trust this which you should answer “Yes” as long as you clicked the link and didn’t search for the “Firefox” link. Yes, you know who you are tut tut.

Open the browser and then type the following into the place where you normally type the web address. Where the Https or Green lock appears.

about:config – then hit enter

You will be warned to turn back. But instead select “Accept the risk

Okay, don’t freak out or Panic if you are English! At the top of the browser page. You see a “Search with a Looking glass icon”

In there type the following. network.trr.mode – Do worry about the list reducing. It’s the browser trying to reduce the list dynamically. Once you have finished typing the about there should be only one line available to select.

Then double click the left hand button on the mouse. Then, when the dialogue box appears change the 0 to be 2. Then, select the “OK” button to confirm the change.

Now once you return to the original page. Remove the network.trr.mode text and replace it with the following “network.security.ensi.enable” by the time you have typed this in. You will only have one option to choose from. Double click on it with the left hand mouse and you will notice that the “Status” will change to Modified and the “Value” will have changed to True

Once you have finished the modifications you can visit this site below to check you’ve everything working correctly.

https://www.cloudflare.com/ssl/encrypted-sni/

Select “Run tests again” which will check out your browser. There are four tests on the page which should all be Green Ticks.

Remember these settings are only good for the Firefox browsing. Start using Chrome and Edge browsers and all bets are off on security.

Until we see you again. Enjoy your browsing again.

post

Tagware Crew goes to Future Decoded at Excel – Microsoft 2016 Server & Cloud

Microsoft Windows Server 2016 is on its way!

All the best bits were highlighted in another session I went to. One of the main ones was the Microsoft 2016 Servers ability to interact with TPM version 2.0. In a nutshell, this allows the ISP or Cloud provider to point to the owner should our friends NSA or GHCQ want to look at the server. Microsoft has nice sidestepped the issue of encryption. As with TPM 2.0 enable hardware. If, you can’t talk to the certificate holder for that hardware. Nothing is going to happen.  You can bounce in a pick up the Hard drive or the complete unit. Without the system being able to retrieve the certificate. Then, the whole lot is grounded. Wiping out any of the drives will just provide an encrypted drive that you cannot read on any system that cannot talk to its Security systems. Nicely, done there Microsoft. That should stop your friends in government putting you in an untenable position in terms of data security.

Dawson and I seem to think we were the only old plods left!

The young smiling face of youth. I remember when I was that bouncy! Secondly, that this Cloud stuff it is very busy and noisy by all accounts. I’m still waiting for Air Traffic control to come to a sort this mess out!

But, as I was walking around the show. I had a feeling that I got when I watched  Chitty chitty bang bang many years ago. When the Child catcher turns up with sweets and ice cream. All of which were free.

 

Until of course the cage is closed and the pretty decorations come down!

Don’t forget. If, you do set up on Cloud. Make sure that you can migrate away should you need to. Or, you may end up with a larger bill than the CIO was expecting.

Well, that’s me done for today.

As always. If you have a comment. Please feel free to do so.

When you see the little Key symbol you think you are safe?

Well, here we are again.

So you are login into the banks or Credit card. You made sure that you have the Key in the browser and you think you are safe?

Well, unfortunately, you are not. As most websites including Gmail, Cahoot, Tesco etc use the version 1.0 SSL.

http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

Trouble is this has been broken. So, you say oh dear. they will send out a fix. Well, the Fix has been out since 2006. But, the websites are somewhat in a chicken and egg problem.

As the normal browser including IE, Chrome, FF  etc are set at version 1.0. Although most can use 1.2 which is the most secure. If they did force you to use this level then quite a few of the commercial sites would refuse to work. :o( and of course the site would lose web traffic.

So, they decided to leave it. Now, of course, it is going to come and bite them. As they have left open a way for an attacker to high jacking the session. Trouble is, you will not know.

As you will turn up to the right website and be unaware of anything being wrong. You will see the lock in the browser and to the normal person. Everything would be fine.

So, my suggestion is to convince Google and other Search engines to rate the Websites positions by what SSL level they are using. So, the safe ones that use 1.2 are the ones that don’t.

Personally, I think you would then find a lot of websites migrating to the secure version. Which, then would make the site more secure the default standard. A quick tweak to the browser security settings and everyone would be using 1.2 in a short space of time. Then, the hackers would have to crack the 1.2. Which is going to be a lot more difficult.

The search engines then get the credit for providing a more secure internet. The banks have a very little excuse. They should have completed this upgrade many moons ago.

Well, that’s my point of view. What’s yours?

Thanks for reading.

David Vincent.