I setup yesterday IPv6 via 6to4 with tunnel from Hurricane Electric.
It just works. I still have to do some tweaks like as I am using a dynamic IP, the tunnel will go down when my IP changes. I also need to do a couple of other minor things. It was interesting to see that my local squid running on IPv4 was actually forcing my browser to go out via IPv4… oops.
But I like it and I will do more with it. My aim is to focus primarily on IPv6 at home, ie. that clients only connect by IPv6 – when they can. I am sure, that my network printer doesnt know anything about IPv6.
Ok. Next stop DNSSEC.
I have to admit, I have never used Google Reader for reading online RSS. No, and I dont want to go into details here.
I am a happy user of Tiny Tiny RSS. Andrew Dolgov released on the 21st of December version 1.5.0. A fancy AJAX interface lets you browse and read your RSS feeds – even the keyboard is fully supported. On Andrew’s website you will find a forum where you can contact the author directly and I promise you, you will get timely responses.
A new version of the Core Rule Set (CRS) for ModSecurity was release a couple of days back. I wanted to blog about it, as I find the changes to the previous version 2.0.9 are quite amazing, but I did not find the time to do that. So here is my list what I really find amazing:
- Checks whether cookies are marked as http only or as secure when they came down the wire via https and throws a warning.
- Helps mitigiting against the slow HTTP POST attack.
- Helps mitigitating against DoS attacks – I wonder how that works, as it is still handled at the application layer, at least at protocol level.
- Flags up requests where a CSRF tag is expected – I did not look into this at all what this is exactly, I only see occasionally some errors popping up – when a dodgy client is accessing the site.
I think the folks at modsecurity/Trustwave have done a good job again. My feeling is that ModSecurity makes really good progress as an application firewall (even though I dont like that term, “protocol enforcer” would be better suitable).
Btw, with version 2 ModSecurity also supports now not only ingress filtering, it also has some egress filters in place, for example blocking “Directory Listings” pages to name the most famous one.
It is worth to have a look at their blog at here, which discusses certain hardcore topics from time to time, at the time of writing they have an article about “Credit Card Tracking” online, so another egress filter.
I had it on my list “to look at” for a long time and finally I found some time to look at this. TrueCrypt gives you the ability to either create an encrypted partition, or to create a file on any partition which contains an encrypted filesystem aka “Container”. So far the theory then.
I was a bit sort-of excited. I had some experience with dm-crypt on Linux and EcryptFS on Ubuntu. … If you check out the documentation on their website, you will see that there is nothing to be excited about. I mean, I expected something fairly complicated to setup and use and so forth, but no – it was just working out of the box. Download the package, execute the install script and run “truecrypt”, what does everything for you. The documentation btw. is excellent.
I am using at the moment the Container feature, it works well. What I like is the only binary “truecrypt” is doing all the heavy lifting. It serves as a wizard and it is also used when mounting a container. Very well done folks, it cannot be better integrated.
I am using it only on Linux, but it should be easily possible to access your encrypted container/partition from other operating systems as well.
PS: I read somewhere that newer version of TrueCrypt should be supporting YubiKey as well…