Blog‎ > ‎

Aurora, Ethereum, Tor, 3DXM, Security, TKIP/RC4, Hosting, OpSec, QUIC, FireChat

posted Aug 1, 2015, 9:45 PM by Sami Lehtinen   [ updated Nov 1, 2015, 5:28 AM ]
  • TeliaSonera (Sonera, Telia) confirmed that they'll be building Finland's largest data center at Pitäjänmäki. Which is open to customers for co-location, etc. It'll be located about 200 meters from where I'm currently working.
  • Checked out Amazon Aurora - Amazon's blog post about Amazon Aurora - Yet I don't have currently any use for it.
  • Checked out Ethereum and read Ethereum White Paper and Ethereum Developer Tutorial - I've been having bit similar thoughts about OpenBazaar and Smart Contracts.
  • Checked out Augur - A decentralized future of prediction markets? At one point I was very interested about prediction markets.
  • Checked out EtherX - A fully decentralized cryptocurrency exchange, of course based on Ethereum.
  • Checked out OnionCat - It's an IPv6 VPN over Tor or I2P network. Allowing location privacy and strong security and defeating IP spoofing. It's excellent too for maintaining anonymous servers on the net. Which are hard to track back to the real administrators.
  • Reminded my self about some Tor  stuff: node types, directory authority, guard, middle, exit, relays, fast, stable, hsdir, v2dir, valid, flags, consensus algorithm, authority operators, padding, 3des, cipher suites, AES, padding, cells, certs, authenticate, authorize, TAP, ntor, curve25519, ECDH, pluggable transports, signatures, usage statistics, qunite items, GeoIP digest, bandwidth and stream counts, keepalives, path selection, rendezvous point relay, attacker, probability, random, math, network and user traffic profiling, fingerprint attacks, traffic correlation and confirmation attacks, countermeasures, bandwidth scanner, load balancing, proportional-integral-derivative controller, bridges, censorship, recurring, obfs3, obfs4, scramblesuit, fte, meek, bananaphone, stegotorus, skypemorph, dust, dust2, dlopd, sshproxy, git, generates random bytes and traffic patterns, randomizes packet sizes & timings, Format Transforming Encryption (FTE), Deep Packet Inspection (DPI) evasion, Markov Chains, maps data to text, Stegotorous, splits data over multiple paths and makes those look like HTML/JS/PDF etc, collateral freedom (meek), Flash Proxies, faciliator, intermediator, middle man, hidden services, introduction points, random value, nonce, cookie, CTR, Public Key, Encrypted, ephemeral single-use public key, traffic correlation, recognize traffic signature, HTTPS Everywhere, NoScript, Reproducible Builds, protocol improvements, directory mirrors, Post-Quantum Key Exchange, revocation keys. Hidden Services 2.0 will implement new much longer .onion addresses, that's wonderful, ring location randomization, directory authority voting, correlation attacks, entrance traffic and exit traffic, dragnet data collection. It was a good read.
  • What was new to me in that latest Tor spec? A new longer addresses, Post-Quantum Key Exchange and BananaPhone were new stuff to me. Otherwise everything was pretty much old stuff and known or 'obvious' development, like kicking DHE and replacing it with ECC. It seems that I'll have to read this separately. Actually the BananaPhone was something I've been thinking about too. Hiding encrypted data into English text, so it's text Steganography.
  • I used hidden service to access some servers (administrative) at one point. But after all I felt it's not a good idea and dropped that project.
  • Just as general comment. Many of this tech stuff is getting really deep. Unless you'll study it continuously and update your information monthly, it can take months of years to catch up!
  • 3D Xpoint memory - Yet another storage layer to be added to multi-tiered storage system. So cpu registers, cpu cache (multiple layers, at least 2x), ram, ramdisk, xpoint memory, ssd, hdd. That's quite a chain of different technology layers for data to flow through.
  • Feeling so tired about how bad Microsoft Server operating systems are. Those got constant DoS (Denial of Service) issues with Remote Desktop Service / Protocol (RDS/RDP) and they're doing nothing to fix it. Issue has persisted for several years with multiple Windows Server versions. Extremely annoying, causing unplanned random system boots because Windows is just so much fail. - This is my personal honest opinion.
  • "No one can hack my mind" Comparing expert and non-expert security practices [PDF] - This is just so awesome. It clearly how differently experts vs normal users think about security.
  • "All Your Biases Belong To US" Breaking RC4 in WPA-TIKIP and TLS [PDF] - Excellet paper about Wifi (RC4/TKIP) hacking and fails of RC4 + IVs.
  • A few sites I want to share with you: https://www.privacytools.io/ and http://www.infosecindustry.com/ those are excellent information and news sources.
  • I did read more stuff about Docker and played a bit with it. Yet as said, I don't (yet) see any use for it. But it's just like ready virtualbox images, there might be use it for it. But it's probably not needed in daily user. As well as discussed issue with development, staging and production environment differences and how docker could help in that field.
  • Actually some of the interesting projects overlap nicely. Outernet (Satellites) will be complement and over lapped by Project Loon (Balloons) which will be overlapped by Titan platform (Plans) and when there's network coverage then Internet.org by Facebook can be delivered to users for free. Awesome and nice. I completely agree with this stuff, if it's free, then you can't whine about net neutrality. If you want free access to all content, feel free to pay for it.
  • Studied Google QUIC Experiments [PDF] document - Providing 0 RTT and 1 RTT at times (~25%) connectivity. Also reminded my self about RENO and CUBIC differences. TCP congestion-avoidance algorithm - https://en.wikipedia.org/wiki/TCP_congestion-avoidance_algorithm - Also reminded my self about TCP timestamps and PAWS (TCP Sequence number wrapping).
  • Played a little with crunch, airmon-g, airodump-ng, aircrack-ng, reaver and other standard WIFI / WLAN hacking & cracking stuff.
  • Studied High-speed Onion Routing at the Network Layer (HORNET) [PDF] - After quick reading, some of the claims sound bit far fetched without technical proof. Also it doesn't protect against the confirmation and correlation attacks, duh. As well as 'high speed' is more linked to node speed than the actual platform. Coded in Python, hmm. Isn't that 'computationally' expensive? It depends, there's so many things you could speculate about based on that paper alone.
  • Have been doing some comparisons between OVH, Hetzner, UpCloud, Sigmatic and Capnova about hosting solutions. I'll write more about this bit later. Google Compute Engine (GCE) also offers three zones in St. Ghislain, Belgium.
  • Had long discussions with friends how beneficial IPv6 is compared to IPv4. Without NAT there's no more need for  constant keep-alive traffic things work as they were supposed to work, before Internet got broken. True stateless connectivity available and so on. That's wonderful!
  • OpSec is really hard for most of people. It's practically impossible to get them to follow any reasonable OpSec procedures. As example: What kind of moron first creates a message draft on Gmail, writes it there. Then encrypts it using PGP and send it? Aww double Aww... Didn't he/she realize that the Gmail is going to store the unencrypted draft version too?
  • Checked out Helion Energy - Hmm, lots of promises, light on details, but where's the deliverable? Yep, it would be nice to have fusion reactor in mobile phone so it wouldn't run out of power in next 10 years. Some how reminds me from SCRAM jet engines . What could be simpler than SCRAM jet? Yet it seems to be pretty hard.
  • Wondered new version of FireChat. Yet my thoughts are: I would prefer combining different networking technologies, because mesh and flood casts got serious inherent problems. I would only relay messages on mesh network to reach "a better connected node" and try to optimize routing. So use Internet if avail, if not, then try to find path to the recipient or Internet. Both ends could of course have a 'mesh' relay network but the primary path between relay networks could be Internet. This would help in many cases, if one operator is out or so on. There's still somebody with connectivity which you can use to piggyback. Yet keeping system efficient without using too much store and messaging for updating forward & routing tables can be a quite interesting challenge. -> Leads to lot of 'administrative / management / control traffic' -> consumes resources -> Not something you want to run on mobile. - Yet we often do something similar when traveling in group. We get one local prepaid with data plan, and then just tether rest of users to it. Computing OSPF tree isn't a light task for a mobile device in a large network. Using Internet gateways would also limit the size of mesh network that needs to be kept known and routable.
  • SMTP was great when it was open, nowadays it seems that email deliverability is really sucking. There are so many systems which refuse to handle email based on multiple reasons. Basically email isn't a generally working solution any more.
  • Windows 10 is taking the snooping of users to new levels or should we just say to the norm of today. All your data are belong to us.
  • This Akamai GNET CDN interactive map is just beautiful.
  • Studied DO-178B standard. - Gives great example how software can be more reliable. But usually customers don't want good software, they want cheap software and fast.
  • Read A look inside Google's Data Center Networks - They're using Jupiter Network with Jupiter Fabrics. Software Defined Networking (SDN), Andromeda.
  • Checked out meta coin and colored coins. These can open so many interesting possibilities in future. Yet I don't like some examples. Like in case of Namecoin, they give example that people could get names like 'George' based on first to come policy. Lol. Everyone knows where that leads to. Immediately when names are globally shared and unique all the good ones are taken. So instead of 'George' you'll end up with 'georgeb-882' or something similar, which isn't so fun anymore. There has been long discussions why people utilize so lame and limited name spaces.
  • Studied VVER reactor design and benefits of heavy water reactors.
  • Studied Bitcoin Thin Client Security and Simple Payment Verification (SPV) protocol.