Blog‎ > ‎

Outlook, Onecoin, Atomicity, OWASP, SoftEther, SSTP, BBS, IPv6

posted Mar 17, 2018, 10:54 PM by Sami Lehtinen   [ updated Mar 17, 2018, 10:54 PM ]
  • Did more tests, it seems that Outlook is actually losing emails. I'll do some final configuration changes, and if that's still true. I have to change service provider. I got one idea why that's happening, but I need to dig a lot of logs through to see if that's really the cause. Two main suspects based on my experience are their spam filtering and SPF rules. This is also one of the reasons I didn't use spam filtering on my own mail server at all. Because there's no way to tell if something is spam or not. - Outlook seems to sometimes filter mails covertly, so that the sender nor the recipient gets any information about the filtration. - Sigh.
  • Outlook 2FA OTP login seems to be again failing exactly once, but second attempt always works. This is ridiculous engineering.
  • Read a few posts about Onecoin cryptocurrency (scam). Well well, future will tell. Luckily I'm not involved in anyway.
  • Had once again, long discussion how to handle atomic transactions (atomicity) correctly or as two phase commit, so there's always clear roll backward, roll forward separation with everything. It's surprisingly common, that programs do not work properly. Correctly written program can be aborted at any time, and restarted later and that shouldn't cause any problems. Same also applies to parallel instances. It shouldn't matter if there's one or billion instances running, the end result should be exactly same.
  • OWASP vuneralibities report 2017 included Unauthenticated API's. - No surprises there. It's quite common that only some parts of API are authenticated, and some other parts might completely lack proper authentication or rights management.
  • Studied SoftEther VPN - It's a nice free Open Source VPN solution, but currently I don't have any use case for it. The most beneficial feature is that it supports multiple protocols: SoftEther VPN Protocol, L2TP/IPsec VPN aka L2TP over IPsec, MS-SSTP VPN Protocol (PPP over HTTPS) and of course the very traditional OpenVPN Protocol over TCP/UDP. As example MS SSTP is really easy to use with Windows 10 workstations without installing additional clients, which makes it practically pretty handy. Also options to use bridging / routing are nice including IPv6.
  • This very nice BBS post - Reminded me from yet another configuration fail with one BBS. They had configured 60 minute user time limit / session. But the program used incorrectly DTE to DCE for time estimates and not DCE to DCE speed. Because I had 14.4k modem and the DTE to DCE speed was 115.2k I could hoard stuff to be downloaded for roughly 8 hours or even much longer, if connection quality was bad. This worked for quite a while, before I got locked out due abuse. Some data transfer applications also got the minutes remaining information from BBS system, so those would disconnect user, if download was taking too long. But most of systems didn't do that. Another way to hog down the system for very long times, was to upload something. Most of systems didn't enforce time limits on uploads. So you could first download and then upload for a long time. Of course this was beneficial to the BBS because that's the way systems got the content they were providing to users.
  • Lack of IPv6 addresses. - Say what - Yes. Some ISPs provide just one /64 per customer. At home, I'm using Telia 6rd and I've got several separated networks here. The key to dealing with that is the router which you're using. There are several ways to make work-a-rounds like you said. Depending what kind of router you're using, you can configure it in many more or less annoying ways. My current configuration is based on packet filtering. Technically I've got just one /64 as you said. But it's split to several independent networks using filtration. All of the ports are on same /64 but DHCPv6 assigns different address ranges to the ports and intra port traffic is limited by firewall rules. So yes, it's horrible kludge, but it works. Other things I've tried, is using smaller subnets with DHCPv6.  As well as manual (static) configuration, which worked well with almost any subnet smaller than /64. Also tried software filtration on router so that each devices gets only /128 and all traffic passes via router. - Once again, not optimal, especially if you've got fast network and bad router. On first time building the setup I literally spent a few weeks swearing and wondering what's broken and how. But at the moment, everything is good. (knock knock) At work I've naturally got /48 and there I've done the configuration just as everyone would expect it to be. Splitting that /48 to /64 subnets.