Email Part 2 (Part 3): Ensuring Privacy, Integrity and Authenticity

In Part 2 (which is actually Part 3 just to be confusing) we look at how to secure the 40-year-old email standard and how to secure the three main security problems associated with the world's favourite alternative to an envelope and stamp or facsimilie machine and screaming phone tones.

Email - Your Biggest Security Vulnerability

Email.  Most probably your biggest security vulnerability that you didn't know about.

Email is ancient.  The core of how email works and how your email is transported from you to it's recipient was designed nearly 40 years ago, in 1982 (SMTP - RFC821).  It relies on your email being transported around in plain text from server to server in a manner you have no control over.

Guide To GPG And Other New Pages!

With Security Saturday and Shutdown Sunday appearing yet again, I thought that any updates or new pages or announcements or any of that malarkey can just go on here.  Just one post for all the pages, not a new post per page, d'ja'ge'me, yeah?

So, check out my Shit Guide To GPG, now a live page floating around like some shitty floater...

Public And Shared Keys Page

I've added a static page to this where public PGP keys, public SSH keys and all the like can get added in one ungainly, unordered list.

NFC Tags

NFC tags. They're kinda cool for about 5 minutes... About the only useful things I found are detailed below.  This post is because I've thought of a new one to add!

Fact-Up Friday:You've Been Hacked - No Joke

Your computer/phone/tablet has been hacked.  All of the data on it is available to the hackers, they can listen to your calls, read your texts, emails, see your web browser history, take control of your camera/microphone... This is not a "what if" scenario - this actually applies to YOU.

Techie Thursday: SSH Tunnelling

One of SSH's coolest (IMHO) features is it's ability to transparently tunnel TCP packets.  In fact, it can tunnel IP datagrams over TCP, but that's one for another day.  This looks at SSH's TCP port forwarding ability, and how you can use it to set up secure, fully encrypted point-to-point links between machines (or entire networks) in physically different locations on different networks.

Make your own Air Traffic Control RADAR

Ever wondered where that plane high above your head was going? Ever wondered who the annoying little propellor plane belonged to that keeps doing Top Gun-esque fly-bys of your house? Wonder no more with your own Air Traffic Control RADAR system!

Turing gets his mug on a Nifty, but no Colossal Flowers

I think it's superb news that Sir Alan Turing has been chosen for the face of the new £50 note.  While Turing developed the electromechanical Bombe first used in Poland, he did not design and build Colossus.  Colossus was designed and built by a man from the General Post Office, a man who dreamed of one day having a telephone exchange that was fully automatic with an electronic machine replacing the many human ears and hands and plug boards and wires.  This man was Tommy Flowers.

Use TOR to create your own secure "cloud" drive

With everything seeming to be going back to much more of a 1970's style of network computing in terms of where the power lies in relation to the client/server, and the seeming need and demand for always-accessable network attached storage, I wanted something that wasn't owned by Google where I could store various things like PGP keys, system scripts and other assorted crap that would be handy to have.  I also wanted to be able to add to this non-Google-owned-thing.

Bournemouth featured on new UK passport

I recently renewed my passport, and whilst flicking through it I saw something that looked slightly familiar... It seems Her Majesty's Passport Office has decided Bournemouth is so awesome it deserves it's own double page spread:

Using TOR to provide remote access to anywhere

One of TOR's most useful features for the sysop/sysadmin is it's ability to forward not just web traffic but any TCP port.

Google Drive integration on Linux

Now, I'm in the I.T. minority - I actually use a linux desktop (anyone who knows me know that I hate Micro$oft with a passion, and won't touch even pirated copies of their overbloated insecure counter-intuitive standards-breaking non-rfc-compliant pile of pirated code that they laughingly call an "operating" system).

Add a Full Screen toggle to Quick Settings Menu

I was getting really pissed off with Google Chrome (and other apps) and it's lack of a "View Fullscreen" option like you get on desktop versions (as opposed to Android).  I mean, FFS, surely the option to go fullscreen is much more important when your screen is 2" wide as opposed to 42"... Screen real-estate is at a bloody premium.

I saw some solutions, ranging from buggering about with installing hacky-kludgy apps to modifying each app through ADB.

In the end, I turned to good old TASKER again for a simple and elegant solution that requires no rooting or anything like that, just TASKER, AutoTools Secure Settings plugin and AutoNotification.

Just click on "Immersive Mode" and the menubar, status bar and soft keys (if you have them) will disappear leaving you fully full fully screeny.  Click on Immersive Mode again and 3,2,1 you're back in the room.  Neat.  Links and instructions to follow.

What's in me blog?

I thought I might keep a record of some of the crap I get up to.  I'm sure it'll bore the hell out of most people, but this blog isn't really for most people.  It's mostly about situations when I've had some piece of technology or program or similar that hasn't really done what I've wanted it to, or it has done what I've wanted but I now want to see what else it can do. It's about breaking technology to create technology. It's about hacking, in the old/new/old sense of the word.

And that's it. Mostly. It might also contain little snippets or how-tos of simple things that I find either extremely cool or extremely useful.

Peace out, y'all.