Connect team members from anywhere in the world on any device.

ZeroTier creates secure networks between on-premise, cloud, desktop, and mobile devices.

It Just Works

• ZeroTier combines the capabilities of VPN and SD-WAN, simplifying network management.

• Enjoy flexibility while avoiding costly hardware vendor lock in.

• SPEED ⏁ Set up ZeroTier in minutes with remote, automated deployment.

• FLEXIBILITY ⏁ Emulates Layer 2 Ethernet with multipath, multicast, and bridging capabilities.

• SECURITY ⏁ ZeroTier’s zero-trust networking solution provides scalable security with 256-bit end-to-end encryption.

The biggest hack since Russia’s war began knocked thousands of people offline. ///

Bricked modems

Outline is a free service for reading and annotating news articles. We remove the clutter so you can analyze and comment on the content. In today's climate of widespread misinformation, Outline empowers readers to verify the facts.

Votes:
93 ISPConfig
82 Webmin
73 Vesta
-- Virtualmin
-- plesk onyx

Virtualmin is a powerful and flexible web hosting control panel for Linux and BSD systems. Available in an open-source community-supported version, and a more feature-filled version with premium support, Virtualmin is the cost-effective and comprehensive solution to virtual web hosting management. And, Virtualmin is the most popular and most comprehensive open-source control panel with over 150,000 installations worldwide.

Free and Paid support

opensource & free web hosting control panels

Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing and much more. Webmin removes the need to manually edit Unix configuration files like /etc/passwd, and lets you manage a system from the console or remotely. See the standard modules page for a list of all the functions built into Webmin.

A lone U.S. hacker who goes by the handle “P4x” is claiming responsibility for shutting down the entire North Korean internet twice last month.

The anonymous hacker says that he was taking revenge for a North Korean cyberattack on Western security researchers carried out by North Korean spies last year. He says he was frustrated by the lack of response from the U.S. over the attack and decided to take matters into his own hands.

https://www.wired.com/story/north-korea-hacker-internet-outage/

It’s doubtful that P4x’s actions had any effect on the North Korean state or government. Only a tiny fraction of their people have access to the internet. And the hackers that disrupted P4x’s work on security systems, for which he was exacting revenge, are probably not even located in North Korea. They are probably based in China, where Beijing has its own cyber warfare group, PLA Unit 61398.

Nevertheless, striking a blow against America’s enemies is always welcome — no matter where it comes from.

the security of the Chrome saved passwords depends totally on the user:

• Use a very strong Windows account password. Keep in mind, there are utilities which can decipher Windows passwords. If someone gets your Windows account password then they have access to your saved browser passwords.
• Protect yourself from malware. If utilities are able to easily access your saved passwords, why can’t malware?
• Save your passwords in a password management system such as KeePass. Of course, you loose the convenience of having the browser auto-fill your passwords.
• Use a 3rd party utility which integrates with Chrome and uses a master password to manage your passwords.

For user convenience, web browsers store the account and password entered into the login form when the user visits a website and provide the feature to enter them automatically upon revisiting. The password management feature is enabled by default on Chromium-based web browsers (Edge, Chrome).

Figure. Chrome pop-up suggesting to save password
The information entered when logging in is saved to the Login Data file via the password management feature.

Chrome C:\Users\<User name>\AppData\Local\Google\Chrome\User Data\Default\Login Data
Edge C:\Users\<User name>\AppData\Local\MicrosoftEdge\User\Default\Login Data

Login Data is an SQLite database file, and the account and password information are saved to the logins table. In addition to accounts and passwords, the time saved, URL of the login site, and the number of times of access is saved to the logins table.

If the user refuses to save account and password information of a site, in order to remember this, the blacklisted_by_user field will be set as 1, the username_value and password_value fields will not have accounts or passwords, and only the origin_url information is saved to the logins table. //

– Collecting and stealing information saved to browsers
– Login account and password
– Cookies
– Autofill
– Credit card information
– Browsers targeted for attack
– All Chromium-based browsers
– All Gecko-based browsers
– Cryptocurrency wallet information
– Seed file saved to the system

Browser detection using the user agent

Serving different Web pages or services to different browsers is usually a bad idea. The Web is meant to be accessible to everyone, regardless of which browser or device they're using. There are ways to develop your website to progressively enhance itself based on the availability of features rather than by targeting specific browsers.

But browsers and standards are not perfect, and there are still some edge cases where detecting the browser is needed. Using the user agent to detect the browser looks simple, but doing it well is, in fact, a very hard problem. This document will guide you in doing this as correctly as possible.

Note: It's worth re-iterating: it's very rarely a good idea to use user agent sniffing. You can almost always find a better, more broadly compatible way to solve your problem!

Imagine being able to disconnect or redirect Internet traffic destined for some of the world’s biggest companies — just by spoofing an email. This is the nature of a threat vector recently removed by a Fortune 500 firm that operates one of the largest Internet backbones. //

For a long time, any changes to an organization’s routing information with an IRR could be processed via email as long as one of the following authentication methods was successfully used:

• A password is added to the text of an email to the IRR
• The requestor signs the email containing the update with an encryption key
• The requestor sends the record changes in an email to the IRR, and the authentication is based solely on the “From:” header of the email.

Of these, MAIL-FROM has long been considered insecure, for the simple reason that it’s not difficult to spoof the return address of an email. And virtually all IRRs have disallowed its use since at least 2012, said Adam Korab, a network engineer and security researcher based in Houston.

All except Level 3 Communications, a major Internet backbone provider acquired by Lumen/CenturyLink.

“LEVEL 3 is the last IRR operator which allows the use of this method, although they have discouraged its use since at least 2012,” Korab told KrebsOnSecurity. “Other IRR operators have fully deprecated MAIL-FROM.”

Importantly, the name and email address of each Autonomous System’s official contact for making updates with the IRRs is public information. //

Lumen told KrebsOnSecurity that it continued offering MAIL-FROM: authentication because many of its customers still relied on it due to legacy systems. Nevertheless, after receiving Korab’s report the company decided the wisest course of action was to disable MAIL-FROM: authentication altogether. //

While it’s nice that Lumen is no longer the weakest link in the IRR chain, the remaining authentication mechanisms aren’t great. Claffy said after years of debate over approaches to improving routing security, the operator community deployed an alternative known as the Resource Public Key Infrastructure (RPKI).

“The RPKI includes cryptographic attestation of records, including expiration dates, with each Regional Internet Registry (RIR) operating as a ‘root’ of trust,” wrote Claffy and two other UC San Diego researchers in a paper that is still undergoing peer review. “Similar to the IRR, operators can use the RPKI to discard routing messages that do not pass origin validation checks.”

However, the additional integrity RPKI brings also comes with a fair amount of added complexity and cost, the researchers found. //

Dave
November 26, 2021

The problem with RPKI as a security mechanism is that they handed the problem of securing BGP over to a bunch of X.509 fanboys, and so the result was something that looked suspiciously like X.509…. no, I stand corrected, it is X.509. It’s an attempt to use an X.509 certificate in a way that was never designed for, combined with the mass of other problems that make X.509 such a joy to use.

“The East India Company was no apparition though; it was the template for many subsequent corporations […] Liberals betray themselves […] the moment they turn a blind eye to this kind of hyper-concentrated power. […] This is why trading in apples does not come even close to trading in shares. Large quantities may produce, at worse, lots of bad cider, but large amounts of money invested in liquid shares can release demonic forces that no market or state can control.”
― Yanis Varoufakis, Another Now: Dispatches from an Alternative Present

Built of cobbled hubris and copied code we sail a vast uncharted ocean of extremely hungry sharks, no “plan” at any point but sink or swim, and no rudder. Greater speed the only virtue and destination. You can imagine how it goes, when it does. The looks on people’s faces in the inconvenient reality. Wherever this course leads, faster. More coal to the boilers now. Release date approaches.

EduPak replaces rote teaching with the spark of modern technology.

We use a media storage device (Synology DS218+ w/ 2x 2TB HDD) and wireless technology to stream thousands of videos to any wifi enabled device. All tablets, cell phones, laptops and desktops that have wifi access can access our media storage device that delivers thousands of educational videos ///

[compare with RACHEL (worldpossible.org) ]

Simplest Guide for Squid SSL Bumping //

“📢 Reader Alert❗If you are using an uncapped Internet package, probably this might not be your cup of tea ☕️…”
If you are still interested, hold my beer 🍺 I am going to tell you how to save your data ( and ofcourse money ! 💰). Your savings are proportional to your repeatable web behavior.

This collection contains selected historically important software packages from the Internet Archive's software archives. Through the use of in-browser emulators, it is possible to try out these items and experiment with using them, without the additional burdens of installing emulator software or tracking down the programs.

Well, the Internet Apocalypse came and went! Due to the recent expiration of the Let's Encrypt intermediate and root certificates, I saw more widespread issues than I was expecting, but on different devices and for different reasons than I thought. Let's take a look at what happened and why. //

many people look at that and think how can it be so fragile or so simple to totally break stuff?

One thing that's certain is that this event is coming again. Over the next few years we're going to see a wide selection of Root Certificates expiring for all of the major CAs and we're likely to keep experiencing the exact same issues unless something changes in the wider ecosystem. //

https://expired-r3-test.scotthelme.co.uk/

The operator of the Wayback Machine allows Wikipedia's users to check citations from books as well as the web. //

Wikipedia is the arbiter of truth on the internet. It's what settles arguments at bars. It supplies answers for the information snippets you see on your Google or Bing search results. It's the first stop for nearly everyone doing online research.

The reason people rely on Wikipedia, despite its imperfections, is that every claim is supposed to have citations. Any sentence that isn't backed up with a credible source risks being slapped with the dreaded "citation needed" label. Anyone can check out those citations to learn more about a subject, or verify that those sources actually say what a particular Wikipedia entry claims they do—that is, if you can find those sources.

It's easy enough when the sources are online. But many Wikipedia articles rely on good old-fashioned books. The entry on Martin Luther King Jr., for example, cites 66 different books. Until recently, if you wanted to verify that those books say what the article says they say, or if you just wanted to read the cited material, you'd need to track down a copy of the book.

Now, thanks to a new initiative by the Internet Archive, you can click the name of the book and see a two-page preview of the cited work, so long as the citation specifies a page number. You can also borrow a digital copy of the book, so long as no else has checked it out, for two weeks—much the same way you'd borrow a book from your local library. (Some groups of authors and publishers have challenged the archive's practice of allowing users to borrow unauthorized scanned books. The Internet Archive says it seeks to widen access to books in “balanced and respectful ways.”)

So far the Internet Archive has turned 130,000 references in Wikipedia entries in various languages into direct links to 50,000 books that the organization has scanned and made available to the public. The organization eventually hopes to allow users to view and borrow every book cited by Wikipedia, with the ultimate goal being to digitize every book ever published.

“Our goal is to be a library that’s useful and reachable by more people,” says Mark Graham, director of the Internet Archive's Wayback Machine service. //

Of course, the Internet Archive hasn’t scanned all the books cited by Wikipedia yet. It’s working hard to digitize collections from libraries around the world, along with donations from companies like Better World Books. Graham says the organization scans more than 1,000 books per day. But it has plenty more work to do.

Earlier this year Chrome developers decided that the browser should no longer support JavaScript dialogs and alert windows when they're called by third-party iframes. //

When the web developer community finds out Google is going to break a ton of websites through a tweet, you know communication has failed. But there was a follow-up tweet that's actually far more disturbing than the news of alert() disappearing.

The tweet comes from Chrome software engineer and manager Emily Stark, who is of course speaking for herself, not Chrome, but it seems safe to assume that this thinking is prevalent at Google. She writes: "Breaking changes happen often on the web, and as a developer it's good practice to test against early release channels of major browsers to learn about any compatibility issues upfront." //

First, she is flat out wrong – breaking changes happen very rarely on the web and, as noted, there is a process for making sure they go smoothly and are worth the "cost" of breaking things. But second, and far more disturbing, is the notion that web developers should be continually testing their websites against early releases of major browsers. //

Web developer and advocate Jeremy Keith points out something else that's wrong with this idea. "There was an unspoken assumption that the web is built by professional web developers," he writes. "That gave me a cold chill."

What's chilling about the assumption is just that, it's assumed. The idea that there might be someone sitting right now writing their first tentative lines of HTML so that they can launch a webpage dedicated to ostriches is not even considered.

What we are forced to assume in turn is that Chrome is built by the professional developers working for an ad agency with the primary goal of building a web browser that serves the needs of other professional developers working for the ad agency's prospective clients. //

As Keith points out, this assumption that everyone is a professional fits the currently popular narrative of web development, which is that "web development has become more complex; so complex, in fact, that only an elite priesthood are capable of making websites today."

That is, as Keith puts it, "absolute bollocks."