In the last week at Blackhat / Defcon two groups looked deeply at one of the lesser known implementations of network policy called Proxy Autoconfig. (In particular, badWPAD by Maxim and Crippling HTTPS with unholy PAC by Safebreach.) Proxy AutoConfig (PAC) is a mechanism used by many organizations to configure an advanced policy for connecting… Continue reading Watch your PAC
I’ve started to dive once again into the mess of connection establishment. Network address translation (NAT) is a reality today for most Internet users, and poses a significant hurdle in creating the user-user (or peer-peer) connections. NAT is the process used by your router to provide multiple internal (192.168.x.x) addresses that are all only visible… Continue reading Stunning
I’m excited to present Satellite, a network measurement project I’ve been working on over the last couple years, at USENIX ATC next month. Satellite takes a look at understanding shared CDN behaviors and automatically detecting censorship by regularly querying open DNS resolvers around the world. For example, we can watch the trends in censorship in… Continue reading Satellite
At the 2015 Chaos Communication Congress, Florian and Niklaus presented an analysis of Red Star OS 3.0, the system which leaked online a year ago. In their talk they provide technical backing for several observations about the system which have gained some press attention. The first is that the Operating System is designed without obvious… Continue reading Contextualizing RedStar OS
I started running a public sp3 server today. It’s a small side-project I’ve hacked together over the last couple weeks to make it easier for people to play with packet spoofing. The server works similarly to a public proxy, but with the trade-off that while it won’t send high-volumes of traffic, it will allow you… Continue reading SP3
I had the privilege last week of talking at the 32nd Chaos Communication Congress about the state of Internet Censorship in 2015 and the major developments in blocking and measurements last year. The talk is now online and available for streaming. It’s meant as a primer on the topic, and to show the growing normalization… Continue reading Internet Censorship
I’ll be presenting next week at 32C3 on the state of Internet access, transparency, and measurement. Lots of the work is done each year on measuring and learning about the state of access, but this phenomenon with growing relevance to many countries is poorly publicized. Much of this is a fear that being too public… Continue reading The state of Internet Censorship
The Internet Engineering Task Force, the multi-stakeholder organization which shepherds the standards process for many of the technologies used on-line, is continuing to evolve that process. Protocol standards are already expected to include discussions on their security and privacy implications, in order to force an explicit conversation on those issues and hopefully encourage the development… Continue reading IETF and the HRPC working group
I’ve begun to transition this site to use Lets Encrypt! for signing of SSL. Because the site has specified an HPKP previously, a transition period is needed where clients can see the old certification signing the intention to transition to the new certification.
That process has started, and the full transition will happen in a couple months. The good news is that the letsencrypt setup process was otherwise painless.