From f1ddd0b8926495d031abd74d5af11cc9238de46a Mon Sep 17 00:00:00 2001 From: samsepi0l Date: Sun, 10 Dec 2023 02:18:15 +0100 Subject: [PATCH] Fix typos (#188) --- content/posts/android/Android Tips.md | 4 ++-- .../Banking Applications compatibility with GrapheneOS.md | 2 +- content/posts/android/F-Droid Security Issues.md | 2 +- content/posts/knowledge/Badness Enumeration.md | 2 +- content/posts/knowledge/FLOSS Security.md | 2 +- content/posts/knowledge/Multi-factor Authentication.md | 4 ++-- content/posts/knowledge/Threat Modeling.md | 2 +- content/posts/linux/Desktop Linux Hardening.md | 2 +- content/posts/linux/Securing OpenSSH with FIDO2.md | 2 +- content/posts/qubes/Using Lokinet on Qubes OS.md | 2 +- content/privacy.md | 4 ++-- 11 files changed, 14 insertions(+), 14 deletions(-) diff --git a/content/posts/android/Android Tips.md b/content/posts/android/Android Tips.md index a9dc1ad..0483ce5 100644 --- a/content/posts/android/Android Tips.md +++ b/content/posts/android/Android Tips.md @@ -221,7 +221,7 @@ The Advanced Protection Program provides enhanced threat monitoring and enables: In the past, Android security updates had to be shipped by the operating system vendor. Android has become more modular beginning with [Android 10](https://www.android.com/android-10/), and Google [can push security updates](https://blog.google/products/android-enterprise/android-10-security/) for **some** system components via the privileged Play Services. -If you have an EOL device shipped with Android 10 or above (shipped beginnning 2020), you may better off sticking with the stock OS in the short term as opposed to running an insecure alternative operating system. This will allow you to receive **some** security fixes from Google, while not violating the Android security model and increasing your attack surface. You should still upgrade to a supported device as soon as possible. +If you have an EOL device shipped with Android 10 or above (shipped beginning 2020), you may better off sticking with the stock OS in the short term as opposed to running an insecure alternative operating system. This will allow you to receive **some** security fixes from Google, while not violating the Android security model and increasing your attack surface. You should still upgrade to a supported device as soon as possible. ### Disable Advertising ID @@ -258,6 +258,6 @@ This is not without its caveats: - The Google Fi app needs to be installed in the owner profile for SIM/eSIM activation. - Google Fi Wi‑Fi calling does not work behind a VPN with the killswitch enabled in the owner profile. -If you are living in the United States and use the stock operating system, I highly recommend using Google Fi as the carrier to take advantage of the end to end encrypted calls and Fi VPN. Pixel 4 and bove users will benefit the most from the VCN as mentioned. +If you are living in the United States and use the stock operating system, I highly recommend using Google Fi as the carrier to take advantage of the end to end encrypted calls and Fi VPN. Pixel 4 and above, users will benefit the most from the VCN as mentioned. If you are using GrapheneOS and do not mind installing Sandboxed Play Services, Fi is still a better option than to other providers thanks to Google's general good security practices and the fact that you can enroll in the Advanced Protection Program to have much better protection for your account. Some other provides do not even have multi-factor authentication support, and most will not let you enforce FIDO2 as the authentication method. diff --git a/content/posts/android/Banking Applications compatibility with GrapheneOS.md b/content/posts/android/Banking Applications compatibility with GrapheneOS.md index 3fc10b4..8c8b921 100644 --- a/content/posts/android/Banking Applications compatibility with GrapheneOS.md +++ b/content/posts/android/Banking Applications compatibility with GrapheneOS.md @@ -17,7 +17,7 @@ First time visitors here should read the official usage guide on [banking apps]( **Important**: [SafetyNet is being replaced by Play Integrity API](https://akc3n.page/posts/banking-app-issues/#safetynet-replaced-by-play-integrity-api) and may cause your banking app to suddenly stop working after an update. -> _**If your newly installed banking app aborts at first launch or suddenly stops working after your app updates, then you should try one of these [possible work around solutions to resolve the compatibiity issue](https://discuss.grapheneos.org/d/8330-app-compatibility-with-grapheneos).**_ +> _**If your newly installed banking app aborts at first launch or suddenly stops working after your app updates, then you should try one of these [possible work around solutions to resolve the compatibility issue](https://discuss.grapheneos.org/d/8330-app-compatibility-with-grapheneos).**_ --- diff --git a/content/posts/android/F-Droid Security Issues.md b/content/posts/android/F-Droid Security Issues.md index 95dad36..e4a97dd 100644 --- a/content/posts/android/F-Droid Security Issues.md +++ b/content/posts/android/F-Droid Security Issues.md @@ -33,7 +33,7 @@ F-Droid requires that the source code of the app is exempt from any proprietary *A tempting idea would be to compare F-Droid to the desktop Linux model where users trust their distribution maintainers out-of-the-box (this can be sane if you're already trusting the OS anyway), but the desktop platform is intrinsically chaotic and heterogeneous for better and for worse. It really shouldn't be compared to the Android platform in any way.* -While we've seen that F-Droid controls the signing servers (much like Play App Signing), F-Droid also fully controls the build servers that run the disposable VMs used for building apps. And from June to November of 2022, their guest VM image [officially ran an end-of-life release of Debian LTS](https://gitlab.com/groups/fdroid/-/milestones/5#tab-issues). It is also worth noting that Debian LTS seperate project from Debian which attempts to extend the lifetime of releases that are deemed end-of-life by the Debian project and [does not get handled by the Debian Security team](https://wiki.debian.org/LTS). The version they were using (Debian Stretch) was actually discontinued [2 years prior](https://wiki.debian.org/DebianStretch). Undoubtedly, this raises questions about their whole infrastructure security. +While we've seen that F-Droid controls the signing servers (much like Play App Signing), F-Droid also fully controls the build servers that run the disposable VMs used for building apps. And from June to November of 2022, their guest VM image [officially ran an end-of-life release of Debian LTS](https://gitlab.com/groups/fdroid/-/milestones/5#tab-issues). It is also worth noting that Debian LTS separate project from Debian which attempts to extend the lifetime of releases that are deemed end-of-life by the Debian project and [does not get handled by the Debian Security team](https://wiki.debian.org/LTS). The version they were using (Debian Stretch) was actually discontinued [2 years prior](https://wiki.debian.org/DebianStretch). Undoubtedly, this raises questions about their whole infrastructure security. > How can you be sure that the app repository can be held to account for the code it delivers? diff --git a/content/posts/knowledge/Badness Enumeration.md b/content/posts/knowledge/Badness Enumeration.md index fd943ce..6eaf995 100644 --- a/content/posts/knowledge/Badness Enumeration.md +++ b/content/posts/knowledge/Badness Enumeration.md @@ -13,7 +13,7 @@ The obvious argument against badness enumeration is that there are so many threa ## Adblocking Extensions -On top of the [obvious problem](#the-obvious-problem) mentioned above, there are various technical reasons why advertisement/tracker blocking extensions cannot provide privacy. One of which is the fact that tracking can be done without any scripts at all. For example, a website only needs to know your session ID using a cookie and save all logs associated with that ID. It can then analyize when you visited the website, how long you visited the website for, which page on the website you spent the most time on, what you looked at, and so on. Another problem is that a website can just host its own tracking code or [proxy third party tracking code under its own domain](https://gist.github.com/paivaric/211ca15afd48c5686226f5f747539e8b). Just because your adblocker blocks connections to Google Analytics does not mean that you you are actually "safe" from Google Analytics at all. Even if you are successful in doing so, there is nothing stopping the website from sharing the analytics data it collected on its own with Google either. +On top of the [obvious problem](#the-obvious-problem) mentioned above, there are various technical reasons why advertisement/tracker blocking extensions cannot provide privacy. One of which is the fact that tracking can be done without any scripts at all. For example, a website only needs to know your session ID using a cookie and save all logs associated with that ID. It can then analyze when you visited the website, how long you visited the website for, which page on the website you spent the most time on, what you looked at, and so on. Another problem is that a website can just host its own tracking code or [proxy third party tracking code under its own domain](https://gist.github.com/paivaric/211ca15afd48c5686226f5f747539e8b). Just because your adblocker blocks connections to Google Analytics does not mean that you you are actually "safe" from Google Analytics at all. Even if you are successful in doing so, there is nothing stopping the website from sharing the analytics data it collected on its own with Google either. "Okay, so adblockers are unreliable, but what is the harm?" you may ask. diff --git a/content/posts/knowledge/FLOSS Security.md b/content/posts/knowledge/FLOSS Security.md index 0227c46..0c3f360 100644 --- a/content/posts/knowledge/FLOSS Security.md +++ b/content/posts/knowledge/FLOSS Security.md @@ -218,6 +218,6 @@ Releasing source code is just one thing vendors can do to improve audits; other [^12]: In 2017, Calibre's author actually wanted to stay with Python 2 after its EOL date, and [maintain Python 2 himself](https://bugs.launchpad.net/calibre/+bug/1714107). Users and package maintainers were quite unhappy with this, as Python 2 would no longer be receiving security fixes after 2020. While official releases of Calibre use a bundled Python interpreter, distro packages typically use the system Python package; Calibre's popularity and insistence on using Python 2 made it a roadblock to getting rid of the Python 2 package in most distros. What eventually happened was that community members (especially [Eli Schwartz](https://github.com/eli-schwartz) and [Flaviu Tamas](https://flaviutamas.com/) submitted patches to migrate Calibre away from Python 2. Calibre migrated to Python 3 by [version 5.0](https://calibre-ebook.com/new-in/fourteen). -[^13]: Linux distributions' CFI+ASLR implementations rely executables compiled with CFI+PIE support, and ideally with stack-smashing protectors and no-execute bits. These implementations are flawed (see [On the Effectiveness of Full-ASLR on 64-bit Linux](https://web.archive.org/web/20211021222659/http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf) and [Brad Spengler's presentation comparing these with PaX's own implementation](https://grsecurity.net/PaX-presentation.pdf)). +[^13]: Linux distributions' CFI+ASLR implementations rely executables compiled with CFI+PIE support, and ideally with stack-smashing protectors and no-execute bits. These implementations are flawed (see [On the Effectiveness of Full-ASLR on 64-bit Linux](https://web.archive.org/web/20211021222659/http://cybersecurity.upv.es/attacks/offset2lib/offset2lib-paper.pdf) and [Brad Spengler's presentation comparing these with PaX's own implementation](https://grsecurity.net/PaX-presentation.pdf)). [^14]: The [best attempt I know of](https://signal.org/blog/private-contact-discovery/) leverages [Trusted Execution Environments](https://en.wikipedia.org/wiki/Trusted_execution_environment), but for limited functionality using an implementation that's [far from bulletproof](https://en.wikipedia.org/wiki/Software_Guard_Extensions#Attacks). diff --git a/content/posts/knowledge/Multi-factor Authentication.md b/content/posts/knowledge/Multi-factor Authentication.md index 528c0ac..eda8335 100644 --- a/content/posts/knowledge/Multi-factor Authentication.md +++ b/content/posts/knowledge/Multi-factor Authentication.md @@ -29,7 +29,7 @@ TOTP is one of the most common forms of MFA available. When you set up TOTP, you The time-limited code is then derived from the shared secret and the current time. As the code is only valid for a short time, without access to the shared secret, an adversary cannot generate new codes. -If you have a [Yubikey](https://www.yubico.com/), you should store the "shared secrets" on the key itself using the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/) app. After the initial setup, the Yubico Authenticator will only expose the 6 digit code to the machine it is running on, but not the shared secret. Additional security can be set up by requiring touch confirmation, protecting digit codes not in used from a compromised operating system. +If you have a [YubiKey](https://www.yubico.com/), you should store the "shared secrets" on the key itself using the [Yubico Authenticator](https://www.yubico.com/products/yubico-authenticator/) app. After the initial setup, the Yubico Authenticator will only expose the 6 digit code to the machine it is running on, but not the shared secret. Additional security can be set up by requiring touch confirmation, protecting digit codes not in used from a compromised operating system. Unlike [WebAuthn](#fido2-fast-identity-online), TOTP offers no protection against [phishing](https://en.wikipedia.org/wiki/Phishing) or reuse attacks. If an adversary obtains a valid code from you, they may use it as many times as they like until it expires (generally 30 seconds + grace period). @@ -47,7 +47,7 @@ The service will then forward the one-time password to the Yubico OTP server for The Yubico validation server is a cloud based service, and you're placing trust in Yubico that their server won't be used to bypass your MFA or profile you. The public ID associated with Yubico OTP is reused on every website and could be another avenue for third-parties to profile you. Like TOTP, Yubico OTP does not provide phishing resistance. -Yubico OTP is an inferior protocol compared to TOTP since TOTP does not need trust in a third-party server and most security keys that support Yubico OTP (namely the Yubikey and OnlyKey) supports TOTP anyway. Yubico OTP is still better than Push Confirmation, however. +Yubico OTP is an inferior protocol compared to TOTP since TOTP does not need trust in a third-party server and most security keys that support Yubico OTP (namely the YubiKey and OnlyKey) supports TOTP anyway. Yubico OTP is still better than Push Confirmation, however. ### FIDO2 (Fast IDentity Online) diff --git a/content/posts/knowledge/Threat Modeling.md b/content/posts/knowledge/Threat Modeling.md index de0858c..4f55504 100644 --- a/content/posts/knowledge/Threat Modeling.md +++ b/content/posts/knowledge/Threat Modeling.md @@ -93,6 +93,6 @@ As a beginner, you may often fall into some bad practices while making a threat As discussed, focusing solely on advertising networks and relying solely on privacy policies does not make up a sensible threat model. When switching away from a service provider, try to determine what the root problem is and see if your new provider has any technical solution to the problem. For example, you may not like Google Drive as it means giving Google access to all of your data. The underlying problem here is the lack of end to end encryption, which you can solve by using an encryption tool like Cryptomator or by switching to a provider who provides it out of the box like Proton Drive. Blindly switching from Google Drive to a provider who does not provide end to end encryption like the Murena Cloud does not make sense. -You should also keep in mind that [badness enumeration does not work, cannot work, has never worked, and will never work](/knowledge/badness-enumeration/). While things like ad blockers and antiviruses may help block the low hanging fruits, they can never fully protect you from the threat. On the other hand, they often increase your attack surface and are not worth the security sacrifice. At best, they are merely covenience tools and should not be thought of as part of a defense strategy. +You should also keep in mind that [badness enumeration does not work, cannot work, has never worked, and will never work](/knowledge/badness-enumeration/). While things like ad blockers and antiviruses may help block the low hanging fruits, they can never fully protect you from the threat. On the other hand, they often increase your attack surface and are not worth the security sacrifice. At best, they are merely convenience tools and should not be thought of as part of a defense strategy. Another thing to keep in mind is that open-source software is not automatically private or secure. Malicious code can be sneaked into the package by the developer of the project, contributors, library developers or the person who compiles the code. Beyond that, sometimes, a piece of open-source software may have worse security properties than its proprietary counterpart. An example of this would be traditional Linux desktops lacking verified boot, system integrity protection, or a full system access control for apps when compared to macOS. When doing threat modeling, it is vital that you evaluate the privacy and security properties of each piece of software being used, rather than just blindly trusting it because it is open-source. diff --git a/content/posts/linux/Desktop Linux Hardening.md b/content/posts/linux/Desktop Linux Hardening.md index 45111ad..834216b 100644 --- a/content/posts/linux/Desktop Linux Hardening.md +++ b/content/posts/linux/Desktop Linux Hardening.md @@ -168,7 +168,7 @@ You can make your own AppArmor profiles, SELinux policies, [bubblewrap](https:// If you’re running a server, you may have heard of containers. They are more common in server environments where individual services are built to operate independently. However, you may sometimes see them on desktop systems as well, especially for development purposes. -[Docker](https://www.docker.com/) is one of the most popular container solutions. It does **not** offer a proper sandbox, meaning there is a large kernel attack surface. You should follow the [Docker and OCI Hardening guide](/posts/linux/docker-and-oci-hardening/) to mitigate this problem. In short, there are things you can do like using rootless containers (via configuration changes or [Podman](https://podman.io/)), using a runtime which provides a psuedo‑kernel for each container ([gVisor](https://gvisor.dev/)), and so on. +[Docker](https://www.docker.com/) is one of the most popular container solutions. It does **not** offer a proper sandbox, meaning there is a large kernel attack surface. You should follow the [Docker and OCI Hardening guide](/posts/linux/docker-and-oci-hardening/) to mitigate this problem. In short, there are things you can do like using rootless containers (via configuration changes or [Podman](https://podman.io/)), using a runtime which provides a pseudo‑kernel for each container ([gVisor](https://gvisor.dev/)), and so on. Another option is [Kata Containers](https://katacontainers.io/) which masquerades virtual machines as containers. Each Kata container has its own kernel and is isolated from the host. diff --git a/content/posts/linux/Securing OpenSSH with FIDO2.md b/content/posts/linux/Securing OpenSSH with FIDO2.md index 266577c..ca11f9d 100644 --- a/content/posts/linux/Securing OpenSSH with FIDO2.md +++ b/content/posts/linux/Securing OpenSSH with FIDO2.md @@ -70,6 +70,6 @@ Adding `sk-ssh-ed25519@openssh.com` to `PubkeyAcceptedKeyTypes` should suffice. Restart the `sshd` service and try to connect to your server using your key handle (by passing `-i ~/.ssh/id_ed25519_sk` to `ssh` for instance). If that works for you (your FIDO2 security key should be needed to derive the real secret), feel free to remove your previous keys from `.ssh/authorized_keys` on your server. ## That's cool, right? -If you don't have a security key, you can buy one from [YubiKey](https://www.yubico.com/fr/store/) (I'm very happy with my 5C NFC by the way), [Nitrokey](https://www.nitrokey.com/), [SoloKeys](https://solokeys.com/) or [OnlyKey](https://onlykey.io/) (to name a few). If you have an Android device with a hardware security module (HSM), such as the Google Pixels equipped with Titan M (Pixel 3+), you could even use them as bluetooth security keys. +If you don't have a security key, you can buy one from [YubiKey](https://www.yubico.com/fr/store/) (I'm very happy with my 5C NFC by the way), [Nitrokey](https://www.nitrokey.com/), [SoloKeys](https://solokeys.com/) or [OnlyKey](https://onlykey.io/) (to name a few). If you have an Android device with a hardware security module (HSM), such as the Google Pixels equipped with Titan M (Pixel 3+), you could even use them as Bluetooth security keys. *No reason to miss out on the party if you can afford it!* \ No newline at end of file diff --git a/content/posts/qubes/Using Lokinet on Qubes OS.md b/content/posts/qubes/Using Lokinet on Qubes OS.md index 571ea30..f2565a9 100644 --- a/content/posts/qubes/Using Lokinet on Qubes OS.md +++ b/content/posts/qubes/Using Lokinet on Qubes OS.md @@ -19,7 +19,7 @@ author: Tommy - Only works well on Debian-based distributions. The client for Windows has DNS Leaks, and support for macOS, Android, and other Linux distributions is experimental. It should be noted that this is a problem with the official client, not the protocol itself. - Does not have a killswitch which could lead to accidental leaks (as opposed to common commercial VPN clients which lock the connections to just the provider's servers). -- The official client requires a user to manually define an exit node, or to set certain IP ranges to be routed through certain exit nodes. While this makes it possible to setup some form of Steam Isolation, it is not as good as Tor's `isolateDestinationAddr` and `isolateDesitnationPort`. which automatically use a random exit node for every destination/port you visit. +- The official client requires a user to manually define an exit node, or to set certain IP ranges to be routed through certain exit nodes. While this makes it possible to setup some form of Steam Isolation, it is not as good as Tor's `isolateDestinationAddr` and `isolateDestinationPort`. which automatically use a random exit node for every destination/port you visit. - DNS does not work when used as a ProxyVM on Qubes OS ## Creating the TemplateVM diff --git a/content/privacy.md b/content/privacy.md index 82603d9..ca593e1 100644 --- a/content/privacy.md +++ b/content/privacy.md @@ -15,7 +15,7 @@ We do not have access to your IP addresses or activity logs. Cloudflare does kee We use [Hugo](https://gohugo.io/) to build our website. Hugo has [additional privacy settings](https://gohugo.io/about/hugo-and-gdpr/) for GDPR compliance, and we configure it to be as privacy friendly as possible. -Services like Disqus, Instagram, and Google Analytics are disabled. We do link to Twitter, Vimeo and Youtube in our blogs, and we turn on "enableDNT" and "privacyEnhanced" for those services. +Services like Disqus, Instagram, and Google Analytics are disabled. We do link to Twitter, Vimeo and YouTube in our blogs, and we turn on "enableDNT" and "privacyEnhanced" for those services. ## Git Repository @@ -25,7 +25,7 @@ For the Privacy policy of GitHub, please check out [this link](https://docs.gith ## Matrix -We use Matrix as our primary communication method. Since Matrix is a Federated protocol, the privacy of our conversaion depends on that of your homeserver and the homeserver of your contact. +We use Matrix as our primary communication method. Since Matrix is a Federated protocol, the privacy of our conversation depends on that of your homeserver and the homeserver of your contact. You should not have any expectation of privacy for your conversations in our public room, as anyone (be it a person or a bot) can access all of your messages and log them. Even if you "delete" your messages, it is merely a redaction request to the participating homeservers in the room, and any of them could choose to ignore said request.