Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmSpeedify and multipath2021-03-12T10:23:07+00:00
https://nelsonslog.wordpress.com/2021/03/11/speedify-and-multipath/
jmspeedify multipath vpn vpns internet networking via:nelsonhttps://pinboard.in/https://pinboard.in/u:jm/b:b11da9b67abb/Nebula2019-11-20T13:56:22+00:00
https://github.com/slackhq/nebula
jma scalable overlay networking tool with a focus on performance, simplicity and security. It lets you seamlessly connect computers anywhere in the world. Nebula is portable, and runs on Linux, OSX, and Windows. [...] It can be used to connect a small number of computers, but is also able to connect tens of thousands of computers.
Nebula incorporates a number of existing concepts like encryption, security groups, certificates, and tunneling, and each of those individual pieces existed before Nebula in various forms. What makes Nebula different to existing offerings is that it brings all of these ideas together, resulting in a sum that is greater than its individual parts.
Nebula is a mutually authenticated peer-to-peer software defined network based on the Noise Protocol Framework. Nebula uses certificates to assert a node's IP address, name, and membership within user-defined groups. Nebula's user-defined groups allow for provider agnostic traffic filtering between nodes. Discovery nodes allow individual peers to find each other and optionally use UDP hole punching to establish connections from behind most firewalls or NATs. Users can move data between nodes in any number of cloud service providers, datacenters, and endpoints, without needing to maintain a particular addressing scheme.
Nebula uses elliptic curve Diffie-Hellman key exchange, and AES-256-GCM in its default configuration.
Nebula was created to provide a mechanism for groups [of] hosts to communicate securely, even across the internet, while enabling expressive firewall definitions similar in style to cloud security groups.
]]>networking vpn nebula slack ops crypto overlay-networks tunnellinghttps://pinboard.in/https://pinboard.in/u:jm/b:84f3329308a5/Virgin Media Ireland hate people working from home2016-05-12T10:06:56+00:00
https://www.virginmedia.ie/terms/usage-policy/
jmSection 12: Use of Virtual Private Network (VPN)
As stated above, the Virgin Media Services are for residential use only and we do not support the use of VPN. If we find you are using VPN we may instruct you to stop using it and you must comply with this request. This is in order to prevent problems with our network and other Internet users.
]]>virgin-media virgin upc isps ireland teleworking telecommuting home vpns vpnhttps://pinboard.in/https://pinboard.in/u:jm/b:2421e2d2d3d5/Excellent post from Matthew Green on the Juniper backdoor2015-12-22T11:21:26+00:00
http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html
jmFor the past several years, it appears that Juniper NetScreen devices have incorporated a potentially backdoored random number generator, based on the NSA's Dual_EC_DRBG algorithm. At some point in 2012, the NetScreen code was further subverted by some unknown party, so that the very same backdoor could be used to eavesdrop on NetScreen connections. While this alteration was not authorized by Juniper, it's important to note that the attacker made no major code changes to the encryption mechanism -- they only changed parameters. This means that the systems were potentially vulnerable to other parties, even beforehand. Worse, the nature of this vulnerability is particularly insidious and generally messed up.
[....] The end result was a period in which someone -- maybe a foreign government -- was able to decrypt Juniper traffic in the U.S. and around the world. And all because Juniper had already paved the road.
One of the most serious concerns we raise during [anti-law-enforcement-backdoor] meetings is the possibility that encryption backdoors could be subverted. Specifically, that a back door intended for law enforcement could somehow become a backdoor for people who we don't trust to read our messages. Normally when we talk about this, we're concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that. The problem with cryptographic backdoors is not that they're the only way that an attacker can break intro our cryptographic systems. It's merely that they're one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes.
(via Tony Finch)]]>via:fanf crypto backdoors politics juniper dual-ec-drbg netscreen vpnhttps://pinboard.in/https://pinboard.in/u:jm/b:934dcb1b02c0/ImperialViolet - Juniper: recording some Twitter conversations2015-12-22T10:53:00+00:00
https://www.imperialviolet.org/2015/12/19/juniper.html
jm... if it wasn't the NSA who did this, we have a case where a US government backdoor effort (Dual-EC) laid the groundwork for someone else to attack US interests. Certainly this attack would be a lot easier given the presence of a backdoor-friendly RNG already in place. And I've not even discussed the SSH backdoor. [...]
]]>primes ecc security juniper holes exploits dual-ec-drbg vpn networking crypto prngshttps://pinboard.in/https://pinboard.in/u:jm/b:10c7b24183e0/Use sshuttle to Keep Safe on Insecure Wi-Fi2014-12-21T09:37:11+00:00
http://elasticdog.com/2011/12/use-sshuttle-to-keep-safe-on-insecure-wi-fi/
jmssh vpn sshuttle tunnelling security ip wifi networking osx homebrewhttps://pinboard.in/https://pinboard.in/u:jm/b:2bed8650a9c8/xelerance/xl2tpd · GitHub2013-12-29T12:37:44+00:00
https://github.com/xelerance/xl2tpd
jmvpn l2tp tunneling internet privacy security xl2tpd xelerance via:irrhttps://pinboard.in/https://pinboard.in/u:jm/b:0ab204ab4c51/Tunlr2013-01-14T13:41:52+00:00
http://tunlr.net/faq/
jmproxy network vpn dns tunnel content video audio iplayer bbc hulu streaming geo-restrictionhttps://pinboard.in/https://pinboard.in/u:jm/b:8146201435af/apenwarr/sshuttle - GitHub2011-01-17T11:00:33+00:00
https://github.com/apenwarr/sshuttle#readme
jmvpn ssh security linux opensource tcp networking tunnelling port-forwardinghttps://pinboard.in/u:jm/b:1f9d3c391795/Draft Functional Spec of Hadopi "securisation" software2010-07-30T10:35:47+00:00
http://translate.google.com/translate?u=http%3A//www.numerama.com/magazine/16363-exclusif-le-document-secret-de-l-hadopi-sur-les-moyens-de-securisation.html%3Futm_medium%3Dbt.io-twitter%26utm_source%3Ddirect-bt.io%26utm_content%3Dbacktype-tweetcount&hl=en&langpair=auto|en&tbb=1&ie=UTF-8
jmhadopi piracy filtering snooping big-brother 1984 via:adulau vpn tor blocklistshttps://pinboard.in/u:jm/b:2ffa8e3aa4ed/NeoRouter2010-07-15T10:16:52+00:00
http://www.neorouter.com/
jmfirewall hamachi network openwrt remote router security vpn desktop-sharing neorouter tomatohttps://pinboard.in/u:jm/b:e3558f91e429/