Steganography in svenomenal's steganoV2

by

There are many different tools and algorithms used to hide secrets in other documents. Unfortunately, not all of them are open and documented. But this doesn't seem to harm the reputation of Windows only tools like Stegano.Net in the context of recreational activities like Geocaching. The overview about the principle of this specific software should allow the user to extract its previously stored data without depending on closed software and make it possible for the interested reader to decide whether this is really such a good "privacy" tool.

More...

Domain based proxy selection on NAT-routers

by

Introduction

It seems to become normal for service providers in the world wide web to reduce their functionality when the user is not accessing the service through the "right" IP range. This usually reflects the license agreements the service provider has with the actual content producers or copyright holders in this specific region. There are many well known users of GeoIP based restrictions, e.g. YouTube, Netflix or Hulu.

YouTube
The (currently) monopolistic collecting society in Germany and Google don't seem to be able to find acceptable conditions for both parties to correctly license the music in YouTube videos. This is especially problematic because GEMA can currently just assume that it has to receive royalties even without proving that the music is covered by the GEMA catalogue. Google started to block music videos in Germany as countermeasure against possible copyright claims (and maybe to create awareness of the problem).
Netflix
Netflix seems to be the biggest Video-on-Demand service at the moment. There are even rumors about Netflix planning to expand to more european states in the near future. But the UK version of Netflix already showed that it doesn't have world-wide streaming rights for its complete portfolio.
Hulu
Hulu is a free (ad-supported) streaming service with many content partners. Interestingly, it tries to provide access to person in foreign countries. These are for example U.S. military bases outside the U.S. or Japan. It easily shows that these IP restrictions not only work on large entities like countries and they are not necessarily limitations of the infrastructure.

There are many other reasons for a IP based block/restriction by a service provider. I will concentrate here on a very specific case: increasing security by reducing the attack vector. (I will not discuss whether this is a good strategy by the service provider)

Many projects were started to provide easy one-click solutions to avoid such IP restrictions on every kind of device. Unfortunately, these products are often extreme limited to a specific service (the ones mentioned above). Also the servers used as proxy are not the ones I would trust with sensible data. This makes them useless for my actual problem.

More...

Signed upstream tarballs in Debian

by

In the past numerous file distribution servers were attacked and the attacker replaced a release tarball/zip with a modificated version including a backdoor. Usually the distributions use some kind of signatures to avoid such an attack against their own infrastructure but this doesn't include the initial retrieval of the source code from upstream (usually done through the tarballs).

More...

Chipcard based HBCI with KMyMoney in Debian Wheezy/sid

by

Sparkasse Chemnitz decided that PIN/iTAN based authentication for bank transactions are obsolete. The new methods which are currently advertised as the "more secure alternatives" are chipTAN and smsTAN. Both are not known for their strong security and vendor specific implementations seemed to be even worse. The only acceptable solution for me is HBCI/FinTS using chipcards and a decent smart card reader with pinpad. At least this method was not yet dropped by them and I still hope that my application for it will be granted after 13 years (August 23 will be the anniversary).

More...

The state of batman-adv branches in august 2010

by

as we started to have different branches and repositories, everything became a little bit more complex to track. I will try to summarize what and where is something going on inside the batman-adv universe.

More...