The Whore of Blahbylon
, Cynic, Misanthropist| Website | https://www.bsdhowto.ch/ |
Bruno Flückiger 
- 158 Followers
- 108 Following
- 383 Posts
Senior System Engineer, Tutor, OpenBSD enthusiast, , Cynic, Misanthropist
, Cynic, Misanthropist
DiscoverBSDDisplay switch for OpenBSD laptop
Solène 
For people using Ubuntu LTS as a server or workstation, what's your opinion on it? (reliability, convenience, troubleshoot, documentation, ...)
Are you using #Ubuntu PRO subscriptions?
Not interested if the replies are not about Ubuntu, thanks 
Scott Francis#!/bin/sh
set -euo pipefail
thanks, @b0rk - I've been writing shell for 25+ years and wish I'd been doing this 25+ years ago.
CRL -> OCSP -> CRL ->
Can you continue this list?
Can you continue this list?
viviIf Docker runs containers, does that mean that it actually is a garbage collector?
I hate systemd from the bottom of my heart 
A simple task like checking the logs requires googling. Because some know-it-all decided that text log file are so old-fashioned. He rather designed some binary bullshit that highly resembles the crap used by a certain descendant of VMS. 
A simple task like checking the logs requires googling. Because some know-it-all decided that text log file are so old-fashioned. He rather designed some binary bullshit that highly resembles the crap used by a certain descendant of VMS. A new attack was published, named TunnelVision, explaining how to snoop all the unencrypted VPN traffic through a local system.
In summary, the attack make the local DHCP server auto configuring workstations network to send a gateway address that is similar to the one used by the VPN but with a higher priority, so the operating system will send its VPN traffic to that address instead of the VPN server.
This attack is not discrete, it could be easily spotted in the network settings.
#Android seems unaffected.
#QubesOS is immune as long as you do not establish a VPN in the qube connected to the real world network (by defaut it's either sys-net or sys-firewall).
#OpenBSD is certainly affected as DHCP option 121 allowing that trick is implemented into dhcpleased (the dhcp client).
However, using a different rdomain for the VPN should prevent any kind of snooping. I wrote a guide explaining how to use WireGuard tunnels on different rdomains https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html
Linux users using WireGuard can configure namespaces as a protection: (thanks @zgou for the link)
=> https://www.wireguard.com/netns/
Update1: Tor users do not have to worry, this does not affect Tor at all (it works at a different layer in the network). However, in case you use Tor over VPN, this could potentially leak the fact that you use Tor, but Tor data is still encrypted.
Update2: A properly configured firewall blocking traffic on physical network interfaces when the destination is the VPN server gateway through the tunnel (not the public VPN server IP) will prevent abuse of this vulnerability. Network will be non functional though because the wrong gateway is used and the traffic is blocked.
Peter N. M. HansteenDid you ever usenet? ... https://medium.com/tech-and-me/did-you-ever-usenet-437ccb6f9208 -- the article is from someone roughly my age, a reminder where we came from (and all social media, to my mind, have been half-assed attempts at re-inventing USENET) #usenet #history #news #nntp
