My company compromises SSL certificates in the name of "security". I can't even use Gmail because Google has identified my intranet as a malicious network executing a man in the middle attack. So they break security in the name of security.

TIL if you know the password for a WIFi SSID, you can replicate it with your hardware. All devices that have credentials for that SSID will connect to yours if your signal is stronger. The encryption just needs to be the same (wpa2/wep) The underlying UUID doesn’t matter.

Not bad for a quick and dirty man-in-the-middle attack. The WiFi spec needs a bit more work.
TLS all the things!

Today's GDPR-Bullshittery.

So we are using an open source remote update system for updating our embedded devices.
And today we learned that, that system logs ip-adress'. And low and behold mr.GDPR says that is a no no.

So either we completely drops it, finds a new update system and implements it..
Sift through all the source code of the update system "fix" it and recompile it.
Or we setup a Man in the middle attack on ourselves. To mask the ip-adress'.

GDPR encouraging hacking ourselves I fucking love it!

How would you explain SSL, certificates, and CAs to a layman?

I just spent 30mins trying to explain it to them in a chat (related to Mpngo driver configs and the sslValidatrle flag), they sorta went silent on me so not sure if I explained it or understood the roles/purposes correctly...

One example I used was it prevents a man in the middle attack where your connection gets rerouted to another server. If the CA didn't recognize the cert the new server replies with then it rejects it and prevents the attack.

So, I've been seeing a lot of people concerned about privacy around here lately.

I completely understand it, and I too, don't want all my data to be available for anyone at any given time. I get it.
However, the only way to get privacy, is to build it yourself.

Buying a phone? Who says (apart from the company itself) that it doesn't have some integrated chip, or that the os lies to you or w/e

When using your phone, who says your Sim provider isn't intercepting all your traffic with a man in the middle attack?

These sound like conspiracies, however, if you really want privacy, either build it yourself (or with other privacy activists) or let go of the comforts of technology (i know, you're not the only source of info about yourself, the only way to shield yourself is to go into the woods and live a simple life.)

It's pretty sad that these are the two options, but I've yet to find a better one.

(ps, I used to have a "no logs, no ip, no anything" VPN provider, and as soon as some agency requested info, they got it, so I wouldn't easily trust the promise of 3rd parties anymore.)