30.000 organizaciones expuestas en EUA

Una vulneración de seguridad expone a unas 30.000 organizaciones (públicas y privadas) por cuatro exploits en el servidor de correo Microsoft Exchange.

La vulneración ha permitido acceder a cuentas de correo. Ese no es el grave problema. Los administradores disponen de parches de seguridad y un conjunto de buenas prácticas (por ejemplo no exponer los servidores vía OWA en Internet) que mitiguen el impacto.

A mi juicio el grave problema es qué otras brechas se pueden abrir a partir de esta. Obtener acceso a un buzón de Outlook permite, por citar algunos ejemplos; conocer tu libreta de direcciones completa, enviarles correos con spamware o malware desde tu propia cuenta, o acceder a las notas y calendario, etc.

La información contenida en un gestor personal como los buzones de Exchange abre otras vías de ataque. La manera de trabajar con la seguridad en global pasa por unos hábitos de los usuarios que evitan esas otras brechas.

¿Cómo obtener información básica de red con nmcli?

¿Cómo obtener información básica de red con nmcli en GNU/Linux?

El post pretende ser un recordatorio para mi mismo y un acicate para profundizar en nmcli, un desconocido para mi, que me ha parecido más amigable que el nuevo ip.

A modo de ejemplo, listo las conexiones activas con el comando en negrita:


user@machine:~$ nmcli connection show
NAME UUID TYPE DEVICE
MIWIFI_2G_nnGQ 43ce5cc0-6ecc-4fca-997b-ccdcb12ca2ff wifi
wlx74da38e4733c

virbr0 a756e70d-7f44-4bc6-8ce7-a3d1265cee1f bridge virbr0
Conexión cableada 1 3df083b6-e2d3-35b6-a55d-d1c540443eca ethernet

¿Cómo sé a qué velocidad se conecta la WiFi? nmcli ofrece un parámetro para saber los campos (-f para fields en inglés) de las conexiones a las que el sistema puede acceder.

user@machine:~$ nmcli -f WIFI-PROPERTIES dev show wlx74da38e4733c
WIFI-PROPERTIES.WEP: sí
WIFI-PROPERTIES.WPA: sí
WIFI-PROPERTIES.WPA2: sí
WIFI-PROPERTIES.TKIP: sí
WIFI-PROPERTIES.CCMP: sí
WIFI-PROPERTIES.AP: sí
WIFI-PROPERTIES.ADHOC: sí
WIFI-PROPERTIES.2GHZ: sí
WIFI-PROPERTIES.5GHZ: no
WIFI-PROPERTIES.MESH: sí
WIFI-PROPERTIES.IBSS-RSN: sí

Para quedarnos con ganas de explorar más las opciones de nmcli podemos listar la conexión concreta que nuestro equipo utilizaba y filtrar información sobre IPv4. Nos permite ver la ip de la conexión, la del router, los DNS que utiliza, etc.

user@machine:~$ nmcli connection show "MIWIFI_2G_nnGQ" | grep ^IP4
IP4.ADDRESS[1]: 192.168.1.142/24
IP4.GATEWAY: 192.168.1.1
IP4.ROUTE[1]: dst = 0.0.0.0/0, nh = 192.168.1.1, mt = 600
IP4.ROUTE[2]: dst = 169.254.0.0/16, nh = 0.0.0.0, mt = 1000
IP4.ROUTE[3]: dst = 192.168.1.0/24, nh = 0.0.0.0, mt = 600
IP4.DNS[1]: 212.230.135.2
IP4.DNS[2]: 212.230.135.1
IP4.DOMAIN[1]: home

IP via ProtonVPN and Tor Browser

There’s nothing really unknown in this post, I just want to share a little experiment with my personal homespun conclusion at the bottom.

  1. I open Chromium and I guess what IP the computer is given by the ISP. It’s an IP from my Spain
  2. Launch the ProtonVPN (via a free Japan server) connection and check the IP. It’s an IP from Norway
  3. I launch the Tor Browser over this VPN connection and check the IP. It’s an IP from Switzerland. Then, I reload the Tor Browser and the IP now its’ from France. Which is absolutely the expected behaviour according to Tor Browser features.
  4. I stopped the ProtonVPN connection while both browsers (Chromium and Tor) are running.
  5. The Chromium shows again the IP from Spain, the Tor Browser keeps showing an IP from a different town, Germany this time.

For this experiment I’ve used:

Homespun conclusion:

  • If you just want to browse web pages you may do it via Tor Browser, no VPN is needed.
  • If you need a wide IP traffic, not only web browsing (such a ssh, torrent, or whatever) consider a trusty VPN service. Consider privacy, logging and external auditing related with the VPN of your choice.

DD-WRT as a bridge

I was using DD-WRT in a Linksys WRT54G/GL/GS years ago. After stop needing it was stored in the deepness of a wardrobe.

I’m living in a long flat where a room is far away from the AP, furthermore there’re metal and liquids between the room and the AP which makes the signal intensity lesser.

So I’ve rescue the DD-WRT from its retirement to enhance the Wi-Fi signal in the house. There’s no merit in it since you just have to follow the proper tutorial about how to configure DD-WRT as a Repeater Bridge.

Why I wrote about this? It’s related with a couple of things: it’s worthy no to fall into programmed obsolescence and through away any device just because. Simply consider what it’s worthy to keep and what it’s simply trash.

Last, but not least, GNU/Linux shows again how important free sofware is. This particular Linksys WRT54GL support third-party firmware based on GNU/Linux and over that DD-WRT has developed its firmware, which also free software… Free software, do I have to argue any more? Self-explained.

Linksys WRT54GL

I almost forget to remember that the FSF lawsuited Cisco for a violation of the GNU License and it won.

Privacy on Android

A common opinion point to use VPN’s to avoid being monitorized. I’ve seen recently a video that said we should stop using VPNs for privacy.

Alternatives exists. This days I had give a try to Orbot, Tor for Android. The main reason besides the concern with privacy is to experience if the performance and battery consumption were decent enough or if you have to pay a lot for it.

So far I don’t experienced a slowness or high battery consume. On the other hand I experience that slowness using Tor Browser.

There’s a main feature to highlight; the VPN mode. It keeps your IP hidden, IThere’s a main feature to highlight; the VPN mode. It keeps your IP hidden, I’ve check it and Orbot have change this IP from time to time. You may check it with different online pages that shows you your IP or more lazily when you visit webs they assume a different language for you because your IP comes from a town different to your real one.