Hacker News: EvangelicalPig

New comment by EvangelicalPig in "Google can ban your Android app if they think you’ve clicked on your own ads"

EvangelicalPig — Wed, 28 Apr 2021 06:08:50 +0000

> - Your Amazon shopping account and your AWS account should definitely not be the same account.

If you need another reason. I've heard allegations that the recovery process for Amazon shopping accounts and for dedicated AWS accounts are different, with the former being easier to socially engineer.

Probably some risk management department figuring that in the case of the former any "fraud" can be resolved with any chargebacks/refunds

New comment by EvangelicalPig in "Statement on DNS Encryption [pdf]"

EvangelicalPig — Wed, 21 Apr 2021 23:36:21 +0000

I mean, given how just about all DNSSEC domains are bootstrapped through domain registrar interfaces and their APIs (which have been compromised in attacks before), that might not be the best idea. As a counterpoint I think despite it's flaws that removing any form of certificate/key pinning from browsers was a mistake, rather than learning from said issues (i.e Maybe provisioning pinning of the public keys through an HTTP header isn't the best idea.)

New comment by EvangelicalPig in "Chrome’s address bar will use https:// by default"

EvangelicalPig — Tue, 23 Mar 2021 22:02:08 +0000

On a related note, pinning the public keys of TLS certificates in browsers used to be a thing (HPKP) and it did mitigate certain classes of attacks with caveats (i.e, let's hijack a domain using an "incompetent" domain registrar and MITM clients that previously visited this site before, happens more than you think[1][2]).

Given how it was configured using HTTP headers and with the average site that has buggy webapps and such that could be used for header "injection" independent of the webserver it was unfortunately considered a theoretical persistent DoS vector, and thus removed from browsers.

I'm not convinced other solutions (CAA, CT) are adequate replacements because it best, they are reactive (versus preventative) solutions, and CAA assumes all CA's are properly checking DNS records at the time of issuance and that those DNS queries are not being intercepted, which is a big assumption in my book.

[1]: https://www.fox-it.com/en/news/blog/fox-it-hit-by-cyber-atta...

[2]: https://krebsonsecurity.com/2020/03/phish-of-godaddy-employe... (okay, was just a deface, but still accomplished with a hijacked registrar account)

New comment by EvangelicalPig in "The Hijacking of Perl.com"

EvangelicalPig — Mon, 01 Mar 2021 20:05:17 +0000

pairdomains.com doesn't have serverUpdateProhibited, which is the "registry lock" protection. The reason why it costs money is because I believe it involves the registrant, registrar and registry coordinating a manual unlock out of band, so in theory if the registrar-registry API is compromised, you're still be protected.

New comment by EvangelicalPig in "The Hijacking of Perl.com"

EvangelicalPig — Mon, 01 Mar 2021 17:25:23 +0000

I know NetSol in theory supports registry lock, but last time I checked they want >$1000/year for it, and it's kind of shitty they don't offer robust access controls internally so you end up paying for it (and other registrars offer registry lock (and hopefully competent 2FA on top of that!) in the ~$500/year range)

New comment by EvangelicalPig in "United B772 at Denver on Feb 20th 2021, engine inlet separates from engine"

EvangelicalPig — Sun, 21 Feb 2021 06:28:50 +0000

I mean. How much is classic Perl used in web applications these days?

New comment by EvangelicalPig in "Godaddy appears to have suspended Backblaze's domain"

EvangelicalPig — Sun, 14 Feb 2021 00:23:39 +0000

Cloudflare has an enterprise plan that should in theory be more hardened against abuse complaints.

I do agree about the sorry state of domain registrars these days.

New comment by EvangelicalPig in "FIDO2 security key company releases hardware that's open source and uses Rust"

EvangelicalPig — Sat, 13 Feb 2021 01:10:26 +0000

Was not aware. Thank you!

New comment by EvangelicalPig in "FIDO2 security key company releases hardware that's open source and uses Rust"

EvangelicalPig — Sat, 13 Feb 2021 00:43:35 +0000

Some Linux distributions require adding udev rules for applications to have USB device access but other then that, it's pretty much plug and play.

A bit more convenient than having to use the YubiKey apps for TOTP and such.

New comment by EvangelicalPig in "Godaddy appears to have suspended Backblaze's domain"

EvangelicalPig — Sat, 13 Feb 2021 00:40:27 +0000

How many hoops do you need to jump through (as a small to medium size company), to get an account at MarkMonitor, CSC or another one of those "brand protection" companies?

Over the past 5 or so years I have noticed "previously safe" registrars (in terms of resistance to false abuse/DMCA complaints or social engineering attacks) get acquired by larger corporate interests and sometimes have a drop in quality as a result. MarkMonitor was acquired by a venture capital firm a few years ago as well. Good to have backup options on the table.

(Before you ask. I am aware of the added costs of such services, and I don't have much faith in consumer registrars anymore.)

New comment by EvangelicalPig in "Perl.com Taken over by Domain Squatters"

EvangelicalPig — Thu, 28 Jan 2021 15:21:18 +0000

as noted in my edit

New comment by EvangelicalPig in "Perl.com Taken over by Domain Squatters"

EvangelicalPig — Thu, 28 Jan 2021 15:14:31 +0000

checking whois for each of those domains, my first thought is I sure hope Key-Systems didn't get owned :|

EDIT: On a sidenote:If this[1] is true, looks like the attacker may have compromised another registrar that perl.com used (Network Solutions), moved domain to another registrar, than KS. Still a big concern though

[1] https://nitter.net/DInvesting/status/1354778895749419013

New comment by EvangelicalPig in "DNS hijacked on GoDaddy?"

EvangelicalPig — Wed, 30 Dec 2020 05:40:53 +0000

I've been concerned about NameCheap since this alleged incident occurred

https://news.ycombinator.com/item?id=18063667

New comment by EvangelicalPig in "DNS hijacked on GoDaddy?"

EvangelicalPig — Wed, 30 Dec 2020 05:38:59 +0000

How long ago was this, roughly?

I've heard of past concerns about some of Gandi's internal procedures and even ignoring that, they've been acquired by a venture capital firm of sorts.

New comment by EvangelicalPig in "Runs on the Librem 5 Smartphone – Week 2"

EvangelicalPig — Fri, 12 Jul 2019 04:45:14 +0000

There is Anbox[0] for running Android applications under Linux, and I've heard some people claim it's "less clunky" then an AVD. I haven't yet tried it myself but will soon.

I don't disagree that there are some suboptimal things about Android but to bootstrap a new mobile OS platform from almost nothing, and being on-par not even matching Android especially with regards to security (sandboxing, a proper permission model) seems like it would require a dedicated team several years of development time, which Purism doesn't have.

[0]: https://anbox.io/

New comment by EvangelicalPig in "Police push legal boundaries to get into cellphones"

EvangelicalPig — Fri, 07 Jun 2019 19:07:33 +0000

BlackBerry had a duress password feature to secure erase the device in the event of said password being used, and it would brick the device in the event of being aborted (battery pull). Wouldn't that be considered destruction of evidence though?

New comment by EvangelicalPig in "Vim/Neovim Arbitrary Code Execution via Modelines"

EvangelicalPig — Wed, 05 Jun 2019 02:13:03 +0000

s/CLI/desktop

New comment by EvangelicalPig in "Smartphone Apps Are Filled With Trackers"

EvangelicalPig — Sun, 14 Apr 2019 03:33:59 +0000

I think the main developer took a break for a bit and he's back with a new project (in beta) called GrapheneOS.

I don't have a supported device so I can't comment.

https://old.reddit.com/r/GrapheneOS/

https://seamlessupdate.app/ (website)

New comment by EvangelicalPig in "Ripcord – A desktop chat client for Discord and Slack"

EvangelicalPig — Wed, 10 Apr 2019 00:03:37 +0000

I'd rather someone would spend time on a better Matrix or XMPP client but assuming the Discord staff have a hissy fit over ToS it looks quite nice.

New comment by EvangelicalPig in "Apple iPhone SE Available on Apple Store Again"

EvangelicalPig — Mon, 25 Mar 2019 05:04:32 +0000

This bug?

https://old.reddit.com/r/Android/comments/6o50aq/i_dont_thin...