magicconch's comments

magicconch | 4 years ago | on: A drug that cures alcoholism may be the next anti-anxiety medication

Another alternative drug is emoxypine [1], sold under the brand name Mexidol. It also possesses anti-anxiety effects. Rather than make the user feel terrible when they drink (as in the case of disulfiram), it has effects more similar to naltrexone: reducing the effects of alcohol so the user does not experience the feelings they usually would. I think this is a lot more humane than disulfiram.

[1] https://en.wikipedia.org/wiki/Emoxypine

magicconch | 4 years ago

Also take a look at the EFF’s wordlists [1] as an alternative to the Diceware list. Quoting from their blog post, here are some issues with the Diceware list that they have resolved: - It contains many rare words such as buret, novo, vacuo

- It contains unusual proper names such as della, ervin, eaton, moran

- It contains a few strange letter sequences such as aaaa, ll, nbis

- It contains some words with punctuation such as ain't, don't, he'll

- It contains individual letters and non-word bigrams like tl, wq, zf

- It contains numbers and variants such as 46, 99 and 99th

- It contains many vulgar words

- Diceware passwords need spaces to be correctly decoded, e.g. in and put are in the list as well as input

[1] https://www.eff.org/deeplinks/2016/07/new-wordlists-random-p...

magicconch | 4 years ago | on: RCE in Visual Studio Code's Remote WSL for Fun and Negative Profit

Kudos to the author for a fantastic write up. The structure made reading it a really pleasant learning experience - a solid table of contents, an up-front summary, and a sensible list of prerequisites and instructions for following along.

magicconch | 4 years ago

The first line of the linked Wikipedia page states that it will never be created.

magicconch | 5 years ago | on: A visual guide to SSH tunnels

For those interested in the topic of tunneling, I highly recommend The Cyber Plumber’s Handbook [1] to gain an even deeper understanding and examples beyond SSH.

[1] https://cph.opsdisk.com/

magicconch | 5 years ago | on: Malvuln – Malware Vulnerability Research

I’ve been trying to gain an understanding of threat modeling and one thing I’m struggling with is the definition of trust boundary - none of the descriptions I’ve read really clicked for me. Could you describe what it means?

magicconch | 5 years ago | on: Bitmessage: A decentralized and trustless P2P communications protocol

This reminds me of mixmaster/mixminion[1] networks

[1] https://github.com/mixminion/mixminion

magicconch | 5 years ago | on: WireGuard Bounce Server Setup

Using “apt install --no-recommends wireguard-tools” should do what you’re looking for.

magicconch | 5 years ago | on: Port knocking

Yes, take a look at the manual page for knockd and search for "One_Time_Sequences". It does what you are asking by using a one-time valid sequence of port knocks, but it is like HOTP rather than TOTP.

magicconch | 6 years ago | on: Free Open Source VPN – AES 256 – WireGuard and OpenVPN

The OpenVPN configuration uses AES-128-GCM as the cipher, which itself is fine but the website claims it is using AES-256.

More concerning is the 'Tor VPN' and bridge being offered. The Tor bridge here is not a proper bridge, instead the SOCKS port is being exposed on a public IP rather than the usual 127.0.0.1. SOCKS is an unencrypted protocol so everything being sent to the bridge is exposed on the wire, and your ISP can trivially see that you are connecting to a VPN over it. This is dangerous and misleading - Tor even warns you that the protocol is not encrypted when you expose the SOCKS port publicly. Real Tor bridges are simply relays not listed in the consensus file. Connections using them are still encrypted using TLS. The website incorrectly claims that by using the VPN over Tor configuration files, you are masking your VPN connection from your ISP.

This free VPN is so misleading that I felt the need to make a HN account just to write about it.