Comments for Stratum Security Blog http://www.stratumsecurity.com/blog Innovative Risk Solutions Sun, 15 Apr 2012 20:14:28 +0000 hourly 1 http://wordpress.org/?v= Comment on Shearing FireSheep with the Cloud by None http://www.stratumsecurity.com/blog/2010/12/03/shearing-firesheep-with-the-cloud/comment-page-3/#comment-3166 None Sun, 15 Apr 2012 20:14:28 +0000 http://www.stratumsecurity.com/blog/?p=276#comment-3166 I would like to go one step further and wonder how might your steps be amended. I am interested in maintaining an EC2 instance that not only all devices (phones, notebooks, etc.) VPN into, but then the EC2 instance itself VPNs out to one of the privacy based (non-logging, foreign) VPN providers. Is that a possible extension of your setup? So, for example, it would go from home PC, OpenVPN to EC2, OpenVPN from EC2 to AirVPN/BTGuard/etc.? I would like to go one step further and wonder how might your steps be amended. I am interested in maintaining an EC2 instance that not only all devices (phones, notebooks, etc.) VPN into, but then the EC2 instance itself VPNs out to one of the privacy based (non-logging, foreign) VPN providers. Is that a possible extension of your setup? So, for example, it would go from home PC, OpenVPN to EC2, OpenVPN from EC2 to AirVPN/BTGuard/etc.?

]]> Comment on Shearing FireSheep with the Cloud by Zero http://www.stratumsecurity.com/blog/2010/12/03/shearing-firesheep-with-the-cloud/comment-page-3/#comment-3165 Zero Fri, 13 Apr 2012 18:42:02 +0000 http://www.stratumsecurity.com/blog/?p=276#comment-3165 How might these steps be amended if we wanted to then connect the EC2 instance to one of the non-logging, privacy based VPN services like BTGuard or AirVPN? My holy grail setup is one where all my devices (phones, PCs and Macs) OpenVPN into a single EC2 instance, which then itself is VPN'd to AirVPN (also OpenVPN based), and then out their log-free side. Possible? I feel like your instructions get us most of the way there... How might these steps be amended if we wanted to then connect the EC2 instance to one of the non-logging, privacy based VPN services like BTGuard or AirVPN? My holy grail setup is one where all my devices (phones, PCs and Macs) OpenVPN into a single EC2 instance, which then itself is VPN’d to AirVPN (also OpenVPN based), and then out their log-free side. Possible? I feel like your instructions get us most of the way there…

]]> Comment on Shearing FireSheep with the Cloud by NP http://www.stratumsecurity.com/blog/2010/12/03/shearing-firesheep-with-the-cloud/comment-page-3/#comment-1729 NP Tue, 06 Mar 2012 10:11:57 +0000 http://www.stratumsecurity.com/blog/?p=276#comment-1729 I am still unable to create the .ssh folder. Like I said, when I try to move the key into the .ssh folder, it says it does not exist. I have tried to create the folder using a few commands, but it says I do not have permission. I tried doing the repair permissions on the disk utility, still no luck. I know that you can change permissions with commands, but it says I already have wrx permission on every folder, so I don't understand why it won't let me create the .ssh folder. Only thing I can think of is that I only have -rw permission on the .CFUserTextEncoding and the .DS_Store files. I'm not sure if that matters. I am still unable to create the .ssh folder. Like I said, when I try to move the key into the .ssh folder, it says it does not exist. I have tried to create the folder using a few commands, but it says I do not have permission. I tried doing the repair permissions on the disk utility, still no luck. I know that you can change permissions with commands, but it says I already have wrx permission on every folder, so I don’t understand why it won’t let me create the .ssh folder. Only thing I can think of is that I only have -rw permission on the .CFUserTextEncoding and the .DS_Store files. I’m not sure if that matters.

]]> Comment on Shmoocon 2010 Video Online: The New World of SmartPhone Security by ABC Action News Smartphone Security Video Posted (with an additional Android exploit demo video) | Stratum Security Blog http://www.stratumsecurity.com/blog/2010/02/12/shmoocon-2010-video-online-the-new-world-of-smartphone-security/comment-page-1/#comment-1487 ABC Action News Smartphone Security Video Posted (with an additional Android exploit demo video) | Stratum Security Blog Fri, 02 Mar 2012 17:33:15 +0000 http://www.stratumsecurity.com/blog/?p=93#comment-1487 [...] The New World of SmartPhone Security [...] [...] The New World of SmartPhone Security [...]

]]> Comment on Shearing FireSheep with the Cloud by Isaac http://www.stratumsecurity.com/blog/2010/12/03/shearing-firesheep-with-the-cloud/comment-page-3/#comment-1479 Isaac Sun, 22 Jan 2012 19:27:36 +0000 http://www.stratumsecurity.com/blog/?p=276#comment-1479 Ignore previous message. Egregious typo on my part. Sorry. Ignore previous message. Egregious typo on my part. Sorry.

]]> Comment on Shearing FireSheep with the Cloud by Isaac http://www.stratumsecurity.com/blog/2010/12/03/shearing-firesheep-with-the-cloud/comment-page-3/#comment-1478 Isaac Thu, 19 Jan 2012 16:20:20 +0000 http://www.stratumsecurity.com/blog/?p=276#comment-1478 Error on starting Tunnelblick: "The configuration file for 'ec2' does not appear to contain a 'dev tun' or 'dev tap' option. This option may be needed for proper Tunnelblick operation. Consult with your network administrator or the OpenVPN documentation." Am I missing a step in the client template edit besides IP, name.crt.name.key? Error on starting Tunnelblick:

“The configuration file for ‘ec2′ does not appear to contain a ‘dev tun’ or ‘dev tap’ option. This option may be needed for proper Tunnelblick operation. Consult with your network administrator or the OpenVPN documentation.”

Am I missing a step in the client template edit besides IP, name.crt.name.key?

]]> Comment on Shearing FireSheep with the Cloud by Patrick http://www.stratumsecurity.com/blog/2010/12/03/shearing-firesheep-with-the-cloud/comment-page-3/#comment-1448 Patrick Sun, 18 Dec 2011 22:17:14 +0000 http://www.stratumsecurity.com/blog/?p=276#comment-1448 Ignore my previous message. I found the documentation I needed for an instance reboot. Thanks. :) Now, if AWS ever schedules a *system* reboot, I'm still unclear about what steps will be necessary to preserve this functionality ... Ignore my previous message. I found the documentation I needed for an instance reboot. Thanks. :)

Now, if AWS ever schedules a *system* reboot, I’m still unclear about what steps will be necessary to preserve this functionality …

]]> Comment on Shearing FireSheep with the Cloud by Patrick http://www.stratumsecurity.com/blog/2010/12/03/shearing-firesheep-with-the-cloud/comment-page-3/#comment-1447 Patrick Sun, 18 Dec 2011 22:16:03 +0000 http://www.stratumsecurity.com/blog/?p=276#comment-1447 Hi, Ignore my previous message. I found the documentation I needed for an instance reboot. Thanks. :) Now, if AWS ever schedules a *system* reboot, I'm still unclear about what steps will be necessary to preserve this functionality ... Hi,

Ignore my previous message. I found the documentation I needed for an instance reboot. Thanks. :)

Now, if AWS ever schedules a *system* reboot, I’m still unclear about what steps will be necessary to preserve this functionality …

]]> Comment on Shearing FireSheep with the Cloud by Patrick http://www.stratumsecurity.com/blog/2010/12/03/shearing-firesheep-with-the-cloud/comment-page-3/#comment-1445 Patrick Sun, 18 Dec 2011 08:25:28 +0000 http://www.stratumsecurity.com/blog/?p=276#comment-1445 I have been happily using my EC2 instance, built from you excellent instructions, for over a year. All that time, I've never understood what steps I need to take to make the instance survive a reboot. Now I've recv'd the following warning from Amazon: "One or more of your Amazon EC2 instances have been scheduled for a reboot in order to receive some patch updates." What do I need to do in order to survive reboot and get back up again? Thanks for any help you can provide. I have been happily using my EC2 instance, built from you excellent instructions, for over a year. All that time, I’ve never understood what steps I need to take to make the instance survive a reboot. Now I’ve recv’d the following warning from Amazon:

“One or more of your Amazon EC2 instances have been scheduled for a reboot in order to receive some patch updates.”

What do I need to do in order to survive reboot and get back up again?

Thanks for any help you can provide.

]]> Comment on Shearing FireSheep with the Cloud by Is there anybody developed your own vpn server based on amazon EC2 in China? Is it stable and how about the speed? - Quora http://www.stratumsecurity.com/blog/2010/12/03/shearing-firesheep-with-the-cloud/comment-page-3/#comment-1438 Is there anybody developed your own vpn server based on amazon EC2 in China? Is it stable and how about the speed? - Quora Sun, 11 Dec 2011 04:36:34 +0000 http://www.stratumsecurity.com/blog/?p=276#comment-1438 [...] personally, but lots of people have, check out this link using the free tier on Amazon EC2:http://www.stratumsecurity.com/b...This answer .Please specify the necessary improvements. Edit Link Text Show answer summary [...] [...] personally, but lots of people have, check out this link using the free tier on Amazon EC2:http://www.stratumsecurity.com/b…This answer .Please specify the necessary improvements. Edit Link Text Show answer summary [...]

]]>