ESNI: A Privacy-Protecting Upgrade to HTTPS
https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https
https://blog.cloudflare.com/esni
#esni #https
https://www.eff.org/deeplinks/2018/09/esni-privacy-protecting-upgrade-https
https://blog.cloudflare.com/esni
#esni #https
Electronic Frontier Foundation
ESNI: A Privacy-Protecting Upgrade to HTTPS
Today, the content-delivery network Cloudflare is announcing an experimental deployment of a new web privacy technology called ESNI. Weβre excited to see this development, and we look forward to a
Forwarded from Libreware
Nebulo-1.0Beta-Build 21-PRERELEASE (DNS Over HTTPS) Server App
(Pre-release: Support for DoT)
This app establishes a local dummy VPN -- it doesn't connect to a VPN server and only handles your DNS packets
Changelog:
- Renamed the app to Nebulo.
- Performance improvements (smaller memory footprint, faster query time [a few ms])
-> This might improve battery life a bit, I haven't tested this yet
- Decreased APK size by about 300 kB
- Added custom cache time for NXDOMAIN responses. This is very useful for servers which block domains (e.g. ads) as the responses aren't going to change over a longer period of time and thus can be cached much longer. Default of 1800 seconds (30 minutes)
- Fixed some crashes (though not all, help me find them :))
As you can see in the screenshots (TG suport group) now DoT and DoH servers can be added. DoT is faster than DoH and thus should be preferred. I tested it locally, but as of now this feature is marked as non-stable.
TG support group and app download:
https://t.me/joinchat/I54nRleveRG3xwAa3StNCg
π‘ @Libreware
#Frostnerd #Update #Nebulo #prerelease #DNS #HTTPS
(Pre-release: Support for DoT)
This app establishes a local dummy VPN -- it doesn't connect to a VPN server and only handles your DNS packets
Changelog:
- Renamed the app to Nebulo.
- Performance improvements (smaller memory footprint, faster query time [a few ms])
-> This might improve battery life a bit, I haven't tested this yet
- Decreased APK size by about 300 kB
- Added custom cache time for NXDOMAIN responses. This is very useful for servers which block domains (e.g. ads) as the responses aren't going to change over a longer period of time and thus can be cached much longer. Default of 1800 seconds (30 minutes)
- Fixed some crashes (though not all, help me find them :))
As you can see in the screenshots (TG suport group) now DoT and DoH servers can be added. DoT is faster than DoH and thus should be preferred. I tested it locally, but as of now this feature is marked as non-stable.
TG support group and app download:
https://t.me/joinchat/I54nRleveRG3xwAa3StNCg
π‘ @Libreware
#Frostnerd #Update #Nebulo #prerelease #DNS #HTTPS
Forwarded from Libreware
Nebulo-1.0Beta-Build21-PRERELEASE.apk
3.4 MB
Nebulo-1.0Beta-Build 21-PRERELEASE (DNS Over HTTPS) Server App
(Pre-release: Support for DoT)
TG support group and app download:
https://t.me/joinchat/I54nRleveRG3xwAa3StNCg
π‘ @Libreware
#Frostnerd #Update #Nebulo #prerelease #DNS #HTTPS
(Pre-release: Support for DoT)
TG support group and app download:
https://t.me/joinchat/I54nRleveRG3xwAa3StNCg
π‘ @Libreware
#Frostnerd #Update #Nebulo #prerelease #DNS #HTTPS
Forwarded from Libreware
Nebulo-1.0Beta-Build21.apk
3.4 MB
Nebulo-1.0 Beta-Build 21 (DNS Over HTTPS) Server App
Changelog:
- Added Dns-over-TLS
- All input masks and features (Tasker, Server shortcuts, Server list, server files) now support both DoT and DoH and are fully backwards compatible
- Logging is now enabled for beta builds by default (Again, no data is sent to me automatically.)
TG support group and app download:
https://t.me/joinchat/I54nRleveRG3xwAa3StNCg
π‘ @Libreware
#Frostnerd #Update #Nebulo #DNS #HTTPS
Changelog:
- Added Dns-over-TLS
- All input masks and features (Tasker, Server shortcuts, Server list, server files) now support both DoT and DoH and are fully backwards compatible
- Logging is now enabled for beta builds by default (Again, no data is sent to me automatically.)
TG support group and app download:
https://t.me/joinchat/I54nRleveRG3xwAa3StNCg
π‘ @Libreware
#Frostnerd #Update #Nebulo #DNS #HTTPS
Nebulo-1.0Beta-Build35-FDROID.apk
4.4 MB
Version 1.0-Beta (Build 34 [Build33 GPlay])
RELEASED ONLY FOR ALPHA TESTERS ON GPLAY, NO FDROID RELEASE
Changelog:
- Added Turkish, Indonesian, Russian and Dutch translations - The notification shown when the app crashes when automatic crash reporting is disabled now has a button to send the log files - Replaced some of the icons
- Fixed a few crashes
- Added a view to test dns server speeds
- You can now specify custom IP addresses for hosts. Hosts can be imported from URLs and added by hand.
- A few design tweaks
- Fixed a bug with the database when the app was installed before
>>>>> Side note: This build is stable but might contain bugs as a lot of new stuff has been added, thus it's a smaller rollout. If it is not working try an older release.
Download and suport:
https://t.me/joinchat/I54nRleveRGP8IPmcIdySg
π‘ @NoGoolag
#Frostnerd #Update #Nebulo #DNS #HTTPS
RELEASED ONLY FOR ALPHA TESTERS ON GPLAY, NO FDROID RELEASE
Changelog:
- Added Turkish, Indonesian, Russian and Dutch translations - The notification shown when the app crashes when automatic crash reporting is disabled now has a button to send the log files - Replaced some of the icons
- Fixed a few crashes
- Added a view to test dns server speeds
- You can now specify custom IP addresses for hosts. Hosts can be imported from URLs and added by hand.
- A few design tweaks
- Fixed a bug with the database when the app was installed before
>>>>> Side note: This build is stable but might contain bugs as a lot of new stuff has been added, thus it's a smaller rollout. If it is not working try an older release.
Download and suport:
https://t.me/joinchat/I54nRleveRGP8IPmcIdySg
π‘ @NoGoolag
#Frostnerd #Update #Nebulo #DNS #HTTPS
How to enable DNS-over-HTTPS (DoH) in Firefox
The below step-by-step guide will show Firefox users how to enable the feature and not wait until Mozilla enables it
π‘ Step 1:
Type about:config in the URL bar and press Enter to access Firefox's hidden configuration panel. Here users will need to enable and modify three settings.
π‘ Step 2:
The first setting is network.trr.mode. This turns on DoH support. This setting supports four values:
β A value of 2 works best, however keep in mind that this is suspectible to downgrade attacks.
π‘ Step 3:
The second setting that needs to be modified is network.trr.uri. This is the URL of the DoH-compatible DNS server where Firefox will send DoH DNS queries. By default, Firefox uses Cloudflare's DoH service located at
π‘ Step 4:
The third setting is optional and you can skip this one. But if things don't work, you can use this one as a backup for Step 3. The option is called network.trr.bootstrapAddress and is an input field where users can enter the numerical IP address of a plaintext DNS resolver.
For example,
Normally, the URL entered in Step 3 should be enough, though.
Settings should apply right away, but in case they don't work, give Firefox a restart.
ππΌ Source: Mozilla Wiki
https://wiki.mozilla.org/Trusted_Recursive_Resolver
https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/
Edited by NoGoolag admins
π‘ @NoGoolag
#firefox #mozilla #dns #https #doh #settings #guide
The below step-by-step guide will show Firefox users how to enable the feature and not wait until Mozilla enables it
π‘ Step 1:
Type about:config in the URL bar and press Enter to access Firefox's hidden configuration panel. Here users will need to enable and modify three settings.
π‘ Step 2:
The first setting is network.trr.mode. This turns on DoH support. This setting supports four values:
0
- Default value in standard Firefox installations (currently is 5, which means DoH is disabled)1
- DoH is enabled, but Firefox picks if it uses DoH or regular DNS based on which returns faster query responses2
- DoH is enabled, and regular DNS works as a backup3
- DoH is enabled, and regular DNS is disabled5
- DoH is disabledβ A value of 2 works best, however keep in mind that this is suspectible to downgrade attacks.
π‘ Step 3:
The second setting that needs to be modified is network.trr.uri. This is the URL of the DoH-compatible DNS server where Firefox will send DoH DNS queries. By default, Firefox uses Cloudflare's DoH service located at
https://mozilla.cloudflare-dns.com/dns-query
. However, users can use their own DoH server URL. They can select one from the many available servers, from this list, here. The reason why Mozilla uses Cloudflare in Firefox is because the companies reached an agreement following which Cloudflare would collect very little data on DoH queries coming from Firefox users.π‘ Step 4:
The third setting is optional and you can skip this one. But if things don't work, you can use this one as a backup for Step 3. The option is called network.trr.bootstrapAddress and is an input field where users can enter the numerical IP address of a plaintext DNS resolver.
For example,
91.239.100.100
(uncensoreddns.org "anycast").Normally, the URL entered in Step 3 should be enough, though.
Settings should apply right away, but in case they don't work, give Firefox a restart.
ππΌ Source: Mozilla Wiki
https://wiki.mozilla.org/Trusted_Recursive_Resolver
https://www.zdnet.com/article/how-to-enable-dns-over-https-doh-in-firefox/
Edited by NoGoolag admins
π‘ @NoGoolag
#firefox #mozilla #dns #https #doh #settings #guide
Forwarded from BlackBox (Security) Archiv
Kazakhstan's HTTPS Interception
This post describes our analysis of carrier-level HTTPS interception ordered by the government of Kazakhstan.
The Kazakhstan government recently began using a fake root CA to perform a man-in-the-middle (MitM) attack against HTTPS connections to websites including Facebook, Twitter, and Google. We have been tracking the attack, and in this post, we provide preliminary results from our ongoing research and new technical details about the Kazakh interception system.
ππΌ Read more:
https://censoredplanet.org/kazakhstan
#kazakhstan #HTTPS #interception #websites #MitM #tracking #attack #research #analysis #facebook #twitter #google
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
This post describes our analysis of carrier-level HTTPS interception ordered by the government of Kazakhstan.
The Kazakhstan government recently began using a fake root CA to perform a man-in-the-middle (MitM) attack against HTTPS connections to websites including Facebook, Twitter, and Google. We have been tracking the attack, and in this post, we provide preliminary results from our ongoing research and new technical details about the Kazakh interception system.
ππΌ Read more:
https://censoredplanet.org/kazakhstan
#kazakhstan #HTTPS #interception #websites #MitM #tracking #attack #research #analysis #facebook #twitter #google
π‘@cRyPtHoN_INFOSEC_DE
π‘@cRyPtHoN_INFOSEC_EN
π‘@cRyPtHoN_INFOSEC_ES
Letβs Encrypt discovers CAA bug, must revoke customer certificates
Let's Encrypt users will need to manually force-renew once to avoid downtime.
https://arstechnica.com/information-technology/2020/03/lets-encrypt-revoking-https-certs-due-to-certificate-authority-bug
#letsencrypt #https #caa #cacert #certificates
Let's Encrypt users will need to manually force-renew once to avoid downtime.
https://arstechnica.com/information-technology/2020/03/lets-encrypt-revoking-https-certs-due-to-certificate-authority-bug
#letsencrypt #https #caa #cacert #certificates
Ars Technica
Letβs Encrypt discovers CAA bug, must revoke customer certificates
Let's Encrypt users will need to manually force-renew once to avoid downtime.