Bye bye ProtonMail

8 Jun 2022 21:10 | email | security

I recently blogged about my ProtonMail issues, the weird glitches with their
bridge IMAP interface and their apparent lack of care that it might be silently
deleting customer data -

I have now finally gotten around to kicking ProtonMail out of my life and I
could not be happier. Gone are the days of having to run some janky Go software
[read more...]

PSA: Your ProtonMail backups might not be safe

5 Jun 2022 12:16 | email

I was a fan of the ProtonMail email service until I was casually linked to this
issue while discussing something else:

TL;DR message UIDs returned by proton-bridge are unstable and subject to change
[read more...]

Lulu firewall hardening

26 Feb 2022 21:21 | macOS | security

I'm a big fan of Patrick Wardle's free mac utilities but I noticed something odd
about LuLu recently. It seems that it only filters egress traffic when
is running. Since it normally runs as the local user rather than root, this
makes it somewhat trivial for malware to defeat as it can simply kill the
process and then connect to whatever it wants.

[read more...]

TouchID over SSH part 2: Secretive agent

19 Feb 2022 13:46 | macOS | security | touchID

For some time I've been using a hand-rolled solution for touchID over ssh which
I previously blogged about. Up until recently it's been a somewhat
loosely-compiled scattering of config that wasn't really in a releasable form
but with a pending security talk on the horizon I thought it would be worth
tidying it up and making it releasable so I could mention it in my talk.

[read more...]

Restricting macOS egress with LuLu and Squid proxy

10 Feb 2022 20:55 | apple | macOS | security

Egress filtering is an immensely powerful security control but it's not so
straightforward to do it well. If any malware manages to execute on your system
one of the first things it's likely going to try to do is call home and
establish a C2 channel. With effective egress filtering you can break this link
in the attack chain and stop it dead in its tracks.

[read more...]

Getting back into blogging

10 Feb 2022 05:48 | security

It's been a while since I've blogged so I thought I'd get back into it with some
security stuff. My dayjob has had a very heavy security focus for the last 3
years and it's infected my personal life too such that I'm now even more
obsessed with security than I was before.

I recently wrote a first draft of a Linux server hardening guide:
[read more...]