Warren Guy
29 January 2015

Detecting man-in-the-middle attacks: verifying fingerprints verbally

Have you ever wanted or needed to verify a GPG, OTP, SSL certificate or other fingerprint read aloud over the phone or even just sitting next to someone? This is important for detecting and preventing man-in-the-middle attacks, but reading/transcribing hexadecimal values can be tedious and error prone. Back in 1995, linguist Patrick Juola and PGP's Phil Zimmerman standardised a list of words corresponding with hexadecimal byte pairs for exactly this purpose. Each byte pair is represented by one of two words, depending on its position, to protect against inadvertently duplicated, missed, transposed words. As an example, my GPG fingerprint D1D4 64C0 04F0 0FB5 C9A4 C8D8 E433 E7FB 7FF5 6256 could be read aloud as "stairway souvenir flytrap recipe adrift upcoming artist positive spearhead Pandora spaniel stupendous tonic concurrent transit Wichita lockup visitor flagpole escapade".

I've written a pair of simple libraries, for JavaScript and for Ruby, for easily implementing the PGP word list, as well as a simple web based converter using the JavaScript library which is at https://warrenguy.me/projects/pgp-word-list-converter. Check out the libraries on Github:

Read full post | Comments

Warren Guy
23 December 2014

Reverse proxying Tor hidden services

This is a simple method of exposing a Tor hidden service via a regular TCP port.

You might find this useful as a convenient way of exposing a service behind a NAT firewall to the internet, or to provide a public internet presence for a service that you wish to conceal the real location of.

Read full post | Comments

Warren Guy
3 November 2014

Detecting Tor users in nginx on Linux

This is a slightly hacky method of detecting Tor users in nginx. I'm using it on this website to advise Tor users of the existence of a hidden service that can alternatively be used to access this website. You can visit this website via Tor to see it in action.

We'll be using iptables and ipset to match the IP of incoming connections to our nginx server against Tor exits that allow access to our site, and redirecting those connections to a different ip:port. In your nginx config, you can then add custom rules, headers, or use an alternative server block, or whatever you like. This method could be applied to services other than nginx.

Read full post | Comments

Warren Guy
14 October 2014

Regenerating an RSA private key with Python

This is an exercise in regenerating an RSA private key while possessing only the public key. You might also find this useful if you happen to know all of the parameters of a private key (modulus, public exponent, and either the private exponent or prime factors), and want to reconstruct a key from them (skip to the end). This covers only the practical steps required without detailed explanation.

The example used here is a 256-bit RSA key, which can be factored on my laptop in less than three minutes. You won't (I hope) find any 256-bit RSA keys in the real world, however you could likely factor a 512-bit key (which sadly do exist in the wild) with modern hardware in a matter of days.

Read full post | Comments

Warren Guy
20 August 2014

Global DNS Tester Update

In the few days since launching my Global DNS Tester, I've made a few significant improvements. It's no longer limited to looking up A records alone; you can now compare A, AAAA, PTR, CNAME, NS, MX, and SOA records returned for any given host/IP from up to 100 public nameservers simultaneously.

I've also made a bunch of iterative improvements to the interface, and some minor performance improvements.

Read full post | Comments

Warren Guy
15 August 2014

New DNS troubleshooting utility: Global DNS Tester

Helping a friend diagnose a DNS problem earlier, I stumbled across a huge list of public nameservers (more than 3,000 at present) at public-dns.tk. Inspired, I hacked together a simple script to query a random set of them and display the results.

So, I've just published a simple web based utility (URL at end of this post) for checking the A record of a hostname from a random set of global public nameservers. It allows you to query up to 100 servers at a time, either from all available global nameservers, or filtered by country. You might find it useful for diagnosing DNS propagation delays, nameserver connectivity issues, geotargeted DNS, and more. The nameserver list is updated about once an hour. I may release the source code at a later time, if I get around to cleaning it up a bit.

Read full post | Comments

Warren Guy
6 August 2014

Blocking referrer spam

I've been seeing a lot of "referrer spam" cluttering Google Analytics etc lately, particularly from SEO scam operator semalt.com. Not only is it annoying, it affects the accuracy and usefulness your web analytics/reporting (whether Google Analytics or other), especially for relatively low volume websites.

The most effective way to block it is at the source: your web server. Below are instructions for blocking referrer spam using nginx and Apache. If blocking at the server level is not an option for you, you can also filter referrer spam using Google Analytics itself, which is detailed at the end of the post.

Read full post | Comments

Warren Guy
16 July 2014

Hello, world.

Hi! I have a new website, and it has a blog. That is all.

Read full post