no offense taken!
I'm using any damn Wifi I want at Blackhat and Defcon b/c I'll have an always-on IPSEC VPN. Get one here: https://github.com/trailofbits/algo …
-
-
-
it's not a tool for censorship avoidance. Much harder and different cat and mouse game. Algo endures confidentiality only.
End of conversation
New conversation -
-
-
it's only intuition but yes, I think so. Wasn't OpenVPN affected by shellshock? Oddly, the one time I trust the Linux kernel more.
-
All the non-default client software scares me too, as well as TLS in general, and UDP transport. Would rather avoid.
End of conversation
New conversation -
-
-
having a fallback ssl VPN or DNS VPN is always handy
-
I don't trust those transports or implementations, have resistance to enable. IPSEC or go outside.
- 1 more reply
New conversation -
-
-
IPsec actually much better because packet decryption / encryption is kernel code, session / auth is userland. Unlike ssl vpns
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
https://tools.ietf.org/html/draft-pauly-ipsecme-tcp-encaps-00 … is the document that will obsolete all ssl vpns
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
but you're leaking data on those wifi networks until you've established a VPN connection, right?
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.