If you need to block TikTok on your network, you will also need to block:

dns[.]google[.]com
doh[.]dns[.]apple[.]com
dig[.]bdurl[.]net

They are using DNS over HTTPS (DoH)- to bypass content filters.

If there wasn't enough reasons to hate TikTok before...

Dear Google Cloud: Your Deprecation Policy is Killing You

medium.com/@steve.yegge/dear-g

"Google, wake the %$@Y up. It’s 2020. You are still losing. It’s time to take a hard look in the mirror and answer for yourselves whether you really want to be in the Cloud business."

Agree! Hard to use any Google service knowing it may be killed in a year or two.

Some interesting new privacy features on iOS 14:

arstechnica.com/tech-policy/20

If you are stuck with an iPhone/iPad, use and enable them if you can.

Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution

blog.verisign.com/security/max

"In January 2018, 32% of queries received contained only one label, while 30% of queries received at the .COM and .NET name servers consisted of only two labels.

As of August 2020, those measures have increased to an impressive 53% and 49%, respectively – in just a few short years over half of all queries received at .COM are utilizing this easy and effective security and privacy enhancement!"

@mastsec
The web was great. Then power snowballed and centralized.

This is why I like federation.

The bar to host isn't super high, so network operators can be shepherds to small flocks of users. It's personal, and the low barrier to entry means anyone can pick a new operator (or become their own)

@mastsec I'm agree. The internet should be for the users.

Sadly, the reality is the internet progress has been championed & financied by the nowadays giants; they are not giving up power prioritizing users.

Moobot vs. Gatebot: Cloudflare Automatically Blocks Botnet DDoS Attack Topping At 654 Gbps

blog.cloudflare.com/moobot-vs-

Interesting insights into Cloudflare's DDoS mitigation process:

-Gatebot
-DosD
-flowtrackd

CleanBrowsing DNS service review

techradar.com/reviews/cleanbro

"CleanBrowsing seems to check all the right boxes. It offers a well-performing DNS with lots of useful options to help you filter the Internet. Not only can you create fine-tuned custom filters, the Policies feature helps you tailor them to specific devices for more effective rollouts.

The fact that all this functionality is available in an affordable package makes CleanBrowsing our favorite premium DNS service. "

Nice!

Endpoint Containment with OSSEC

isc.sans.edu/forums/diary/Susp

You can use the open source OSSEC to contain (take offline) compromised Windows devices in your network using "netsh advfirewall".

Two Russians Charged in $17M Cryptocurrency Phishing Spree.

U.S. authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges.
krebsonsecurity.com/?p=52989

Schools and open source:

"Why, after all, proprietary software developers offer gratis copies of their nonfree programs to schools? Because they want to use the schools to implant dependence on their products, like tobacco companies distributing cigarettes to school children. They will not give gratis copies to these students once they've graduated... Once you're dependent, you're expected to pay, and future upgrades may be expensive."

gnu.org/education/edu-schools.

How HTTPS works.

howhttps.works/

Nice and fun comic teaching how HTTPS works.

Show more
Noc.Social

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Managed by the noc.org team.