Techie

In my continuation of howto secure your phone habits while on the go, we have come to anonymizing your traffic. There are a few reasons to do this: On a public internet network and have no access to a VPN In a country that censors the internet (Hi China!) You like to keep your identity somewhat off the grid for whatever reason TOR was developed to allow for all of the above. Due to the open nature of Android and the user-base, it was quickly ported back in 2009. The Guardian Project leads the effort and has since provided 4 main components. Today I will be focusing on the Orbot (TOR+Proxy) and the Firefox extension to allow proxy usage. In addition you can use their Jabber client for anonymous and encrypted chatting. So lets get to setting things up! A few things you need to grab from market: ...

Since everyone is talking about the fit and finish (which is great other than the battery) I thought I’d talk about the security of the device. Google has already spoken about the separation of user/system with the web browser functions so I will skip that portion. The majority of my work was looking at how the OS responded to simple pentesting scans. I used version 5.21 of Nmap running on MacOS 10.6 Server. The ChromeOS box was patched as of 12/11/10. ...

[](http://en.wikipedia.org/wiki/Wasabi)WASABI is ugly and spicy I am going to talk about something that most people are very reluctant to discuss, cross-domain solutions. It is the black magic of having a single display or ethernet jack hooked into multiple classified networks. There is press material from Boeing/eXMeritus that states: “Who would want to hook a Top Secret Network to the Internet? We aren’t allowed to say.” Education is the key to understanding what is cross-domain and why is it important. The community is small and the education material non-existent. I hope to share what I can for all those who will hear certain terms in meetings and rush back to Google. It is important that you don’t overplay your hand in what amounts to very important work and technology. ...

All the traffic coming off your phone, if unencrypted, is clear for the telco to see. With the advent of sniffing using RF or IP based solutions it is becoming increasingly easy to intercept email traffic. Toss in the mobile, on-the-go world and we are stuck with soft targets. For corporate folks there are certificates, but that isn’t a solution generally trusted for home users. Root CA are easy to compromise with the “everything goes” Microsoft and Linux root updates. Enter PGP/GPG which allows you to take out the middle man (although you can still use a key server if you choose) and validate the keys yourself. The “what if” can still be an issue, but overall for personal communications I find it the most secure method. With Android being a more open platform there exists solutions for sending secure emails on-the-go. First lets get some software installed on your phone. All of these are found in the Google Android Market or from the links provided: ...

Reading through Sonny’s post shot me back into a time of awesomeness. Be sure to read his post on what we can learn from our past. People always ask me why I collect old computers and he does a great job of outlining why. Just because the technology isn’t modern doesn’t mean the underlying principles are not applicable to todays world. Be sure to stroll on over to Sonny’s blog to read more: ...