DigitalReplica The impact of security, privacy and technology on our daily lives

LastPass Identities + Browser profiles = Awesomeness

Using LastPass Identities with browser profiles (either Chrome People or Firefox profiles) can help keep online identities separate, and possibly safer in the event of a web attack.

It’s a security best practice to keep passwords in a password vault, so passwords can be long and (hopefully) uncrackable. Many of mine are in LastPass for its sheer convenience.

But I like to keep online identities separate, using a different browser profile for each part of my life. Each has a different set of passwords that I’d like to keep up with. For example:

  • Personal
  • Professional
  • Financial
  • Gaming
  • Untrusted

Using LastPass Identities, I can. It’s mostly seamless, with a few annoying bits, but awesome anyway. I haven’t found another article describing this, so am throwing it out there to encourage everyone to try something similar.

I’m showing this using Chrome People, cause I tend to use Chrome. But it works with Firefox profiles, or even using different browsers for different identities.

Privacy from corporate data gathering

Corporate data gathering of consumers private information has exploded over the last few years. The new normal seems to require registration to use any website, device or app. The company almost always wants your name and email, and some require address, phone number and credit card as well. After you provide that information your usage is tracked and data mined for corporate profits. Online privacy is becoming scarce (if not non-existent).

This article offers a practical guide to opt out of this pervasive data gathering by setting up an alternate online identity. Companies get something to track. You get to use their awesome service and you get to preserve at least some of your privacy.

Purism Librem 13 Laptop Review

As a security and privacy advocate wanting a new laptop, much time and research was needed to settle on what I wanted. I bought a Purism Librem 13 running Qubes OS. While this is definitely not the setup for everyone, it is worth considering if you’re worried about privacy and have any kind of Linux experience.

So this is a review of the Librem 13 running Qubes with a bundle of setup notes and impressions.

OpenLDAP for LDAP Plain Text Password Capture

How to set up a malicious ldap server to capture credentials on a pentest.

I recently tested an application using LDAP to connect to Active Directory to perform queries. The app had valid AD credentials and I wanted to steal them. I couldn’t grab the credentials directly, but I could change some of the app configuration, including the IP address of the LDAP server to connect to. That led to “Let’s set up a malicious LDAP server to capture credentials!”

There is no metasploit capture ldap module :-( and I didn’t have the time to write one. OpenLDAP does support unencrypted, plaintext authentication, but the instructions for setting that up are non-existent. So I documented as I went to make this post.

All testing was done using Kali Linux, so it’s easy to add to a pentest setup.

Using the Pocket Internet Privacy Shield

In my previous post, I described how to install a Pocket Internet Privacy Shield. It uses a cheap TP-Link pocket router, OpenWRT and a privacy VPN to protect your privacy on untrusted networks like hotels and coffee shops.

I had no idea the post would be as long as it was. I didn’t want people to have to scroll to the bottom just to read how to use the thing. So here’s the post on how to use the thing.

tplink running openwrt tplink running openwrt