08 Apr 2018
Using LastPass Identities with browser profiles (either Chrome People or Firefox profiles) can help keep online identities separate, and possibly safer in the event of a web attack.
It’s a security best practice to keep passwords in a password vault, so passwords can be long and (hopefully) uncrackable. Many of mine are in LastPass for its sheer convenience.
But I like to keep online identities separate, using a different browser profile for each part of my life. Each has a different set of passwords that I’d like to keep up with. For example:
Using LastPass Identities, I can. It’s mostly seamless, with a few annoying bits, but awesome anyway. I haven’t found another article describing this, so am throwing it out there to encourage everyone to try something similar.
I’m showing this using Chrome People, cause I tend to use Chrome. But it works with Firefox profiles, or even using different browsers for different identities.
05 Dec 2016
Corporate data gathering of consumers private information has exploded over the last few years. The new normal seems to require registration to use any website, device or app. The company almost always wants your name and email, and some require address, phone number and credit card as well. After you provide that information your usage is tracked and data mined for corporate profits. Online privacy is becoming scarce (if not non-existent).
This article offers a practical guide to opt out of this pervasive data gathering by setting up an alternate online identity. Companies get something to track. You get to use their awesome service and you get to preserve at least some of your privacy.
15 Jun 2016
As a security and privacy advocate wanting a new laptop, much time and research was needed to settle on what I wanted. I bought a Purism Librem 13 running Qubes OS. While this is definitely not the setup for everyone, it is worth considering if you’re worried about privacy and have any kind of Linux experience.
So this is a review of the Librem 13 running Qubes with a bundle of setup notes and impressions.
22 Oct 2015
How to set up a malicious ldap server to capture credentials on a pentest.
I recently tested an application using LDAP to connect to Active
Directory to perform queries. The app had valid AD credentials and I
wanted to steal them. I couldn’t grab the credentials directly, but I
could change some of the app configuration, including the IP address of the LDAP server to
connect to. That led to “Let’s set up a malicious LDAP server to capture
There is no metasploit capture ldap module :-( and I
didn’t have the time to write one. OpenLDAP does support unencrypted,
plaintext authentication, but the instructions for setting that up are
non-existent. So I documented as I went to make this post.
All testing was done using Kali Linux, so it’s easy to add to a pentest setup.
19 Oct 2014
In my previous post, I described how to install a Pocket Internet Privacy
It uses a cheap TP-Link pocket router, OpenWRT and a privacy VPN to
protect your privacy on untrusted networks like hotels and coffee shops.
I had no idea the post would be as long as it was. I didn’t want people
to have to scroll to the bottom just to read how to use the thing. So
here’s the post on how to use the thing.
tplink running openwrt