Radio amateurs around the world have been lucky to secure a large enough IPv4 allocation from the early days of the Internet, 18.104.22.168/8. Since then, it has seen various types of use, on and off the public Internet. In this post I explore the current usage by running some measurements on the hosts that currently live within it, from various vantage points. Somehow, I end up having to map all of IPv4 and IPv6.
In the height of the 2021 cryptocurrency rush, I performed an experiment where I intentionally leaked a number of Bitcoin private keys to thousands of people, and then simply watched to see what happens.
After mapping the Greek Internet, during my visit to 36C3, in Leipzig, I decided to map the event IP Space and create a nice animated GIF of the utilization, at least of devices responding to pings.
Inspired by a discussion I had in a RIPE Meeting, and a blog post I read last year, I set out to create a map of the Greek Internet, using IP, Hilbert Curves, and a lot of images.
An attack was published against Tor users that deanonymized them based on DNS. Here we see how Exit Operators can protect the users from these attacks.
A blog post on how a small group of people organized an educational event with a Capture the Flag contest in AUTh. The story and what I learned.
In this blog post I describe how an attacker got my personal information just by using eBay. It is based on a real story and should not be used as a guide.
Certificate Transparency is a project started by Google in order to allow anyone to verify the practices of all Certificate Authorities. In this post, we take a look.
A blog post about Tor Hidden Services and the announcement of the Official DaKnObNET Hidden Services, which allow visitors to access my websites over the Tor Network, in the form of Hidden Services.
I examine the security of the popular movie and TV series piracy application "Popcorn Time", and find multiple critical vulnerabilities that range from application code execution, all the way to remote code execution, for a full computer compromization, by executing arbitrary shell commands.
In this blog post I talk about password managers, and how security questions can actually reduce your security. All this, over a nice, real life story I had with a customer service representative, who didn't like my first school's name, DzLCMpeyuAhAT>RgTuvJPna2s3K)8dUM^V$(QUNu#omuByCvJ8.
In this blog post I go over the vast gap between math and implementation (software code) in terms of security, by examining the case of online voting. In addition, as an example, I am disclosing some security vulnerabilities found in an online voting software.
In this blog post I attempt to examine what is the current best TLS configuration for your web (or not) server, and why answering this question is really not that simple.
This blog post contains a bug I found in Google Chrome and the Chromium browser in which the software failed to update the GUI of which certificate is used, therefore showing the previous certificate to the user, even in cases where the certificate has actually changed in the server.
During a store visit, I discovered a secure lock that used an RFID access card to limit access. But there was a way to easily bypass it.